Hi Rowan, listing what didnt work can help to be more accurate but dont think we duplicated this page on tomee site directly.
Romain Manni-Bucau @rmannibucau <https://twitter.com/rmannibucau> | Blog <https://blog-rmannibucau.rhcloud.com> | Old Blog <http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> | LinkedIn <https://www.linkedin.com/in/rmannibucau> | JavaEE Factory <https://javaeefactory-rmannibucau.rhcloud.com> 2017-07-26 1:29 GMT+02:00 Rowan Burgess <rowan.j.burg...@gmail.com>: > Hello, > > Is there a guide/reference available that outlines "best practices" on how > to configure TomEE securely? > > I have used Tomcat in the past, and am familiar with steps such as those > described in https://tomcat.apache.org/tomcat-8.0-doc/security-howto.html > , > but I have not worked with TomEE before. > > I need to ensure that no ports/services have been exposed unnecessarily. > > I also need to ensure that there are no servlets / JSP's mapped and > accessible by default. > > Appreciate any help/guidance you might have, > > Thanks! >