Hi, I invoked the TomCat 4.0.4 with the security manager default policy (catalina.policy). The thing is that I could invoke all the servlets,jsp's and html files which are in my webapps although i specify no access permission to those webapps. How can I disable specific classes/jsp/html from running. Further more - can I limit one servlet to specific action on a remote ejb ? if so how. Thanks a lot.
