Web Application Layer Security
Application Platform provides the following methods for securing the web application layer:
Using a set of valves to implement security constraints.
Using a security filter, which you can add in the
web.xml file.
You can use one or both of these methods to secure your web applications. When a request is sent to the Tomcat run-time, the security filter is invoked last, while the valve plug-ins are executed in the middle of the request processing.