I've been deploying a Tomcat 5.5 app, JDK 1.5 and am getting a ton of security stops. This is on a fresh Debian Etch machine, I've run it on other Debian Etch systems, and can't figure out what is triggering the increased security.
You'll have to do some digging to see how Tomcat is being started.
At some point the -security flag is being set. This flag causes tomcat to be run under a security manager configured in tomcat/conf/catalina.policy. Either alter catalina.policy to loosen restrictions as needed, or remove the flag from the script that is starting Tomcat.
I use RPM and Debian packages (apt-get) for a lot of thing, but not Tomcat or Java. For Tomcat, I prefer to grab the most recent releases from http://tomcat.apache.org and keep the whole application in one directory. I use the JDK from http://java.sun.com.