2013/10/20 Christopher Schultz <ch...@christopherschultz.net>: > Edoardo, > > On 10/18/13 6:03 PM, Edoardo Panfili wrote: >> Il 17/10/13 18:45, Edoardo Panfili ha scritto: > > I'll bet the problem is that Tomcat doesn't like applications > declaring themselves to be privileged="true". The first time Tomcat is > started, META-INF/context.xml from the Manager is copied into > conf/Catalina/localhost/manager.xml where the privileged="true" is > preserved. With deployXML="false", this file is not copied and so > META-INF/context.xml is used instead. Tomcat maybe doesn't allow > META-INF/context.xml to contain privileged="true". > > (Of course, Tomcat seems perfectly happy to copy META-INF/context.xml > into conf/Catalina/localhost/manager.xml and *then* permit > privileged="true" so my premise is a bit shaky). >
Copying is controlled by "copyXML" attribute. The meaning of deployXML="false" is that Tomcat ignores META-INF/context.xml files bundled with web applications and honors only those there were explicitly (manually) configured by Administrator in the conf directory of the server. (Thus you have better control over deployed applications, but with more work to configure them.) deployXML="false" and running with SecurityManager are usually used together. If you omit the latter, a rogue web application can reconfigure Tomcat via reflection. If you omit the former, an application can be configured via context.xml so that it bypasses some crucial security restrictions. Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
