Apache Tomcat comes with good security-enabled options, but every environment has its own requirement for security, based on the usage of the application. For example, banking sites require a high level of security, on the other hand, user-based applications require little security.
In Tomcat 7, the default permission is configured in
TOMCAT_HOME/Conf directory. The security is a collective effort of four files which make the system. Let's discuss about each file and their functionality.
This file contains information related to the access of the package, package definition, common loader, shared loader, and a list of JAR files, which are not necessary to be scanned at the startup of Tomcat. It helps in improving the performance, as adding too many JAR files to the skip list improves memory consumption. If you want to add any common JAR, you have to define it under
In a production environment, some of the library JARs are...