NonStop Servlets for JavaServer Pages (NSJSP) 6.1 System Administrator's Guide

Security Considerations

NonStop Servlets for JavaServer Pages (NSJSP) 6.1 System Administrator’s Guide—596210-006

8-32

User Data Constraint

the strength of the transport layer protection. By default, the transport-guarantee

element is not defined in the web.xml file.

Table 8-8 lists the types of transport guarantee that can be defined in the web.xml file.

The transport guarantee can ensure that certain resources are always requested over

a secure link. If the transport guarantee is set to either INTEGRAL or CONFIDENTIAL,

the constrained resource must be requested over a secure transport, such as HTTPS.

The iTP Secure WebServer is configured for secure transport through the

httpd.stl.config file located in the <iTP WebServer Home>/conf directory.

The following is a sample definition of the user-data-constraint element from a

web.xml file:

<security-constraint>

<web-resource-collection>

...

</web-resource-collection>

<auth-constraint>

...

</auth-constraint>

<user-data-constraint>

<transport-guarantee>CONFIDENTIAL</transport-guarantee>

</user-data-constraint>

</security-constraint>

Table 8-8. Types of Transport Guarantee

Type Description

INTEGRAL Establishes a requirement for content integrity.

CONFIDENTIAL Establishes a requirement for confidentiality.

NONE Indicates that the container must accept the constrained requests

when received on any connection including an unprotected

connection.

Note. For a complete listing of elements that can be used in the deployment descriptor, see

the Java Servlet Specification Version 2.5.