I'm sorry for the non-directly struts related question, but someone might have an idea. Using tomcat 3.2.X, the HttpServletRequest, session, and servlet context are created by code stored in tomcat*/lib/webserver.jar, and are in a different classloader protection domain. This prevent the introspection of all such object. It seems like a security feature which is missing on other commercial webserver, but are there way of disabling it? Cheers.
