Is security-constraint configuration for Tomcat mandatory?

Question

In order to do an SSL Configuration testing under Tomcat, is this all mandatory?

This below line is taken from a website:

In order to do this

Answer 1

No, it's not necessary. It means that your web application only available through HTTPS (and not available through HTTP).

If you omit the CONFIDENTIAL tag (or the whole ) your application will be available through both HTTP and HTTPS. If your web.xml contains CONFIDENTIAL Tomcat automatically redirects the requests to the SSL port if you try to use HTTP.

Please note that the default Tomcat configuration does not enable the SSL connector, you have to enable it manually. Check the SSL Configuration HOW-TO for the details.