Hi all. We solved the problem with tomcat ignoring all grants for individual user sites. It was a pure RTFM. For every user site, a unique context is created on startup (as seen in tomcat.log on debug level)
There is a outcommented line in the server.xml which has to be activated: <!-- ContextInterceptor className="org.apache.tomcat.context.PolicyInterceptor" --> After activating the line it should look like this: <ContextInterceptor className="org.apache.tomcat.context.PolicyInterceptor" /> After that, tomcat actually assigns the permissions granted in the tomcat.policy to the individual user sites. thanx for your all your help on this group, J.P.Jarolim P.S.: Keywords for other googlers like me: tomcat ignoring ignore tomcat.policy grant java server.xml security manager FilePermission java.security.AccessControlException secure security sun cobalt -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>