// Additional permissions for tomcat.

// javac
grant codeBase "file:${java.home}/../lib/-" {
       permission java.security.AllPermission;
};

// Tomcat gets all permissions
grant codeBase "file:${tomcat.home}/lib/-" {
       permission java.security.AllPermission;
};

grant codeBase "file:${tomcat.home}/classes/-" {
	permission java.security.AllPermission;
};

// Example webapp policy 
// By default we grant read access on webapp dir and
// write in workdir
grant codeBase "file:${tomcat.home}/webapps/examples" {
      permission java.net.SocketPermission "localhost:1024-", "listen";
      permission java.util.PropertyPermission "*", "read";
};