The way I found to stop this, is to grant all permissions to everything - that is, copy the policy for the tomcat codebase, just remove all mention of the code base (e.g. line starts grant { rather than grant codebase { ). I.m trying to track donw exactly what the problem is, but so far it looks like tomcat isn't properly handling permisisons for specific codebases. sam ----- Original Message ----- From: Sergey V. Udaltsov <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, March 02, 2001 11:21 PM Subject: Re: RMI > Hi > > I try to run Tomcat with SecurityManager and policy file. > First, I found a bug in tomcat.sh - it passes "-security" option to the > class (it's necessary to add one "shift" statement before calling java). > > Then I found that all session-based jsps give me errors like this (in > tomcat console): <snip> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]