|
Tomcat is the official reference implementation for Java servlet and JSP technologies, and has long been heralded as an excellent platform for the development and deployment of powerful web applications. It can either run as a standalone server or integrate with the Apache web server to add more power to its serving capability.With more and more Tomcat servers finding their way into production, there is a need for Tomcat servers to run with a secure policy, and in that respect, security is becoming more of an imperative than a policy definition. A definitive security policy is a benchmark for analyzing the amount of trust that you can place on JSP pages, web applications, and the permissions that you can grant them. It is also your best line of defense against the potential vulnerabilities that can be targeted by Trojan Java packages, JSP tag libraries, and web applications.This book is targeted at Tomcat developers who are either contemplating the use of Tomcat for productionlevel deployment, or have already embraced this promising option. Readers of this book need a working knowledge of Java web applications and must be competent with JSPs and servlets.What you learn from this book?Best practices to secure your Tomcat installation and file systemIndepth coverage of the Java Security Manager in TomcatUsing and configuring Realms, including the latest UserDatabase and JAAS RealmsConfiguring Tomcat with SSL and ApacheSecuring applications running under Tomcat
|
|
|