1) I'm trying to write a servlet based on design specs that say, "Only allow HTTPS calls to the servlet". This servlet is a login authentication module, so will be collecting passwords. How do I make it exclusive to HTTPS calls?
2) Next question, I'm reading about how a servlet instance persists, and each new call is a new thread to that instance. It says you shouldn't save info in non-local variables, because they could get used by two different threads. So my servlet has a service method and an object class. The service method declares 3 variables and an instance of the object class. Since they're all declared in the service method, they're considered local and I don't need to worry about threads stepping on each other, correct?
3) My servlet is gathering user ID and password as HttpServletRequest parameters, and returning some codes/messages as HttpServlet Responses. I'm doing this all through the service method. Is there anything particularly wrong with overriding the service method instead of "doGet" or "doPost"?
4) One more question. I hope this isn't poor protocol to ask more than one question at a time. The more I learn, the more questions I have! This question is regarding Tomcat. I am using Tomcat (and a simple HTML form) on my local machine to test the servlet. I want to test it with my applications on the network, but don't have a development Web server that I can use yet. Is it possible to direct my development network apps to the servlet on my local (networked) machine with Tomcat running? I am currently testing the servlet using http://localhost:8080/SADI
Thanks for the help!