You need to look at the user-data-constraint section of your web.xml.
Basically it can allow you to control how the server transmits the
authentication information.
http://www.onjava.com/pub/a/onjava/2001/08/06/webform.html?page=2
Search down for
Enforcing SSL
Jim Clayson wrote:
Hi,
Should it be common practice to send login details (username + password)
via SSL? I'll be using form-based authentication and was wondering about
how to beef up the security of transmitting username and password over http.
If so how is this generally achieved ie how would one specify that