If you want to run XPlanner+ with the security-manager of tomcat turned on, you need to give following permissions tested with tomcat5:
permission javax.security.auth.AuthPermission "modifyPrincipals"; permission java.net.SocketPermission "127.0.0.1:3306","connect, resolve"; permission java.net.SocketPermission "localhost:9090","connect,resolve"; permission java.lang.RuntimePermission "getProtectionDomain"; permission java.lang.RuntimePermission "shutdownHooks"; permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.el"; permission java.lang.RuntimePermission "accessClassInPackage.org.apache.coyote"; permission java.lang.RuntimePermission "accessClassInPackage.javax.el"; permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; permission java.lang.RuntimePermission "accessDeclaredMembers"; permission java.io.FilePermission "/var/lib/tomcat5.5/webapps/xplanner-plus/xplanner-plus-activity.log", "read,write"; permission java.io.FilePermission "*","read"; permission java.io.FilePermission "/usr/share/tomcat5.5/common/-","read"; permission java.io.FilePermission "/usr/share/tomcat5.5/bin/bootstrap.jar", "read"; permission java.io.FilePermission "/usr/share/java/commons-daemon.jar", "read"; permission java.io.FilePermission "/var/lib/tomcat5.5/webapps/xplanner-plus/WEB-INF/classes/logging.properties","read"; permission java.util.PropertyPermission "*","read,write"; permission java.net.SocketPermission "jakarta.apache.org:80","connect,resolve";
I tested this permissions on Debian Lenny. The xplanner-plus-activity.log is in this path because i changed it manually. Reason is that there seems to be a bug in the log4j configuration i already reported.