Tomcat v7.0 Load Exception - Marking servlet ssi as unavailable

Question

New install of Tomcat v7.0 and Eclipse. Attempting to load SSI Servlet support. Have modified context.xml and web.xml as per Tomcat instructions.

Context.xml (relevant fragments shown):

<Context reloadable="true" privileged="true">

    <!-- Default set of monitored resources -->
    <WatchedResource>WEB-INF/web.xml</WatchedResource>


</Context>

web.xml (relevant fragments shown):

   <servlet>
        <servlet-name>ssi</servlet-name>
        <servlet-class>
          org.apache.catalina.ssi.SSIServlet
        </servlet-class>
        <init-param>
          <param-name>buffered</param-name>
          <param-value>1</param-value>
        </init-param>
        <init-param>
          <param-name>debug</param-name>
          <param-value>0</param-value>
        </init-param>
        <init-param>
          <param-name>expires</param-name>
          <param-value>666</param-value>
        </init-param>
        <init-param>
          <param-name>isVirtualWebappRelative</param-name>
          <param-value>0</param-value>
        </init-param>
        <load-on-startup>4</load-on-startup>
    </servlet>

    <servlet-mapping>
        <servlet-name>ssi</servlet-name>
        <url-pattern>*.shtml</url-pattern>
    </servlet-mapping>

But I'm still getting the following Load Exception:

Mar 23, 2012 12:06:00 PM org.apache.catalina.core.StandardContext loadOnStartup
SEVERE: Servlet  threw load() exception
java.lang.SecurityException: Restricted class org.apache.catalina.ssi.SSIServlet
    at 

org.apache.catalina.core.DefaultInstanceManager.checkAccess(DefaultInstanceManager.java:548)
        at org.apache.catalina.core.DefaultInstanceManager.checkAccess(DefaultInstanceManager.java:539)
    at org.apache.catalina.core.DefaultInstanceManager.loadClassMaybePrivileged(DefaultInstanceManager.java:509)
    at org.apache.catalina.core.DefaultInstanceManager.newInstance(DefaultInstanceManager.java:124)
    at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1136)
    at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1080)
    at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5001)
    at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5289)
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
    at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1525)
    at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1515)
    at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
    at java.util.concurrent.FutureTask.run(FutureTask.java:166)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
    at java.lang.Thread.run(Thread.java:722)

Mar 23, 2012 12:06:00 PM org.apache.catalina.core.ApplicationContext log
INFO: Marking servlet ssi as unavailable

I've tried everything I can think of. Can anyone advise on how to fix this? thanks!

Answer 1

I added the privileged="true" attribute to the context element in the context.xml file at the root. It solved the security exception for CGI for me.

I found that through this site.

Answer 2

I got the same problem with a different package: cgi instead of ssi. I will walk thru the solution I found to get past the error.

As with OP, I had a clean install of Tomcat 7.0.27. I was testing CGI. Working thru the initial setup I kept getting the following:

SEVERE: Servlet /TestTomcatApp threw load() exception
java.lang.SecurityException: Restricted class org.apache.catalina.servlets.CGIServlet
at       org.apache.catalina.core.DefaultInstanceManager.checkAccess(DefaultInstanceManager.java:548    )

which is pretty much identical to the OP except for the class involved.

I searched "Tomcat Restricted DefaultInstanceManager" and located [this java source code] [1]:

private void  [More ...] checkAccess(Class<?> clazz, Properties restricted) {
    while (clazz != null) {
        if ("restricted".equals(restricted.getProperty(clazz.getName()))) {
            throw new SecurityException("Restricted class" + clazz);
        }
        clazz = clazz.getSuperclass();
    }
}

The Properties class (which can be hot-linked from the code page referenced) indicated the code was most likely reading a .properties file. So I was able to zero in on catalina.properties and catalina.policy. After a careful reading of the documentation in those two files, plus reference to the [Tomcat SecurityManager Doc][2] I realized I had to add a grant statement to the catalina.policy file:

// The Manager application needs access to the following packages to support the
// session display functionality. These settings support the following
// configurations:
// - default CATALINA_HOME == CATALINA_BASE
// - CATALINA_HOME != CATALINA_BASE, per instance Manager in CATALINA_BASE
// - CATALINA_HOME != CATALINA_BASE, shared Manager in CATALINA_HOME
grant codeBase "file:${catalina.base}/webapps/manager/-" {
    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina";
    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.ha.session";
    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager";
    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager.util";
    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util";
    **permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.servlets.CGIServlet";**

};
grant codeBase "file:${catalina.home}/webapps/manager/-" {
    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina";
    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.ha.session";
    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager";
    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager.util";
    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util";
    **permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.servlets.CGIServlet";
};**

(My additions bolded)

After restarting Tomcat the error went away.

NOTE: I realized this entire problem must be driven by the security issues of running certain modules on Tomcat. My use is purely for testing on a single machine, and no production is anticipated in this mode.

[1] http://grepcode.com/file/repo1.maven.org/maven2/org.apache.tomcat/tomcat-catalina/7.0.0/org/apache/catalina/core/DefaultInstanceManager.java#DefaultInstanceManager.checkAccess%28java.lang.Class%29

[2] http://tomcat.apache.org/tomcat-7.0-doc/security-manager-howto.html#Configuring_Tomcat_With_A_SecurityManager