|About the Book|
Tomcat is the official reference implementation for the Java servlet and JavaServer Pages technologies and has long been heralded as an excellent platform for the development and deployment of powerful Web applications. It can either run as aMoreTomcat is the official reference implementation for the Java servlet and JavaServer Pages technologies and has long been heralded as an excellent platform for the development and deployment of powerful Web applications. It can either run as a stand-alone server or integrate itself with the Apache webserver to add more power to its static content serving capability.With more and more Tomcat servers finding their way into production, there is a definitive need for Tomcat servers to run with a secure policy- and in that respect, security is becoming more of an imperative than just a policy definition. A definitive security policy is a benchmark for analyzing the amount of trust that you can place on JSP pages, web applications, and the permissions that you can grant to install them. It is also your best line of defense against the potential vulnerabilities that can be impacted by Trojan Java packages, JSP tag libraries and webapplications.This book is targeted at Tomcat developers, who are contemplating use of Tomcat for production-level deployment and the ones that have already taken to embracing this promising option. We will assume a working knowledge of Java web applications, competence with JSPs and servlets. Very precisely, the core target reader will be the experienced tomcat developer, who wants to know the potential problem spaces that exist within the tomcat security domain and the options that are available to circumvent these problem spaces.Author Biography: Vivek Chopra has eight years of experience in software design and development, the last two years of which have been in Web Services and various XML technologies. He is the co-author of Professional Apache Tomcat. He is also a committer For UDDI4J, an open source Java API for UDDI. His other areas of experience and interest include compilers, middleware, clustering, GNU/Linux and mobile computing. He is currently consulting in the domain area of Web Services.Before graduating from High School, Ben Galbraith was hired by a major Silicon Valley computer manufacturer to develop Windows-based client-server applications with international deployments and hundreds of users. In 1995, Mr. Galbraith began developing for the web and fell in love with Unix, vi, and Perl. After building countless web applications with Perl, Ben discovered server-side Java in 1999 and his relationship with Perl has since become somewhat estranged.Mr. Galbraith is presently a consultant in Provo, Utah. He regularly lectures, evangelizes and gives classes on Java technology. Ben has no college degree but if he had the time he would study both ancient and modern history.