Hello world! My problem :
I want some of my servlets to be accessible only when HTTPS is used: https:/<path to servlet> succeeds http:/<path to servlet> gives an error The first step seems to work, but when i have logged in into the secure area, load a page using https, delete the "s" and reload, the page is also loaded. How do i block the unsecured reload? I tried some of the hints for JSPs, but they seem not to work with servlets. My web.xml: <web-app> <servlet> <servlet-name>myServlet</servlet-name> <servlet-class>myServlet</servlet-class> </servlet> ... more servlets... <servlet-mapping> <servlet-name>myServlet</servlet-name> <url-pattern>path to myServlet</url-pattern> </servlet-mapping> ... more servlets... </web-app> What security-constraints do i need, and where do i have to put them? Thank you