I'm working with a security policy on Tomcat 6. I've successfully granted permissions to my entire webapp, but would like to grant some permissions only to specific classes. However, when I try this, my doPrivileged block receives an AccessControlException.
Because I've been successful granting to a more general code base, I went back to that codebase, and tested as I added each additional subdirectory. In this manner, the most specific grant I'm able to make work is:
grant codeBase "file:${catalina.home}/webapps/ROOT/WEB-INF/-" { ... }
If I add "classes/", as in:
grant codeBase "file:${catalina.home}/webapps/ROOT/WEB-INF/classes/-" { ... }
then I resume seeing the AccessControlException. The class I'm trying to allow is located beneath the classes directory. The webapp was deployed as a .war file, and unpacked by Tomcat.
What am I doing wrong here? I'm intending to follow the example provided in the catalina.policy provided with Tomcat.