新安装的Tomcat v7.0和Eclipse。试图加载SSI Servlet支持。根据Tomcat说明修改了context.xml和web.xml。
Context.xml(显示相关片段):
<Context reloadable="true" privileged="true">
<!-- Default set of monitored resources -->
<WatchedResource>WEB-INF/web.xml</WatchedResource>
</Context>
web.xml(显示相关片段):
<servlet>
<servlet-name>ssi</servlet-name>
<servlet-class>
org.apache.catalina.ssi.SSIServlet
</servlet-class>
<init-param>
<param-name>buffered</param-name>
<param-value>1</param-value>
</init-param>
<init-param>
<param-name>debug</param-name>
<param-value>0</param-value>
</init-param>
<init-param>
<param-name>expires</param-name>
<param-value>666</param-value>
</init-param>
<init-param>
<param-name>isVirtualWebappRelative</param-name>
<param-value>0</param-value>
</init-param>
<load-on-startup>4</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>ssi</servlet-name>
<url-pattern>*.shtml</url-pattern>
</servlet-mapping>
但是我仍然遇到以下加载异常:
Mar 23, 2012 12:06:00 PM org.apache.catalina.core.StandardContext loadOnStartup
SEVERE: Servlet threw load() exception
java.lang.SecurityException: Restricted class org.apache.catalina.ssi.SSIServlet
at
org.apache.catalina.core.DefaultInstanceManager.checkAccess(DefaultInstanceManager.java:548)
at org.apache.catalina.core.DefaultInstanceManager.checkAccess(DefaultInstanceManager.java:539)
at org.apache.catalina.core.DefaultInstanceManager.loadClassMaybePrivileged(DefaultInstanceManager.java:509)
at org.apache.catalina.core.DefaultInstanceManager.newInstance(DefaultInstanceManager.java:124)
at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1136)
at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1080)
at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5001)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5289)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1525)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1515)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
at java.util.concurrent.FutureTask.run(FutureTask.java:166)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:722)
Mar 23, 2012 12:06:00 PM org.apache.catalina.core.ApplicationContext log
INFO: Marking servlet ssi as unavailable
我已经尝试了我能想到的一切。任何人都可以建议如何解决这个问题? 谢谢!
答案 0 :(得分:8)
我将privileged="true"属性添加到根目录的context.xml文件中的context元素。它为我解决了CGI的安全例外。
我通过this site找到了。
答案 1 :(得分:1)
我在使用不同的软件包时遇到了同样的问题:cgi而不是ssi。我将通过我发现的解决方案走过错误。
与OP一样,我有一个干净的Tomcat 7.0.27安装。我正在测试CGI。通过初始设置工作,我不断得到以下内容:
SEVERE: Servlet /TestTomcatApp threw load() exception
java.lang.SecurityException: Restricted class org.apache.catalina.servlets.CGIServlet
at org.apache.catalina.core.DefaultInstanceManager.checkAccess(DefaultInstanceManager.java:548 )
除了所涉及的类之外,它几乎与OP完全相同。
我搜索了“Tomcat Restricted DefaultInstanceManager”并找到了[这个java源代码] [1]:
private void [More ...] checkAccess(Class<?> clazz, Properties restricted) {
while (clazz != null) {
if ("restricted".equals(restricted.getProperty(clazz.getName()))) {
throw new SecurityException("Restricted class" + clazz);
}
clazz = clazz.getSuperclass();
}
}
Properties类(可以从引用的代码页进行热链接)表明代码很可能正在读取.properties文件。所以我能够将catalina.properties和catalina.policy归零。仔细阅读这两个文件中的文档后,再加上对[Tomcat SecurityManager Doc] [2]的引用,我意识到我必须在catalina.policy文件中添加一个grant语句:
// The Manager application needs access to the following packages to support the
// session display functionality. These settings support the following
// configurations:
// - default CATALINA_HOME == CATALINA_BASE
// - CATALINA_HOME != CATALINA_BASE, per instance Manager in CATALINA_BASE
// - CATALINA_HOME != CATALINA_BASE, shared Manager in CATALINA_HOME
grant codeBase "file:${catalina.base}/webapps/manager/-" {
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.ha.session";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager.util";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util";
**permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.servlets.CGIServlet";**
};
grant codeBase "file:${catalina.home}/webapps/manager/-" {
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.ha.session";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager.util";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util";
**permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.servlets.CGIServlet";
};**
(我的加法加粗)
重新启动Tomcat后,错误就消失了。
注意:我意识到整个问题必须由在Tomcat上运行某些模块的安全问题驱动。我的用途纯粹是用于在一台机器上进行测试,在这种模式下不会产生任何生产。
答案 2 :(得分:0)
所以只是为了确认(因为这对我有用):
在$ {TOMCAT_HOME} / webapps / host-manager中添加了一个简单的ssi.shtml页面:
&lt;! - #printenv - &gt;
启动Tomcat,没有错误,http://localhost:8080/host-manager/ssi.shtml按预期工作
最后 - 您正在编辑Web应用程序的context.xml,而不是$ {TOMCAT_HOME} / conf文件夹中的web.xml - 我想你的示例中有WatchedResource元素