No, it's not necessary. It means that your web application only available through HTTPS (and not available through HTTP).
If you omit the <transport-guarantee>CONFIDENTIAL</transport-guarantee>
tag (or the whole <security-constraint>
) your application will be available through both HTTP and HTTPS. If your web.xml
contains <transport-guarantee>CONFIDENTIAL</transport-guarantee>
Tomcat automatically redirects the requests to the SSL port if you try to use HTTP.
Please note that the default Tomcat configuration does not enable the SSL connector, you have to enable it manually.
Check the SSL Configuration HOW-TO for the details.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…