I am sorry, it seems I was not clear enough.
I wrote a servlet in a classic WAR file at an arbitrary location and NOT in the
org.apache.catalina package. The source code I copied in my last message was the
source code of the doGet() method for THIS servlet (outside the catalina package). And
Thanks for your answer,
I decided to put my servlet in the catalina hierarchy (on my personal computer). When
it will be more advanced, I could even propose it as a contribution to catalina.
But I think would have been possible to bypass the security by just using reflection
to call the core
On 9 May 2001, Fabien Le Floc'h wrote:
Ok, this is possible to bypass the security!
Catalina conforms to the behavior in the Servlet 2.3 PFD2
Specification (Section 9.7.2) but does not comply with its
recommended behaviour.
Which recommended behavior are you concerned about? Catalina
On Wed, 9 May 2001, Craig R. McClanahan wrote:
Catalina only lets servets installed in
$CATALINA_HOME/servlet have this kind of access).
Oops, that's actually $CATALINA_HOME/server.
Craig