This breaks security for virtual hosting by allowing anyone who can authenticate to use the manager to manage all virtual hosts. Though this may be easier for you it prevents me from administering a Tomcat server where multiple virtual hosta are managed by different customers.
Therfor I am -1 for applying this patch.
An acceptable patch would be to extend the existing manager class with a new class which implements this "feature". Then those administering Tomcat can choose which version of the manager they want to install.
I agree with this.
Is one manager per vhost really too much to ask ? (since different principals will be needed in many situations)
There are a use cases for the feature, of course, so I'm ok with having an extension class that could replace the default manager servlet.
Rémy
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
