Validating username and password from database using servlet
The "tighter" the security of each layer, the more robust and safe your application will be.
At the bottom level you'll need to deal with issues such as transport security and system identification, in order to mitigate man-in-the-middle attacks.
Next you'll generally utilise firewalls, perhaps with VPNs or IP security to ensure only authorised systems can attempt to connect.
In corporate environments you may deploy a DMZ to separate public-facing servers from backend database and application servers.
Hopefully somewhere along the way you'll be trying to prevent denial of service and brute force attacks against the system.
An intrusion detection system will also be especially useful for monitoring and responding to attacks, with such systems able to take protective action such as blocking offending TCP/IP addresses in real-time.