Tomcat Securing Tips

Many times (highly recommended) you might want to bind secure port at your tomcat installation, so you only have to include just before the </web-app> closing TAG at your web.xml file under $CATALINA_HOME/conf/ :

        <welcome-file>index.htm</welcome-file>
        <welcome-file>index.jsp</welcome-file>
    </welcome-file-list>
  <security-constraint>
     <web-resource-collection>
        <web-resource-name>Protected Context</web-resource-name>
          <url-pattern>/*</url-pattern>
      </web-resource-collection>
      <!-- auth-constraint goes here if you requre authentication -->
      <user-data-constraint>
         <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
   </security-constraint>

</web-app>
tomcat@achtung:~/logs$