WEB-INF/web.xml file, configure the security settings, including which URIs to secure, which authentication method to use (BASIC, DIGEST, FORM, or CLIENT-CERT), and whether to always use HTTPS.