Hi I try to run Tomcat with SecurityManager and policy file. First, I found a bug in tomcat.sh - it passes "-security" option to the class (it's necessary to add one "shift" statement before calling java). Then I found that all session-based jsps give me errors like this (in tomcat console): java.security.AccessControlException: access denied (java.util.PropertyPermission tomcat.sessionid.randomclass read) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:272) at java.security.AccessController.checkPermission(AccessController.java:399) at java.lang.SecurityManager.checkPermission(SecurityManager.java:545) at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1278) at java.lang.System.getProperty(System.java:560) at org.apache.tomcat.util.SessionIdGenerator.getIdentifier(SessionIdGenerator.java:124) at org.apache.tomcat.util.SessionIdGenerator.generateId(SessionIdGenerator.java:177) at org.apache.tomcat.util.SessionUtil.generateSessionId(SessionUtil.java:180) at org.apache.tomcat.session.StandardManager.getNewSession(StandardManager.java:379) at org.apache.tomcat.session.StandardSessionInterceptor.newSessionRequest(StandardSessionInterceptor.java:177) at org.apache.tomcat.core.ContextManager.doNewSessionRequest(ContextManager.java:913) at org.apache.tomcat.core.RequestImpl.getSession(RequestImpl.java:478) at org.apache.tomcat.facade.HttpServletRequestFacade.getSession(HttpServletRequestFacade.java:381) at org.apache.jasper.runtime.PageContextImpl._initialize(PageContextImpl.java:173) at org.apache.jasper.runtime.PageContextImpl.initialize(PageContextImpl.java:149) at org.apache.jasper.runtime.JspFactoryImpl.getPageContext(JspFactoryImpl.java:99) at jsp.sessions._0002fjsp_0002fsessions_0002fcarts_0002ejspcarts_jsp_0._jspService(_0002fjsp_0002fsessions_0002fcarts_0002ejspcarts_jsp_0.java:51) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:119) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.jasper.servlet.JspServlet$JspServletWrapper.service(JspServlet.java:177) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:318) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:391) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.tomcat.core.ServletWrapper.doService(ServletWrapper.java:404) at org.apache.tomcat.core.Handler.service(Handler.java:286) at org.apache.tomcat.core.ServletWrapper.service(ServletWrapper.java:372) at org.apache.tomcat.core.ContextManager.internalService(ContextManager.java:797) at org.apache.tomcat.core.ContextManager.service(ContextManager.java:743) at org.apache.tomcat.service.connector.Ajp12ConnectionHandler.processConnection(Ajp12ConnectionHandler.java:166) at org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:416) at org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java:498) at java.lang.Thread.run(Thread.java:484) 2001-03-02 03:45:32 - Ctx( /examples ): Exception in: R( /examples + /jsp/sessions/carts.jsp + null) - java.lang.NullPointerException at jsp.sessions._0002fjsp_0002fsessions_0002fcarts_0002ejspcarts_jsp_0._jspService(_0002fjsp_0002fsessions_0002fcarts_0002ejspcarts_jsp_0.java:132) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:119) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.jasper.servlet.JspServlet$JspServletWrapper.service(JspServlet.java:177) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:318) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:391) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.tomcat.core.ServletWrapper.doService(ServletWrapper.java:404) at org.apache.tomcat.core.Handler.service(Handler.java:286) at org.apache.tomcat.core.ServletWrapper.service(ServletWrapper.java:372) at org.apache.tomcat.core.ContextManager.internalService(ContextManager.java:797) at org.apache.tomcat.core.ContextManager.service(ContextManager.java:743) at org.apache.tomcat.service.connector.Ajp12ConnectionHandler.processConnection(Ajp12ConnectionHandler.java:166) at org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:416) at org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java:498) at java.lang.Thread.run(Thread.java:484) So in browser I also get the error: Error: 500 Location: /examples/jsp/sessions/carts.jsp Internal Servlet Error: java.lang.NullPointerException at jsp.sessions._0002fjsp_0002fsessions_0002fcarts_0002ejspcarts_jsp_0._jspService(_0002fjsp_0002fsessions_0002fcarts_0002ejspcarts_jsp_0.java:132) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:119) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.jasper.servlet.JspServlet$JspServletWrapper.service(JspServlet.java:177) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:318) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:391) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.tomcat.core.ServletWrapper.doService(ServletWrapper.java:404) at org.apache.tomcat.core.Handler.service(Handler.java:286) at org.apache.tomcat.core.ServletWrapper.service(ServletWrapper.java:372) at org.apache.tomcat.core.ContextManager.internalService(ContextManager.java:797) at org.apache.tomcat.core.ContextManager.service(ContextManager.java:743) at org.apache.tomcat.service.connector.Ajp12ConnectionHandler.processConnection(Ajp12ConnectionHandler.java:166) at org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:416) at org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java:498) at java.lang.Thread.run(Thread.java:484) I use standard tomcat.policy file. It gives "AllPermission" to the tomcat classes. What's wrong? Thanks for any ideas. Sergey --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]