According to https://bugs.openjdk.java.net/browse/JDK-8021231, when "server:port" is defined in Deployment Rule Set file, app loaded from "server:port" will be matched, e.g:
 www.oracle.com:80 ==> any protocol, only port 80
This means app loaded from www.oracle.com with 80 port will match this rule.

But Local rules with server/port will be considered as invalid with jre8.

Steps to reproduce:
1) Install jre8-b108
2) Make sure you can access to internet or disable OCSP/CRL check from JCP
3) Rename http://sqeweb.us.oracle.com/net/sqenfs-1/export1/comp/jsn/users/crystal/DO_NOT_REMOVE_ME/jrebug/JawsLocalSecurityPolicy/lib/DeploymentRuleSet.jar.run-WithPort to DeploymentRuleSet.jar and copy it to deployment.system.home/.
To check whether DRS work, you can open JCP->Security->View the active Deployment Rule Set. You will see
<ruleset version="1.0">
  <rule>
     <id location="kgb.us.oracle.com:8080"/>
     <action permission="run"/>
  </rule>
<!-- block everything else -->
  <rule>
     <id/>
     <action permission="block" message="we don't want to run anything else"/>
  </rule>
</ruleset>

4) Load app: javaws http://kgb.us.oracle.com:8080/batJavaws/jnlp/testBAT.jnlp
5) If you see a dialog with title "Application Blocked" saying "invalid rule in Deployment Rule Set file", then this bug is reproduced. See attachment.

Expected behavior: app should be loaded successfully

Note:
1 Local rules with server/port works fine with 7u45
2 Local rules with protocol/server/port and protocol/server work fine with jre8

Steps to reproduce note1:
1) Install jre7u45
2) Make sure you can access to internet or disable OCSP/CRL check from JCP
3) Rename http://sqeweb.us.oracle.com/net/sqenfs-1/export1/comp/jsn/users/crystal/DO_NOT_REMOVE_ME/jrebug/JawsLocalSecurityPolicy/lib/DeploymentRuleSet.jar.run-WithPort to DeploymentRuleSet.jar and copy it to deployment.system.home/.
To check whether DRS work, you can open JCP->Security->View the active Deployment Rule Set. You will see
<ruleset version="1.0">
  <rule>
     <id location="kgb.us.oracle.com:8080"/>
     <action permission="run"/>
  </rule>
<!-- block everything else -->
  <rule>
     <id/>
     <action permission="block" message="we don't want to run anything else"/>
  </rule>
</ruleset>

4) Load app: javaws http://kgb.us.oracle.com:8080/batJavaws/jnlp/testBAT.jnlp
5) The app will be loaded successfully


Steps to reproduce note2:
1) Install jre8-b108
2) Make sure you can access to internet or disable OCSP/CRL check from JCP
3) Rename http://sqeweb.us.oracle.com/net/sqenfs-1/export1/comp/jsn/users/crystal/DO_NOT_REMOVE_ME/jrebug/JawsLocalSecurityPolicy/lib/DeploymentRuleSet.jar.run-WPWP to DeploymentRuleSet.jar and copy it to deployment.system.home/.
To check whether DRS work, you can open JCP->Security->View the active Deployment Rule Set. You will see
<ruleset version="1.0">
  <rule>
     <id location="http://kgb.us.oracle.com:8080"/>
     <action permission="run"/>
  </rule>
<!-- block everything else -->
  <rule>
     <id/>
     <action permission="block" message="we don't want to run anything else"/>
  </rule>
</ruleset>

4) Load app: javaws http://kgb.us.oracle.com:8080/batJavaws/jnlp/testBAT.jnlp
5) The app will be loaded successfully
6) The same for DRS with protocol/server defined
<ruleset version="1.0">
  <rule>
     <id location="http://kgb.us.oracle.com"/>
     <action permission="run"/>
  </rule>