From ab4c923130f2c882f45c01d48325e7d5a76320f0 Mon Sep 17 00:00:00 2001
From: kkolinko <kkolinko@13f79535-47bb-0310-9956-ffa450edef68>
Date: Sat, 5 Jun 2010 00:21:53 +0000
Subject: [PATCH] Update in-document copy of the default catalina.policy file

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@951621 13f79535-47bb-0310-9956-ffa450edef68
---
 webapps/docs/security-manager-howto.xml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/webapps/docs/security-manager-howto.xml b/webapps/docs/security-manager-howto.xml
index eb8787bcd..5d2bad5d9 100644
--- a/webapps/docs/security-manager-howto.xml
+++ b/webapps/docs/security-manager-howto.xml
@@ -269,6 +269,13 @@ grant codeBase "file:${catalina.home}/lib/-" {
 };
 
 
+// If using a per instance lib directory, i.e. ${catalina.base}/lib,
+// then the following permission will need to be uncommented
+// grant codeBase "file:${catalina.base}/lib/-" {
+//         permission java.security.AllPermission;
+// };
+
+
 // ========== WEB APPLICATION PERMISSIONS =====================================
 
 
@@ -327,6 +334,14 @@ grant {
     permission java.util.PropertyPermission
      "org.apache.el.parser.COERCE_TO_ZERO", "read";
 
+    // The cookie code needs these.
+    permission java.util.PropertyPermission
+     "org.apache.catalina.STRICT_SERVLET_COMPLIANCE", "read";
+    permission java.util.PropertyPermission
+     "org.apache.tomcat.util.http.ServerCookie.STRICT_NAMING", "read";
+    permission java.util.PropertyPermission
+     "org.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR", "read";
+
     // Applications using Comet need to be able to access this package
     permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.comet";
 };
-- 
2.11.0