Apache TomEE and security

Rather than providing its own security implementation, TomEE makes full use of the security features that are part of Tomcat. Any Catalina realm is supported or you can provide your own security module using the login.config file.

For example, to add some simple security to the moviefun application , all we would need to do is:

Add some users to the tomcat-users.xml file
Add the necessary @DefineRoles and @RolesAllowed annotations on MoviesImpl
Add some security config to do HTTP Basic authentication to web.xml Webservice security is also looked after – username/password based security (HTTP basic, or WS-Security) uses the same Tomcat security. Certificate based security is also available.

To put it short,

TomEE uses Tomcat's Security Realm
Extra TomEE layer adds support for JAAS JACC WS Security
Supports any org.apache.catalina.Realm implementation
E.g. add users to $CATALINA_BASE/conf/tomcat-users.xml
Alternatively use login.config to provide your own security module

Apache TomEE and security
share [gp] share [fb] share [tw] share [pin] contribute

See Also:

Apache TomEE and security share [gp] share [fb] share [tw] share [pin] contribute

See Also:

Thank you for contributing to the documentation!

Any help with the documentation is greatly appreciated.

Apache TomEE and security
share [gp] share [fb] share [tw] share [pin] contribute