Add newly required ant, ant-launcher, and tools jars to the catalina.policy so that tomcat can access them when running under the SecurityManager

pki-servlet-container.spec

@@ -87,7 +87,7 @@ Source32:      tomcat-named.service
 Patch0:        tomcat-%{major_version}.%{minor_version}-bootstrap-MANIFEST.MF.patch
 Patch1:        tomcat-%{major_version}.%{minor_version}-tomcat-users-webapp.patch
 Patch2:        tomcat-8.0.36-CompilerOptionsV9.patch
-Patch3:        disableJavadocFailOnWarning.patch
+Patch3:        tomcat-%{major_version}.%{minor_version}-catalina-policy.patch
 
 BuildArch:     noarch
 
@@ -166,7 +166,7 @@ find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name "
 %patch0 -p0
 %patch1 -p0
 %patch2 -p0
-#%%patch3 -p0
+%patch3 -p0
 
 # Since we don't support ECJ in RHEL anymore, remove the class that requires it
 %{__rm} -f java/org/apache/jasper/compiler/JDTCompiler.java

tomcat-9.0-catalina-policy.patch

@@ -1,6 +1,6 @@
---- conf/catalina.policy.orig	2018-03-16 12:18:17.835746805 -0400
-+++ conf/catalina.policy	2018-06-13 13:52:33.586872659 -0400
-@@ -50,6 +50,21 @@ grant codeBase "file:${java.home}/lib/ex
+--- conf/catalina.policy.orig	2018-06-21 13:30:04.074492012 -0400
++++ conf/catalina.policy	2018-06-21 13:30:02.111479809 -0400
+@@ -50,6 +50,30 @@ grant codeBase "file:${java.home}/lib/ex
          permission java.security.AllPermission;
  };
  
@@ -18,6 +18,15 @@
 +grant codeBase "file:/usr/share/java/tomcat-el-3.0-api.jar" {
 +        permission java.security.AllPermission;
 +};
++grant codeBase "file:/usr/share/java/ant.jar" {
++        permission java.security.AllPermission;
++};
++grant codeBase "file:/usr/share/java/ant-launcher.jar" {
++        permission java.security.AllPermission;
++};
++grant codeBase "file:/usr/lib/jvm/java/lib/tools.jar" {
++        permission java.security.AllPermission;
++};
 +
  
  // ========== CATALINA CODE PERMISSIONS =======================================