Installing Arbortext Publishing Engine > Arbortext Publishing Engine Installation > Security
  
Security
Arbortext Publishing Engine relies on the servlet container or web application server for security. You can enhance security by placing Arbortext Publishing Engine and its servlet container or web application server on an intranet and isolating them from the internet using a firewall. Within Arbortext Publishing Engine:
You must specify a list of Arbortext Publishing Engine application names that are allowed to be called from an HTTP request.
HTTPS is on by default. To set up the Arbortext Publishing Engine, if certificate is not available you must generate a certificate for the server and point Tomcat to the keystore containing it. The certificate must be imported into the Trusted store of the Java used by Arbortext Editor and/or Windchill if publishing is performed from either of these clients. For more information on disabling HTTPS and generating the certificate, see “Disabling HTTPS”, in the Configuration Guide for Arbortext Publishing Engine in the Arbortext Help Center. For more information about setting up Apache Tomcat using HTTPS, refer to the section ‘SSL/TLS Configuration’ from the documentation provided for Tomcat by the Apache Software Foundation.
You can set up a specific Windows user account under which Arbortext PE sub-processes will run. Then you can set security permissions and restrictions on that account. For more information, refer to Configuring a User Account.
For communication with Windchill, you must use trusted host authentication, and the Windchill auth.properties file must not contain a password. If you cannot use the trusted host authentication, set the e3 configuration property com.arbortext.e3.allowAuthenticationWithoutTrustedHost in the e3config.xml file. For more information on configuring the auth.properties, see ‘Configuring Arbortext Publishing Engine for the Windchill Visualization Service’ in the Arbortext Help Center.
The security framework is enabled by default. You can enable or disable the security framework by setting the com.arbortext.e3.enableSecurityFramework property to true or false, respectively. The property e3config.xml file is in the folder Arbortext PE\e3\e3\WEB-INF. When the security framework is configured, you must have a user with the Arbortext Publishing Engine administrator role to access parts of the Publishing Engine user interface.
You can configure the Arbortext Publishing Engine security framework to allow or restrict requests sent to the Arbortext PE Request Manager based each request’s security classification. Security constraints are defined in the Arbortext Publishing Engine configuration file e3config.xml, working in conjunction with users and groups defined in Apache Tomcat.
For more information, see Customizing the Security Framework. You must also ensure that Tomcat is configured in line with current security best practices.
The logs have been modified to include less information out-of-the-box. Administrators can include more information by modifying the log level parameters in the e3config.xml settings. The com.arbortext logger in the log4j2.xml settings can also be changed. For more information, see The Global Application Logging Parameters in the Arbortext Help Center.