--- conf/catalina.policy.orig	2018-03-16 12:18:17.835746805 -0400
+++ conf/catalina.policy	2018-06-13 13:52:33.586872659 -0400
@@ -50,6 +50,21 @@ grant codeBase "file:${java.home}/lib/ex
         permission java.security.AllPermission;
 };
 
+// ========== RHEL SPECIFIC CODE PERMISSIONS =======================================
+
+// Allowing everything in /usr/share/java allows too many unknowns to be permitted
+// Specifying the individual jars that tomcat needs to function with the security manager
+// is the safest way forward.
+grant codeBase "file:/usr/share/java/tomcat-servlet-4.0-api.jar" {
+        permission java.security.AllPermission;
+};
+grant codeBase "file:/usr/share/java/tomcat-jsp-2.3-api.jar" {
+        permission java.security.AllPermission;
+};
+grant codeBase "file:/usr/share/java/tomcat-el-3.0-api.jar" {
+        permission java.security.AllPermission;
+};
+
 
 // ========== CATALINA CODE PERMISSIONS =======================================