Many security-related tasks are common for any TomEE or Tomcat installation. These are described briefly with links to the online documentation providing the details.

Hardening TomEE

For information on hardening TomEE, see the Apache Securing Tomcat guide. Process Platform has built-in CSRF Protection that you can use instead of the Tomcat specific solutions.

Secure Sockets Layer

To setup TomEE with Secure Sockets Layer (SSL), see Apache SSL Configuration. Remember to set the hostname equal to the CN of the certificate.

<Host name="server.acme.com" ...>

After you completed this task:

• Follow the instructions to set the node url to the HTTPS protocol.

Windows Authentication

You can configure TomEE to perform Windows Authentication in different ways. See TomEE specific How to page. Other authentication mechanism can also be used with TomEE (Tomcat). See the specific product configuration for more information.
For an example on configuring TomEE with Windows Authentication, see Configure Tomcat for NTLM authentication.