Allow webapps to access org.apache.jasper.el package.

I have looked through the package and I believe this change is safe although more eyes would be good. Without this permission, a handful of TCKs fail if tested with a security manager enabled.

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@721886 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/conf/catalina.policy b/conf/catalina.policy
index edb601b..f00aa60 100644 (file)
--- a/conf/catalina.policy
+++ b/conf/catalina.policy
@@ -14,7 +14,7 @@
 // limitations under the License.
 
 // ============================================================================
-// catalina.corepolicy - Security Policy Permissions for Tomcat @VERSION_MAJOR@
+// catalina.corepolicy - Security Policy Permissions for Tomcat 6
 //
 // This file contains a default set of security policies to be enforced (by the
 // JVM) when Catalina is executed with the "-security" option.  In addition
@@ -134,7 +134,8 @@ grant {
     // Allow read of JAXP compliant XML parser debug
     permission java.util.PropertyPermission "jaxp.debug", "read";
 
-    // Precompiled JSPs need access to this package.
+    // Precompiled JSPs need access to these packages.
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.el";
     permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime";
     permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime.*";