Tomcat is the official reference implementation for Java servlet and JSP technologies, and has long been heralded as an excellent platform for the development and deployment of powerful web applications. It can either run as a stand-alone server or integrate with the Apache web server to add more power to its serving capability.

With more and more Tomcat servers finding their way into production, there is a need for Tomcat servers to run with a secure policy, and in that respect, security is becoming more of an imperative than a policy definition. A definitive security policy is a benchmark for analyzing the amount of trust that you can place on JSP pages, web applications, and the permissions that you can grant them. It is also your best line of defense against the potential vulnerabilities that can be targeted by Trojan Java packages, JSP tag libraries, and web applications.

This book is targeted at Tomcat developers who are either contemplating the use of Tomcat for production-level deployment, or have already embraced this promising option. Readers of this book need a working knowledge of Java web applications and must be competent with JSPs and servlets.

Contents

• Understanding Tomcat Security
• Tightening the File System Screws
• Java Security Manager
• Security Realms
• Secure Sockets and Tomcat
• Application Security

• Appendix
• Index