Tomcat Security

  
Checklist:
1. Create custom account for Tomcat/Mongrel (app servers) with minimal system privileges (does not require root privileges to run)
2. Define users (configured realms) who can access Tomcat services in web.xml file and secure the file.
3. Configure passwords in tomcat-users.xml file and protect file with proper permissions.
4. Ensure the Java Security Manager is running to control Tomcat security aspects
5. Security configuration file is catalina.policy file and can be used to configure settings for permissions to application objects