SecurityManager and permissions in waffle-jaas example

[abysas]

The example requires:

• to "package Waffle JARs, including waffle-jna-1.8.1.jar, guava-19.0.jar, jna-4.2.2.jar, jna-platform-4.2.2.jar, slf4j-1.7.21.jar and waffle-jaas.jar in the application's lib directory or copy them to Tomcat's lib".
• "start Tomcat with Security Manager enabled".

But:

1. no explanation is given why Security Manager is required and what consequences could be without it. Maybe I'm missing something?
2. Jaas.policy in demo war does not include permissions required when those jars are packaged in web application's lib directory. I tried to dissect those permissions and stopped after several hours of such futile investigation: there were simply too much permission entries to be added. Simple placing those jars into ${catalina.base}/lib folder were much easier though it doesn't easily aligns with development environment supported by IDE.

Would you please update the policy file with required entries when jars are placed in application's lib folder? Thank you!

[dblock]

SecurityManager is a more broad question, I think https://blog.frankel.ch/java-security-manager/ is a decent blog post about it. It effectively enables these .policy things. I'd appreciate some documentation updates wrt SM.

Can you please make these changes and PR them?