authentication
Knowledge Base : Securing Apache Tomcat for Enterprise Use
posted by SpringSource on April 8, 2010 12:06 PM
For development and operations teams, a presentation that covers various security configuration options available in Apache Tomcat and SpringSource tc Server.
A default Apache Tomcat installation is secure but each installation environment is different and may have additional security requirements. This presentation will examine the security configuration options available in Apache Tomcat and SpringSource tc Server, when to use them (and when not to use them) and the threats they might help mitigate. The rationale behind having resource passwords (e.g. for database access) in clear text in server.xml will also be discussed.
Knowledge Base : Apache Tomcat blocking IO connector
posted by SpringSource on October 27, 2009 03:06 PM
How the client certificate authentication works in Tomcat
The CLIENT-CERTauthorization in Tomcat works in the following way:
1) If tomcatAuthentication="false" is set in server.xml, Tomcat simply takes the username from the AJP request and assumes all authentication has already been done.
2) If tomcatAuthentication="true" is set, the CLIENT-CERT will result in the org.apache.catalina.authenticator.SSLAuthenticator valve being inserted automatically into the application Context.
Happening Now on TomcatExpert
jon commented WebSockets in Tomcat 7
Active Members
Tags in Tags
apache
Apache Tomcat
Apache Tomcat 7
connection pool
connector
deployment
enterprise
ERS
java
jsp
migration
mod_jk
server
ssl
tc Server
Tomcat
Tomcat 5.5
Tomcat 6
Tomcat 7
Tomcat Admin
Tomcat Configuration
Tomcat JMX
Tomcat JVM
Tomcat Logging
Tomcat Manager
Tomcat Memory
Tomcat Performance
Tomcat Security
Tomcat SSL
Tomcat Support
Popular Links