tomee-and-security.html - tomee-site-pub - Git at Google

 <!DOCTYPE html>
 <html lang="en">
   <head>

     <meta charset="UTF-8">
       <title>Apache TomEE and security</title>
     <meta name="description" content="Apache TomEE">
     <meta name="author" content="Apache TomEE">
     <meta name="google-translate-customization" content="f36a520c08f4c9-0a04e86a9c075ce9-g265f3196f697cf8f-10">
     <meta http-equiv="Pragma" content="no-cache">
     <meta http-equiv="Expires" content="0">
     <meta http-equiv="Cache-Control" content="no-store, no-cache, must-revalidate, max-age=0">

     <!-- Le HTML5 shim, for IE6-8 support of HTML elements -->
     <!--[if lt IE 9]>
       <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script>
     <![endif]-->

     <!-- Le styles -->
     <link href="./resources/css/bootstrap.css" rel="stylesheet">
     <link href="./resources/css/prettify.css" rel="stylesheet">
     <!--link href="./resources/css/bootstrap-mods.css" rel="stylesheet"-->
     <link href="./resources/css/main.css" rel="stylesheet">
     <link href="./resources/font-awesome-4.6.3/css/font-awesome.min.css" rel="stylesheet">

     <script type="text/javascript">
         var t = encodeURIComponent(document.title.replace(/^\s+|\s+$/g,""));
         var u = encodeURIComponent(""+document.URL);

       function fbshare () {
           window.open(
                   "http://www.facebook.com/sharer/sharer.php?u="+u,
                   'Share on Facebook',
                   'width=640,height=426');
       };
       function gpshare () {
           window.open(
                   "https://plus.google.com/share?url="+u,
                   'Share on Google+',
                   'width=584,height=385');
       };
       function twshare () {
           window.open(
                   "https://twitter.com/intent/tweet?url="+u+"&text="+t,
                   'Share on Twitter',
                   'width=800,height=526');
       };
       function pinshare () {
           window.open("//www.pinterest.com/pin/create/button/?url="+u+"&media=http%3A%2F%2Ftomee.apache.org%2Fresources%2Fimages%2Ffeather-logo.png&description="+t,
                   'Share on Pinterest',
                   'width=800,height=526');
       };
     </script>

     <!-- Le fav and touch icons -->
     <link rel="shortcut icon" href="./favicon.ico">
     <link rel="apple-touch-icon" href="./resources/images/apple-touch-icon.png">
     <link rel="apple-touch-icon" sizes="72x72" href="./resources/images/apple-touch-icon-72x72.png">
     <link rel="apple-touch-icon" sizes="114x114" href="./resources/images/apple-touch-icon-114x114.png">

     <script src="./resources/js/prettify.js" type="text/javascript"></script>
     <script src="./resources/js/jquery-latest.js"></script>
     <script src="http://platform.twitter.com/widgets.js" type="text/javascript"></script>
     <script src="./resources/js/common.js"></script>
     <script src="./resources/js/prettyprint.js"></script>
     <!--script src="//assets.pinterest.com/js/pinit.js" type="text/javascript" async></script//-->

     <script type="text/javascript">

       var _gaq = _gaq || [];
       _gaq.push(['_setAccount', 'UA-2717626-1']);
       _gaq.push(['_setDomainName', 'apache.org']);
       _gaq.push(['_trackPageview']);

       (function() {
         var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
         ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
         var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
       })();

     </script>
   </head>

   <body>

     <div class="topbar" data-dropdown="dropdown">
       <div class="fill">
         <div class="container">
           <a class="brand" href="./index.html">Apache TomEE</a>
           <ul class="nav">
               <li class="dropdown">
                   <a class="dropdown-toggle" data-toggle="dropdown" href="#">
                   Apache
                       <b class="caret"></b>
                   </a>
                   <ul class="dropdown-menu">
                      <!-- <li><a href="./misc/whoweare.html">Who we are?</a></li> -->
                      <!-- <li><a href="./misc/heritage.html">Heritage</a></li> -->
                      <li><a href="http://www.apache.org">Apache Home</a></li>
                      <!-- <li><a href="./misc/resources.html">Resources</a></li> -->
                      <li><a href="./misc/contact.html">Contact</a></li>
                      <li><a href="./misc/legal.html">Legal</a></li>
                      <li><a href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li>
                      <li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li>
                      <li class="divider"/>
                      <li><a href="http://www.apache.org/security">Security</a></li>
                   </ul>
               </li>
               <li><a href="./index.html">Home</a></li>
               <li><a href="./downloads.html">Downloads</a></li>
               <li><a href="./documentation.html">Documentation</a></li>
               <li><a href="./examples-trunk/index.html">Examples</a></li>
               <li><a href="./support.html">Support</a></li>
               <li><a href="./contribute.html">Contribute</a></li>
               <li><a href="./security/index.html">Security</a></li>
           </ul>

             <!-- Google CSE Search Box Begins  -->
             <FORM class="pull-right" id="searchbox_010475492895890475512:_t4iqjrgx90" action="http://www.google.com/cse">
                 <INPUT type="hidden" name="cx" value="010475492895890475512:_t4iqjrgx90">
                 <INPUT type="hidden" name="cof" value="FORID:0">
                 <INPUT size="18" width="130" style="width:130px" name="q" type="text" placeholder="Search">
             </FORM>
             <!--<SCRIPT type="text/javascript" src="http://www.google.com/coop/cse/brand?form=searchbox_010475492895890475512:_t4iqjrgx90"></SCRIPT>-->
             <!-- Google CSE Search Box Ends -->
         </div>
       </div>
     </div>

     <div class="container">


 <div class="page-header">
     <small><a href="./index.html">Home</a></small><br>
     <h1>Apache TomEE and security

         <div style="float: right; position: relative; bottom: -10px; ">
             <a onclick="javascript:gpshare()" class="gp-share sprite" title="Share on Google+">share [gp]</a>
             <a onclick="javascript:fbshare()" class="fb-share sprite" title="Share on Facebook">share [fb]</a>
             <a onclick="javascript:twshare()" class="tw-share sprite" title="Share on Twitter">share [tw]</a>
             <a onclick="javascript:pinshare()" class="pin-share sprite" title="Share on Pinterest">share [pin]</a>
             <a data-toggle="modal" href="#edit" class="edit-page" title="Contribute to this Page">contribute</a>
         </div>
     </h1>
 </div>

 <p>Rather than providing its own security implementation, TomEE makes full use of the security features that are part of Tomcat. Any Catalina realm is supported or you can provide your own security module using the login.config file. </p>

 <p>For example, to add some simple security to the <a href="http://tomee.apache.org/examples-trunk/webapps/moviefun/README.html">moviefun application</a> , all we would need to do is: </p>

 <ol>
 <li>Add some users to the tomcat-users.xml file     </li>
 <li>Add the necessary @DefineRoles and @RolesAllowed annotations on MoviesImpl     </li>
 <li>Add some security config to do HTTP Basic authentication to web.xml Webservice security is also looked after – username/password based security (HTTP basic, or WS-Security) uses the same Tomcat security. Certificate based security is also available.</li>
 </ol>

 <p>To put it short,</p>

 <ul>
 <li>TomEE uses Tomcat's Security Realm</li>
 <li>Extra TomEE layer adds support for JAAS JACC WS Security</li>
 <li>Supports any org.apache.catalina.Realm implementation</li>
 <li>E.g. add users to $CATALINA_BASE/conf/tomcat-users.xml</li>
 <li>Alternatively use login.config to provide your own security module</li>
 </ul>

 <h4>See Also:</h4>

 <p><a href="tomee-jaas.html">TomEE-and-JAAS</a> </p>


         <div id="edit" class="modal hide fade in" style="display: none; ">
             <div class="modal-header">
                 <a class="close" data-dismiss="modal">x</a>

                 <h3>Thank you for contributing to the documentation!</h3>
             </div>
             <div class="modal-body">
                 <h4>Any help with the documentation is greatly appreciated.</h4>
                 <p>All edits are reviewed before going live, so feel free to do much more than fix typos or links.  If you see a page that could benefit from an entire rewrite, we'd be thrilled to review it.  Don't be surprised if we like it so much we ask you for help with other pages :)</p>
                 <small>NOTICE: unless indicated otherwise on the pages in question, all editable content available from apache.org is presumed to be licensed under the Apache License (AL) version 2.0 and hence all submissions to apache.org treated as formal Contributions under the license terms.</small>
                 <!--[if gt IE 6]>
                 <h4>Internet Explorer Users</h4>
                 <p>If you are not an Apache committer, click the Yes link and enter a <i>anonymous</i> for the username and leave the password empty</p>
                 <![endif]-->

             </div>
             <div class="modal-footer">
                 Do you have an Apache ID?
                 <a href="javascript:void(location.href='https://cms.apache.org/redirect?uri='+escape(location.href))" class="btn">Yes</a>
                 <a href="javascript:void(location.href='https://anonymous:@cms.apache.org/redirect?uri='+escape(location.href))" class="btn">No</a>
             </div>
         </div>
         <script src="./resources/js/bootstrap-modal.js"></script>

         <footer>
             <p>Copyright &copy; 1999-2016 The Apache Software Foundation, Licensed under the Apache License, Version 2.0.
                 Apache TomEE, TomEE, Apache, the Apache feather logo, and the Apache TomEE project logo are trademarks of The Apache Software Foundation.
                 All other marks mentioned may be trademarks or registered trademarks of their respective owners.</p>
         </footer>

     </div> <!-- /container -->

     <!-- Javascript
     ================================================== -->
     <!-- Placed at the end of the document so the pages load faster -->
     <script src="./resources/js/bootstrap-dropdown.js"></script>

   </body>
 </html>
	<!DOCTYPE html>
	<html lang="en">
	<head>

	<meta charset="UTF-8">
	<title>Apache TomEE and security</title>
	<meta name="description" content="Apache TomEE">
	<meta name="author" content="Apache TomEE">
	<meta name="google-translate-customization" content="f36a520c08f4c9-0a04e86a9c075ce9-g265f3196f697cf8f-10">
	<meta http-equiv="Pragma" content="no-cache">
	<meta http-equiv="Expires" content="0">
	<meta http-equiv="Cache-Control" content="no-store, no-cache, must-revalidate, max-age=0">

	<!-- Le HTML5 shim, for IE6-8 support of HTML elements -->
	<!--[if lt IE 9]>
	<script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script>
	<![endif]-->

	<!-- Le styles -->
	<link href="./resources/css/bootstrap.css" rel="stylesheet">
	<link href="./resources/css/prettify.css" rel="stylesheet">
	<!--link href="./resources/css/bootstrap-mods.css" rel="stylesheet"-->
	<link href="./resources/css/main.css" rel="stylesheet">
	<link href="./resources/font-awesome-4.6.3/css/font-awesome.min.css" rel="stylesheet">

	<script type="text/javascript">
	var t = encodeURIComponent(document.title.replace(/^\s+\|\s+$/g,""));
	var u = encodeURIComponent(""+document.URL);

	function fbshare () {
	window.open(
	"http://www.facebook.com/sharer/sharer.php?u="+u,
	'Share on Facebook',
	'width=640,height=426');
	};
	function gpshare () {
	window.open(
	"https://plus.google.com/share?url="+u,
	'Share on Google+',
	'width=584,height=385');
	};
	function twshare () {
	window.open(
	"https://twitter.com/intent/tweet?url="+u+"&text="+t,
	'Share on Twitter',
	'width=800,height=526');
	};
	function pinshare () {
	window.open("//www.pinterest.com/pin/create/button/?url="+u+"&media=http%3A%2F%2Ftomee.apache.org%2Fresources%2Fimages%2Ffeather-logo.png&description="+t,
	'Share on Pinterest',
	'width=800,height=526');
	};
	</script>

	<!-- Le fav and touch icons -->
	<link rel="shortcut icon" href="./favicon.ico">
	<link rel="apple-touch-icon" href="./resources/images/apple-touch-icon.png">
	<link rel="apple-touch-icon" sizes="72x72" href="./resources/images/apple-touch-icon-72x72.png">
	<link rel="apple-touch-icon" sizes="114x114" href="./resources/images/apple-touch-icon-114x114.png">

	<script src="./resources/js/prettify.js" type="text/javascript"></script>
	<script src="./resources/js/jquery-latest.js"></script>
	<script src="http://platform.twitter.com/widgets.js" type="text/javascript"></script>
	<script src="./resources/js/common.js"></script>
	<script src="./resources/js/prettyprint.js"></script>
	<!--script src="//assets.pinterest.com/js/pinit.js" type="text/javascript" async></script//-->

	<script type="text/javascript">

	var _gaq = _gaq \|\| [];
	_gaq.push(['_setAccount', 'UA-2717626-1']);
	_gaq.push(['_setDomainName', 'apache.org']);
	_gaq.push(['_trackPageview']);

	(function() {
	var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
	ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
	var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
	})();

	</script>
	</head>

	<body>

	<div class="topbar" data-dropdown="dropdown">
	<div class="fill">
	<div class="container">
	<a class="brand" href="./index.html">Apache TomEE</a>
	<ul class="nav">
	<li class="dropdown">
	<a class="dropdown-toggle" data-toggle="dropdown" href="#">
	Apache
	<b class="caret"></b>
	</a>
	<ul class="dropdown-menu">
	<!-- <li><a href="./misc/whoweare.html">Who we are?</a></li> -->
	<!-- <li><a href="./misc/heritage.html">Heritage</a></li> -->
	<li><a href="http://www.apache.org">Apache Home</a></li>
	<!-- <li><a href="./misc/resources.html">Resources</a></li> -->
	<li><a href="./misc/contact.html">Contact</a></li>
	<li><a href="./misc/legal.html">Legal</a></li>
	<li><a href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li>
	<li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li>
	<li class="divider"/>
	<li><a href="http://www.apache.org/security">Security</a></li>
	</ul>
	</li>
	<li><a href="./index.html">Home</a></li>
	<li><a href="./downloads.html">Downloads</a></li>
	<li><a href="./documentation.html">Documentation</a></li>
	<li><a href="./examples-trunk/index.html">Examples</a></li>
	<li><a href="./support.html">Support</a></li>
	<li><a href="./contribute.html">Contribute</a></li>
	<li><a href="./security/index.html">Security</a></li>
	</ul>

	<!-- Google CSE Search Box Begins -->
	<FORM class="pull-right" id="searchbox_010475492895890475512:_t4iqjrgx90" action="http://www.google.com/cse">
	<INPUT type="hidden" name="cx" value="010475492895890475512:_t4iqjrgx90">
	<INPUT type="hidden" name="cof" value="FORID:0">
	<INPUT size="18" width="130" style="width:130px" name="q" type="text" placeholder="Search">
	</FORM>
	<!--<SCRIPT type="text/javascript" src="http://www.google.com/coop/cse/brand?form=searchbox_010475492895890475512:_t4iqjrgx90"></SCRIPT>-->
	<!-- Google CSE Search Box Ends -->
	</div>
	</div>
	</div>

	<div class="container">


	<div class="page-header">
	<small><a href="./index.html">Home</a></small><br>
	<h1>Apache TomEE and security

	<div style="float: right; position: relative; bottom: -10px; ">
	<a onclick="javascript:gpshare()" class="gp-share sprite" title="Share on Google+">share [gp]</a>
	<a onclick="javascript:fbshare()" class="fb-share sprite" title="Share on Facebook">share [fb]</a>
	<a onclick="javascript:twshare()" class="tw-share sprite" title="Share on Twitter">share [tw]</a>
	<a onclick="javascript:pinshare()" class="pin-share sprite" title="Share on Pinterest">share [pin]</a>
	<a data-toggle="modal" href="#edit" class="edit-page" title="Contribute to this Page">contribute</a>
	</div>
	</h1>
	</div>

	<p>Rather than providing its own security implementation, TomEE makes full use of the security features that are part of Tomcat. Any Catalina realm is supported or you can provide your own security module using the login.config file. </p>

	<p>For example, to add some simple security to the <a href="http://tomee.apache.org/examples-trunk/webapps/moviefun/README.html">moviefun application</a> , all we would need to do is: </p>

	<ol>
	<li>Add some users to the tomcat-users.xml file </li>
	<li>Add the necessary @DefineRoles and @RolesAllowed annotations on MoviesImpl </li>
	<li>Add some security config to do HTTP Basic authentication to web.xml Webservice security is also looked after – username/password based security (HTTP basic, or WS-Security) uses the same Tomcat security. Certificate based security is also available.</li>
	</ol>

	<p>To put it short,</p>

	<ul>
	<li>TomEE uses Tomcat's Security Realm</li>
	<li>Extra TomEE layer adds support for JAAS JACC WS Security</li>
	<li>Supports any org.apache.catalina.Realm implementation</li>
	<li>E.g. add users to $CATALINA_BASE/conf/tomcat-users.xml</li>
	<li>Alternatively use login.config to provide your own security module</li>
	</ul>

	<h4>See Also:</h4>

	<p><a href="tomee-jaas.html">TomEE-and-JAAS</a> </p>




	<div id="edit" class="modal hide fade in" style="display: none; ">
	<div class="modal-header">
	<a class="close" data-dismiss="modal">x</a>

	<h3>Thank you for contributing to the documentation!</h3>
	</div>
	<div class="modal-body">
	<h4>Any help with the documentation is greatly appreciated.</h4>
	<p>All edits are reviewed before going live, so feel free to do much more than fix typos or links. If you see a page that could benefit from an entire rewrite, we'd be thrilled to review it. Don't be surprised if we like it so much we ask you for help with other pages :)</p>
	<small>NOTICE: unless indicated otherwise on the pages in question, all editable content available from apache.org is presumed to be licensed under the Apache License (AL) version 2.0 and hence all submissions to apache.org treated as formal Contributions under the license terms.</small>
	<!--[if gt IE 6]>
	<h4>Internet Explorer Users</h4>
	<p>If you are not an Apache committer, click the Yes link and enter a <i>anonymous</i> for the username and leave the password empty</p>
	<![endif]-->

	</div>
	<div class="modal-footer">
	Do you have an Apache ID?
	<a href="javascript:void(location.href='https://cms.apache.org/redirect?uri='+escape(location.href))" class="btn">Yes</a>
	<a href="javascript:void(location.href='https://anonymous:@cms.apache.org/redirect?uri='+escape(location.href))" class="btn">No</a>
	</div>
	</div>
	<script src="./resources/js/bootstrap-modal.js"></script>

	<footer>
	<p>Copyright © 1999-2016 The Apache Software Foundation, Licensed under the Apache License, Version 2.0.
	Apache TomEE, TomEE, Apache, the Apache feather logo, and the Apache TomEE project logo are trademarks of The Apache Software Foundation.
	All other marks mentioned may be trademarks or registered trademarks of their respective owners.</p>
	</footer>

	</div> <!-- /container -->

	<!-- Javascript
	================================================== -->
	<!-- Placed at the end of the document so the pages load faster -->
	<script src="./resources/js/bootstrap-dropdown.js"></script>

	</body>
	</html>