| < Free Open Study > |
|
The execution of third party servlets is increasingly common. Consider an Application Service Provider (ASP) that hosts many web applications on virtual hosts supported by a single servlet container instance. It is vital that the actions of one web application doesn't bring down the entire server. The ability to restrict certain actions is vital to the well-being of a server and the web applications running on it.
The Servlet 2.3 specification is very particular as to which type of security support that compliant containers should provide. In this chapter, we'll examine the various components of servlet security, including:
How we can use server-side policy files
How we can configure Tomcat to use Secure Socket Layer (SSL)
How SSL relates to public key encryption, digital signature, and transitive trust
Tomcat 4 Realms, which provide a platform independent way of performing authentication and role mapping
Container-managed security
BASIC, FORM-based, DIGEST, and CLIENT-CERT authentication
Tomcat's single sign-on mechanism that eliminates multiple authentication requests
| < Free Open Study > |
|