Index: conf/catalina.policy
===================================================================
--- conf/catalina.policy.orig
+++ conf/catalina.policy
@@ -100,6 +100,7 @@ grant codeBase "file:${catalina.home}/bi
         //  ${file.separator}classes${file.separator}logging.properties", "read";
 };
 
+
 // These permissions apply to the server startup code
 grant codeBase "file:${catalina.home}/bin/bootstrap.jar" {
         permission java.security.AllPermission;
@@ -112,7 +113,6 @@ grant codeBase "file:${catalina.home}/li
         permission java.security.AllPermission;
 };
 
-
 // If using a per instance lib directory, i.e. ${catalina.base}/lib,
 // then the following permission will need to be uncommented
 // grant codeBase "file:${catalina.base}/lib/-" {
@@ -167,6 +167,9 @@ grant {
     permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat";
 
     // Precompiled JSPs need access to these packages.
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.servlet";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.compiler";
     permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.el";
     permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime";
     permission java.lang.RuntimePermission
@@ -233,6 +236,15 @@ grant codeBase "file:${catalina.home}/we
 };
 
 
+// Additional basic permissions for web applications.
+grant codeBase "file:/usr/share/java/tomcat-servlet-api.jar" {
+	permission java.security.AllPermission;
+};
+
+grant codeBase "file:/usr/share/java/tomcat-el-api.jar" {
+        permission java.security.AllPermission;
+};
+
 // You can assign additional permissions to particular web applications by
 // adding additional "grant" entries here, based on the code base for that
 // application, /WEB-INF/classes/, or /WEB-INF/lib/ jar files.
@@ -264,7 +276,6 @@ grant codeBase "file:${catalina.home}/we
 // grant codeBase "jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/scrape.jar!/-" {
 //      permission java.net.SocketPermission "*.noaa.gov:80", "connect";
 // };
-
 // To grant permissions for web applications using packed WAR files, use the
 // Tomcat specific WAR url scheme.
 //