I've been deploying a Tomcat 5.5 app, JDK 1.5 and am getting a ton of security stops. This is on a fresh Debian Etch machine, I've run it on other Debian Etch systems, and can't figure out what is triggering the increased security.
Things like by: java.security.AccessControlException: access denied (java.util.PropertyPermission user.home read)
when I try a simple 'System.getProperty("user.home")
which have always worked.
Clearly something is setting up tighter security. Pointers to where this is will be greatly appreciated.
You'll have to do some digging to see how Tomcat is being started.
At some point the -security flag is being set. This flag causes tomcat to be run under a security manager configured in tomcat/conf/catalina.policy. Either alter catalina.policy to loosen restrictions as needed, or remove the flag from the script that is starting Tomcat.
I use RPM and Debian packages (apt-get) for a lot of thing, but not Tomcat or Java. For Tomcat, I prefer to grab the most recent releases from http://tomcat.apache.org and keep the whole application in one directory. I use the JDK from http://java.sun.com.