Hi,
As part of a way to prevent concurrent login, and to re-assign a
session back to a request based on JWT token (for clients that cannot pass
us cookies), we need to access to the 'findSession' and 'findSessions' in
org.apache.catalina.Manager.
Is it true the only way to get the manager using
ServletContext.getManager() is by using privileged="true" in the
context.xml?
Are there any implications in setting privileged="true" if we have full
control to restrict what servlets or jsp or codes are running in our webapp?
Thanks.
Regards,
Kok Hoor
