Re: Using JSSE security in JSP appliction
Tuesday, April 20, 2004 08:46 AM
This is something you should do using the J2EE servlet APIs, instead of using JSSE directly. In your web.xml deployment descriptor, you can protect a set of URLs using the security-constraint element with a transport-guarantee setting of "CONFIDENTIAL". This will cause the container, whether JWS 2.0 or another, to force only SSL connections to those URLs.
Search the internet for documentation of web.xml and the security-constraint element for more information. Also consider using Tomcat instead of JWS if you can, as JWS is relatively old.