--- conf/catalina.policy.orig 2021-07-07 10:25:53.461393329 +0800 +++ conf/catalina.policy 2021-07-07 10:27:47.688682404 +0800 @@ -56,6 +56,16 @@ grant codeBase "file:${java.home}/lib/ex // permission java.security.AllPermission; //}; +// ========== RHEL SPECIFIC CODE PERMISSIONS ======================================= + + +// Allowing everything in /usr/share/java allows too many unknowns to be permitted +// Specifying the individual jars that tomcat needs to function with the security manager +// is the safest way forward. +grant codeBase "file:/usr/share/java/ecj/ecj.jar" { + permission java.security.AllPermission; +}; + // ========== CATALINA CODE PERMISSIONS ======================================= @@ -261,4 +271,4 @@ grant codeBase "file:${catalina.home}/we // // The permissions granted to a specific JAR // grant codeBase "war:file:${catalina.base}/webapps/examples.war*/WEB-INF/lib/foo.jar" { -// }; \ No newline at end of file +// };