Access to Lucee Server Admin prohibited by security manager

This is a fairy new install on CentOS 7 with the AJP connector/proxy to Apache. I know the server admin worked at one point but it seems like I may have caused an issue to prevent access to it. The exception is a Lucee error output. I did have a virtual host defined for the hostname that I use for server admin access, which I removed to test. Initially the error included the path for my virtual host mapping (/var/www/ but with the virtual host mapping removed from the tomcat server.xml I get the same error with a different path:

Message	can't access [/opt/lucee/tomcat/lucee-server/context/userdata] directory must be inside [/opt/lucee/tomcat/webapps/ROOT]
Detail	access is prohibited by security manager
Stacktrace	The Error Occurred in
/admin/adminfunctions.cfc: line 97 
called from /admin/adminfunctions.cfc: line 74 
called from /admin/adminfunctions.cfc: line 52 
called from /admin/adminfunctions.cfc: line 23 
called from /admin/adminfunctions.cfc: line 29 
called from /admin/web.cfm: line 362 
called from /admin/server.cfm: line 2 

I should mention that the web admin works for each virtual site, even on the main hostname that isn’t a tomcat virtual host.

I am not sure what the security manager is or what that is referencing in terms of things I may have changed or have control over. I am fairly certain I did some security lock down in the admin at some point but unsure how to now get back into the admin if that is what caused the issue. Possibly someone can point me to the config file which may contain these settings so I can remove them? Or maybe this is an initial configuration/proxy/tomcat configuration issue, in which case some detail about what I may have done would be great!

Thanks for any help!

does it work directly with tomcat?

(PS please always state the lucee version in use!)

Woops, just saw this reply. Nope, it does not work on port 8888. Can’t do as there is no GUI on the box but using the remote URL with port 8888 (which is open to the VPN) provides the same response as on port 80/443. I checked and saw that I did not have a Host mapping setup in the server.conf for the domain I was using to access the admin, so I added that as well but without any success.