You can select an encryption level for the communication path from the Web application to the Web container. This selection is for Web server integration.

You can select one of three encryption levels: No protection (NONE), Tamper prevention (INTEGRAL), or Hiding (CONFIDENTIAL). SSL is used if you select the INTEGRAL or CONFIDENTIAL level.

This means protected pages can be accessed through SSL only. If the browser sends a request via HTTP to access a protected page, the Web container returns an HTTP response requesting the browser to access the same page via HTTPS. The browser then accesses the same page via HTTPS. You can select a security level not only for the entire Web application but also for certain pages within that application. This prevents non-HTTPS access to the protected pages.

Using the DD file (WEB-INF/web.xml), select a communication path encryption level for the Web applications included in the J2EE application. For details about how to configure the J2EE application, see 7.2.7 Setup in an execution environment.

Note

An attempt to access a protected page when a transfer destination HTTPS port number is not specified for Web server integration will result in a 403 error.

A protected page cannot be accessed regardless of whether a transfer destination HTTPS port number is specified when an in-process HTTP server or simple Web server is used (for compatibility with earlier versions). An attempt to access such a page will result in a 403 error.

Configure the transfer destination HTTP server port number by customizing the J2EE server properties. For details about this customization, see 7.2.7 Setup in an execution environment.