Gitiles
Code Review Sign In
source.supwisdom.com / UniIdentify / tomcat / a78cd380ffb89bb909861fb8c827d93f7120c832^! / . / tomcat-uid / conf / catalina.policy
commita78cd380ffb89bb909861fb8c827d93f7120c832[log] [tgz]
author刘洪青 <hongqing.liu@supwisdom.com>周四 3月 01 14:48:24 2018 +0800
committer刘洪青 <hongqing.liu@supwisdom.com>周四 3月 01 14:48:24 2018 +0800
tree0bb602f30fe131f163ff7dd0596547fe8b8ca2a3
parent6266f996613ae5631b7288523f895b36e30fe5af [diff] [blame]
升级Tomcat版本 apache-tomcat-7.0.85

diff --git a/tomcat-uid/conf/catalina.policy b/tomcat-uid/conf/catalina.policy
index 67aa45a..9a33883 100644
--- a/tomcat-uid/conf/catalina.policy
+++ b/tomcat-uid/conf/catalina.policy

@@ -1,248 +1,265 @@
-// Licensed to the Apache Software Foundation (ASF) under one or more

-// contributor license agreements.  See the NOTICE file distributed with

-// this work for additional information regarding copyright ownership.

-// The ASF licenses this file to You under the Apache License, Version 2.0

-// (the "License"); you may not use this file except in compliance with

-// the License.  You may obtain a copy of the License at

-//

-//     http://www.apache.org/licenses/LICENSE-2.0

-//

-// Unless required by applicable law or agreed to in writing, software

-// distributed under the License is distributed on an "AS IS" BASIS,

-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

-// See the License for the specific language governing permissions and

-// limitations under the License.

-

-// ============================================================================

-// catalina.policy - Security Policy Permissions for Tomcat 7

-//

-// This file contains a default set of security policies to be enforced (by the

-// JVM) when Catalina is executed with the "-security" option.  In addition

-// to the permissions granted here, the following additional permissions are

-// granted to each web application:

-//

-// * Read access to the web application's document root directory

-// * Read, write and delete access to the web application's working directory

-// ============================================================================

-

-

-// ========== SYSTEM CODE PERMISSIONS =========================================

-

-

-// These permissions apply to javac

-grant codeBase "file:${java.home}/lib/-" {

-        permission java.security.AllPermission;

-};

-

-// These permissions apply to all shared system extensions

-grant codeBase "file:${java.home}/jre/lib/ext/-" {

-        permission java.security.AllPermission;

-};

-

-// These permissions apply to javac when ${java.home] points at $JAVA_HOME/jre

-grant codeBase "file:${java.home}/../lib/-" {

-        permission java.security.AllPermission;

-};

-

-// These permissions apply to all shared system extensions when

-// ${java.home} points at $JAVA_HOME/jre

-grant codeBase "file:${java.home}/lib/ext/-" {

-        permission java.security.AllPermission;

-};

-

-

-// ========== CATALINA CODE PERMISSIONS =======================================

-

-

-// These permissions apply to the daemon code

-grant codeBase "file:${catalina.home}/bin/commons-daemon.jar" {

-        permission java.security.AllPermission;

-};

-

-// These permissions apply to the logging API

-// Note: If tomcat-juli.jar is in ${catalina.base} and not in ${catalina.home},

-// update this section accordingly.

-//  grant codeBase "file:${catalina.base}/bin/tomcat-juli.jar" {..}

-grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {

-        permission java.io.FilePermission

-         "${java.home}${file.separator}lib${file.separator}logging.properties", "read";

-

-        permission java.io.FilePermission

-         "${catalina.base}${file.separator}conf${file.separator}logging.properties", "read";

-        permission java.io.FilePermission

-         "${catalina.base}${file.separator}logs", "read, write";

-        permission java.io.FilePermission

-         "${catalina.base}${file.separator}logs${file.separator}*", "read, write";

-

-        permission java.lang.RuntimePermission "shutdownHooks";

-        permission java.lang.RuntimePermission "getClassLoader";

-        permission java.lang.RuntimePermission "setContextClassLoader";

-

-        permission java.util.logging.LoggingPermission "control";

-

-        permission java.util.PropertyPermission "java.util.logging.config.class", "read";

-        permission java.util.PropertyPermission "java.util.logging.config.file", "read";

-        permission java.util.PropertyPermission "org.apache.juli.ClassLoaderLogManager.debug", "read";

-        permission java.util.PropertyPermission "catalina.base", "read";

-

-        // Note: To enable per context logging configuration, permit read access to

-        // the appropriate file. Be sure that the logging configuration is

-        // secure before enabling such access.

-        // E.g. for the examples web application (uncomment and unwrap

-        // the following to be on a single line):

-        // permission java.io.FilePermission "${catalina.base}${file.separator}

-        //  webapps${file.separator}examples${file.separator}WEB-INF

-        //  ${file.separator}classes${file.separator}logging.properties", "read";

-};

-

-// These permissions apply to the server startup code

-grant codeBase "file:${catalina.home}/bin/bootstrap.jar" {

-        permission java.security.AllPermission;

-};

-

-// These permissions apply to the servlet API classes

-// and those that are shared across all class loaders

-// located in the "lib" directory

-grant codeBase "file:${catalina.home}/lib/-" {

-        permission java.security.AllPermission;

-};

-

-

-// If using a per instance lib directory, i.e. ${catalina.base}/lib,

-// then the following permission will need to be uncommented

-// grant codeBase "file:${catalina.base}/lib/-" {

-//         permission java.security.AllPermission;

-// };

-

-

-// ========== WEB APPLICATION PERMISSIONS =====================================

-

-

-// These permissions are granted by default to all web applications

-// In addition, a web application will be given a read FilePermission

-// and JndiPermission for all files and directories in its document root.

-grant {

-    // Required for JNDI lookup of named JDBC DataSource's and

-    // javamail named MimePart DataSource used to send mail

-    permission java.util.PropertyPermission "java.home", "read";

-    permission java.util.PropertyPermission "java.naming.*", "read";

-    permission java.util.PropertyPermission "javax.sql.*", "read";

-

-    // OS Specific properties to allow read access

-    permission java.util.PropertyPermission "os.name", "read";

-    permission java.util.PropertyPermission "os.version", "read";

-    permission java.util.PropertyPermission "os.arch", "read";

-    permission java.util.PropertyPermission "file.separator", "read";

-    permission java.util.PropertyPermission "path.separator", "read";

-    permission java.util.PropertyPermission "line.separator", "read";

-

-    // JVM properties to allow read access

-    permission java.util.PropertyPermission "java.version", "read";

-    permission java.util.PropertyPermission "java.vendor", "read";

-    permission java.util.PropertyPermission "java.vendor.url", "read";

-    permission java.util.PropertyPermission "java.class.version", "read";

-    permission java.util.PropertyPermission "java.specification.version", "read";

-    permission java.util.PropertyPermission "java.specification.vendor", "read";

-    permission java.util.PropertyPermission "java.specification.name", "read";

-

-    permission java.util.PropertyPermission "java.vm.specification.version", "read";

-    permission java.util.PropertyPermission "java.vm.specification.vendor", "read";

-    permission java.util.PropertyPermission "java.vm.specification.name", "read";

-    permission java.util.PropertyPermission "java.vm.version", "read";

-    permission java.util.PropertyPermission "java.vm.vendor", "read";

-    permission java.util.PropertyPermission "java.vm.name", "read";

-

-    // Required for OpenJMX

-    permission java.lang.RuntimePermission "getAttribute";

-

-    // Allow read of JAXP compliant XML parser debug

-    permission java.util.PropertyPermission "jaxp.debug", "read";

-

-    // All JSPs need to be able to read this package

-    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat";

-

-    // Precompiled JSPs need access to these packages.

-    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.el";

-    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime";

-    permission java.lang.RuntimePermission

-     "accessClassInPackage.org.apache.jasper.runtime.*";

-

-    // Precompiled JSPs need access to these system properties.

-    permission java.util.PropertyPermission

-     "org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER", "read";

-    permission java.util.PropertyPermission

-     "org.apache.el.parser.COERCE_TO_ZERO", "read";

-

-    // The cookie code needs these.

-    permission java.util.PropertyPermission

-     "org.apache.catalina.STRICT_SERVLET_COMPLIANCE", "read";

-    permission java.util.PropertyPermission

-     "org.apache.tomcat.util.http.ServerCookie.STRICT_NAMING", "read";

-    permission java.util.PropertyPermission

-     "org.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR", "read";

-

-    // Applications using Comet need to be able to access this package

-    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.comet";

-

-    // Applications using the legacy WebSocket implementation need to be able to access this package

-    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.websocket";

-

-    // Applications using the JSR-356 WebSocket implementation need to be able to access these packages

-    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.websocket";

-    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.websocket.server";

-};

-

-

-// The Manager application needs access to the following packages to support the

-// session display functionality. These settings support the following

-// configurations:

-// - default CATALINA_HOME == CATALINA_BASE

-// - CATALINA_HOME != CATALINA_BASE, per instance Manager in CATALINA_BASE

-// - CATALINA_HOME != CATALINA_BASE, shared Manager in CATALINA_HOME

-grant codeBase "file:${catalina.base}/webapps/manager/-" {

-    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina";

-    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.ha.session";

-    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager";

-    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager.util";

-    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util";

-};

-grant codeBase "file:${catalina.home}/webapps/manager/-" {

-    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina";

-    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.ha.session";

-    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager";

-    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager.util";

-    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util";

-};

-

-// You can assign additional permissions to particular web applications by

-// adding additional "grant" entries here, based on the code base for that

-// application, /WEB-INF/classes/, or /WEB-INF/lib/ jar files.

-//

-// Different permissions can be granted to JSP pages, classes loaded from

-// the /WEB-INF/classes/ directory, all jar files in the /WEB-INF/lib/

-// directory, or even to individual jar files in the /WEB-INF/lib/ directory.

-//

-// For instance, assume that the standard "examples" application

-// included a JDBC driver that needed to establish a network connection to the

-// corresponding database and used the scrape taglib to get the weather from

-// the NOAA web server.  You might create a "grant" entries like this:

-//

-// The permissions granted to the context root directory apply to JSP pages.

-// grant codeBase "file:${catalina.base}/webapps/examples/-" {

-//      permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect";

-//      permission java.net.SocketPermission "*.noaa.gov:80", "connect";

-// };

-//

-// The permissions granted to the context WEB-INF/classes directory

-// grant codeBase "file:${catalina.base}/webapps/examples/WEB-INF/classes/-" {

-// };

-//

-// The permission granted to your JDBC driver

-// grant codeBase "jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/driver.jar!/-" {

-//      permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect";

-// };

-// The permission granted to the scrape taglib

-// grant codeBase "jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/scrape.jar!/-" {

-//      permission java.net.SocketPermission "*.noaa.gov:80", "connect";

-// };

-

+// Licensed to the Apache Software Foundation (ASF) under one or more
+// contributor license agreements.  See the NOTICE file distributed with
+// this work for additional information regarding copyright ownership.
+// The ASF licenses this file to You under the Apache License, Version 2.0
+// (the "License"); you may not use this file except in compliance with
+// the License.  You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// ============================================================================
+// catalina.policy - Security Policy Permissions for Tomcat 7
+//
+// This file contains a default set of security policies to be enforced (by the
+// JVM) when Catalina is executed with the "-security" option.  In addition
+// to the permissions granted here, the following additional permissions are
+// granted to each web application:
+//
+// * Read access to the web application's document root directory
+// * Read, write and delete access to the web application's working directory
+// ============================================================================
+
+
+// ========== SYSTEM CODE PERMISSIONS =========================================
+
+
+// These permissions apply to javac
+grant codeBase "file:${java.home}/lib/-" {
+        permission java.security.AllPermission;
+};
+
+// These permissions apply to all shared system extensions
+grant codeBase "file:${java.home}/jre/lib/ext/-" {
+        permission java.security.AllPermission;
+};
+
+// These permissions apply to javac when ${java.home] points at $JAVA_HOME/jre
+grant codeBase "file:${java.home}/../lib/-" {
+        permission java.security.AllPermission;
+};
+
+// These permissions apply to all shared system extensions when
+// ${java.home} points at $JAVA_HOME/jre
+grant codeBase "file:${java.home}/lib/ext/-" {
+        permission java.security.AllPermission;
+};
+
+
+// ========== CATALINA CODE PERMISSIONS =======================================
+
+
+// These permissions apply to the daemon code
+grant codeBase "file:${catalina.home}/bin/commons-daemon.jar" {
+        permission java.security.AllPermission;
+};
+
+// These permissions apply to the logging API
+// Note: If tomcat-juli.jar is in ${catalina.base} and not in ${catalina.home},
+// update this section accordingly.
+//  grant codeBase "file:${catalina.base}/bin/tomcat-juli.jar" {..}
+grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
+        permission java.io.FilePermission
+         "${java.home}${file.separator}lib${file.separator}logging.properties", "read";
+
+        permission java.io.FilePermission
+         "${catalina.base}${file.separator}conf${file.separator}logging.properties", "read";
+        permission java.io.FilePermission
+         "${catalina.base}${file.separator}logs", "read, write";
+        permission java.io.FilePermission
+         "${catalina.base}${file.separator}logs${file.separator}*", "read, write, delete";
+
+        permission java.lang.RuntimePermission "shutdownHooks";
+        permission java.lang.RuntimePermission "getClassLoader";
+        permission java.lang.RuntimePermission "setContextClassLoader";
+
+        permission java.util.logging.LoggingPermission "control";
+
+        permission java.util.PropertyPermission "java.util.logging.config.class", "read";
+        permission java.util.PropertyPermission "java.util.logging.config.file", "read";
+        permission java.util.PropertyPermission "org.apache.juli.ClassLoaderLogManager.debug", "read";
+        permission java.util.PropertyPermission "catalina.base", "read";
+
+        // Note: To enable per context logging configuration, permit read access to
+        // the appropriate file. Be sure that the logging configuration is
+        // secure before enabling such access.
+        // E.g. for the examples web application (uncomment and unwrap
+        // the following to be on a single line):
+        // permission java.io.FilePermission "${catalina.base}${file.separator}
+        //  webapps${file.separator}examples${file.separator}WEB-INF
+        //  ${file.separator}classes${file.separator}logging.properties", "read";
+};
+
+// These permissions apply to the server startup code
+grant codeBase "file:${catalina.home}/bin/bootstrap.jar" {
+        permission java.security.AllPermission;
+};
+
+// These permissions apply to the servlet API classes
+// and those that are shared across all class loaders
+// located in the "lib" directory
+grant codeBase "file:${catalina.home}/lib/-" {
+        permission java.security.AllPermission;
+};
+
+
+// If using a per instance lib directory, i.e. ${catalina.base}/lib,
+// then the following permission will need to be uncommented
+// grant codeBase "file:${catalina.base}/lib/-" {
+//         permission java.security.AllPermission;
+// };
+
+
+// ========== WEB APPLICATION PERMISSIONS =====================================
+
+
+// These permissions are granted by default to all web applications
+// In addition, a web application will be given a read FilePermission
+// and JndiPermission for all files and directories in its document root.
+grant {
+    // Required for JNDI lookup of named JDBC DataSource's and
+    // javamail named MimePart DataSource used to send mail
+    permission java.util.PropertyPermission "java.home", "read";
+    permission java.util.PropertyPermission "java.naming.*", "read";
+    permission java.util.PropertyPermission "javax.sql.*", "read";
+
+    // OS Specific properties to allow read access
+    permission java.util.PropertyPermission "os.name", "read";
+    permission java.util.PropertyPermission "os.version", "read";
+    permission java.util.PropertyPermission "os.arch", "read";
+    permission java.util.PropertyPermission "file.separator", "read";
+    permission java.util.PropertyPermission "path.separator", "read";
+    permission java.util.PropertyPermission "line.separator", "read";
+
+    // JVM properties to allow read access
+    permission java.util.PropertyPermission "java.version", "read";
+    permission java.util.PropertyPermission "java.vendor", "read";
+    permission java.util.PropertyPermission "java.vendor.url", "read";
+    permission java.util.PropertyPermission "java.class.version", "read";
+    permission java.util.PropertyPermission "java.specification.version", "read";
+    permission java.util.PropertyPermission "java.specification.vendor", "read";
+    permission java.util.PropertyPermission "java.specification.name", "read";
+
+    permission java.util.PropertyPermission "java.vm.specification.version", "read";
+    permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
+    permission java.util.PropertyPermission "java.vm.specification.name", "read";
+    permission java.util.PropertyPermission "java.vm.version", "read";
+    permission java.util.PropertyPermission "java.vm.vendor", "read";
+    permission java.util.PropertyPermission "java.vm.name", "read";
+
+    // Required for OpenJMX
+    permission java.lang.RuntimePermission "getAttribute";
+
+    // Allow read of JAXP compliant XML parser debug
+    permission java.util.PropertyPermission "jaxp.debug", "read";
+
+    // All JSPs need to be able to read this package
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat";
+
+    // Precompiled JSPs need access to these packages.
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.el";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime";
+    permission java.lang.RuntimePermission
+     "accessClassInPackage.org.apache.jasper.runtime.*";
+
+    // Precompiled JSPs need access to these system properties.
+    permission java.util.PropertyPermission
+     "org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER", "read";
+    permission java.util.PropertyPermission
+     "org.apache.el.parser.COERCE_TO_ZERO", "read";
+
+    // The cookie code needs these.
+    permission java.util.PropertyPermission
+     "org.apache.catalina.STRICT_SERVLET_COMPLIANCE", "read";
+    permission java.util.PropertyPermission
+     "org.apache.tomcat.util.http.ServerCookie.STRICT_NAMING", "read";
+    permission java.util.PropertyPermission
+     "org.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR", "read";
+
+    // Applications using Comet need to be able to access this package
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.comet";
+
+    // Applications using the legacy WebSocket implementation need to be able to access this package
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.websocket";
+
+    // Applications using the JSR-356 WebSocket implementation need to be able to access these packages
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.websocket";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.websocket.server";
+};
+
+
+// The Manager application needs access to the following packages to support the
+// session display functionality. It also requires the custom Tomcat
+// DeployXmlPermission to enable the use of META-INF/context.xml
+// These settings support the following configurations:
+// - default CATALINA_HOME == CATALINA_BASE
+// - CATALINA_HOME != CATALINA_BASE, per instance Manager in CATALINA_BASE
+// - CATALINA_HOME != CATALINA_BASE, shared Manager in CATALINA_HOME
+grant codeBase "file:${catalina.base}/webapps/manager/-" {
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.ha.session";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager.util";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util";
+    permission org.apache.catalina.security.DeployXmlPermission "manager";
+};
+grant codeBase "file:${catalina.home}/webapps/manager/-" {
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.ha.session";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager.util";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util";
+    permission org.apache.catalina.security.DeployXmlPermission "manager";
+};
+
+// The Host Manager application needs the custom Tomcat DeployXmlPermission to
+// enable the use of META-INF/context.xml
+// These settings support the following configurations:
+// - default CATALINA_HOME == CATALINA_BASE
+// - CATALINA_HOME != CATALINA_BASE, per instance Host Manager in CATALINA_BASE
+// - CATALINA_HOME != CATALINA_BASE, shared Host Manager in CATALINA_HOME
+grant codeBase "file:${catalina.base}/webapps/host-manager/-" {
+    permission org.apache.catalina.security.DeployXmlPermission "host-manager";
+};
+grant codeBase "file:${catalina.home}/webapps/host-manager/-" {
+    permission org.apache.catalina.security.DeployXmlPermission "host-manager";
+};
+
+
+// You can assign additional permissions to particular web applications by
+// adding additional "grant" entries here, based on the code base for that
+// application, /WEB-INF/classes/, or /WEB-INF/lib/ jar files.
+//
+// Different permissions can be granted to JSP pages, classes loaded from
+// the /WEB-INF/classes/ directory, all jar files in the /WEB-INF/lib/
+// directory, or even to individual jar files in the /WEB-INF/lib/ directory.
+//
+// For instance, assume that the standard "examples" application
+// included a JDBC driver that needed to establish a network connection to the
+// corresponding database and used the scrape taglib to get the weather from
+// the NOAA web server.  You might create a "grant" entries like this:
+//
+// The permissions granted to the context root directory apply to JSP pages.
+// grant codeBase "file:${catalina.base}/webapps/examples/-" {
+//      permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect";
+//      permission java.net.SocketPermission "*.noaa.gov:80", "connect";
+// };
+//
+// The permissions granted to the context WEB-INF/classes directory
+// grant codeBase "file:${catalina.base}/webapps/examples/WEB-INF/classes/-" {
+// };
+//
+// The permission granted to your JDBC driver
+// grant codeBase "jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/driver.jar!/-" {
+//      permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect";
+// };
+// The permission granted to the scrape taglib
+// grant codeBase "jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/scrape.jar!/-" {
+//      permission java.net.SocketPermission "*.noaa.gov:80", "connect";
+// };
+