If Single Sign On is enabled, a user can visit the Tomcat administration webapp after logging on using another page. Unfortunately after upgrading from Tomcat 5.0 to 5.5.7 we've found this results in a NullPointerException (unless the admin webapp has already been loaded). I've had a look at the code, and the reason seems to be Remm's commit to web.xml and login.jsp on 16-Aug-04 (affecting Tomcat 5.5.0 and above) that stopped the admin app being loaded on startup and instead loads its internals when the login .jsp page is visited. This fix obviously assumes that the login page is always visited before the admin webapp is accessed - an assumption that is not valid when using SSO. I suggest either reversing the previous commit and turning load-on-startup on again; or alternatively, adding the line that was added to login.jsp to frameset.jsp as well (someone would need to confirm if this works OK, as I don't know).
Hmm... We don't want it to load-on-startup because its loading time slows down the overall server start time. The frameset.jsp suggestion sounds reasonable but I don't have time to test it at the moment.