eclipse Tomcat v7.0 加载异常 - 将 servlet ssi 标记为不可用
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/9845936/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Tomcat v7.0 Load Exception - Marking servlet ssi as unavailable
提问by Binko Caruso
New install of Tomcat v7.0 and Eclipse. Attempting to load SSI Servlet support. Have modified context.xml and web.xml as per Tomcat instructions.
Tomcat v7.0 和 Eclipse 的新安装。正在尝试加载 SSI Servlet 支持。按照 Tomcat 说明修改了 context.xml 和 web.xml。
Context.xml (relevant fragments shown):
Context.xml(显示相关片段):
<Context reloadable="true" privileged="true">
<!-- Default set of monitored resources -->
<WatchedResource>WEB-INF/web.xml</WatchedResource>
</Context>
web.xml (relevant fragments shown):
web.xml(显示相关片段):
<servlet>
<servlet-name>ssi</servlet-name>
<servlet-class>
org.apache.catalina.ssi.SSIServlet
</servlet-class>
<init-param>
<param-name>buffered</param-name>
<param-value>1</param-value>
</init-param>
<init-param>
<param-name>debug</param-name>
<param-value>0</param-value>
</init-param>
<init-param>
<param-name>expires</param-name>
<param-value>666</param-value>
</init-param>
<init-param>
<param-name>isVirtualWebappRelative</param-name>
<param-value>0</param-value>
</init-param>
<load-on-startup>4</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>ssi</servlet-name>
<url-pattern>*.shtml</url-pattern>
</servlet-mapping>
But I'm still getting the following Load Exception:
但我仍然收到以下加载异常:
Mar 23, 2012 12:06:00 PM org.apache.catalina.core.StandardContext loadOnStartup
SEVERE: Servlet threw load() exception
java.lang.SecurityException: Restricted class org.apache.catalina.ssi.SSIServlet
at
org.apache.catalina.core.DefaultInstanceManager.checkAccess(DefaultInstanceManager.java:548)
at org.apache.catalina.core.DefaultInstanceManager.checkAccess(DefaultInstanceManager.java:539)
at org.apache.catalina.core.DefaultInstanceManager.loadClassMaybePrivileged(DefaultInstanceManager.java:509)
at org.apache.catalina.core.DefaultInstanceManager.newInstance(DefaultInstanceManager.java:124)
at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1136)
at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1080)
at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5001)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5289)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1525)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1515)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
at java.util.concurrent.FutureTask.run(FutureTask.java:166)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:722)
Mar 23, 2012 12:06:00 PM org.apache.catalina.core.ApplicationContext log
INFO: Marking servlet ssi as unavailable
I've tried everything I can think of. Can anyone advise on how to fix this? thanks!
我已经尝试了所有我能想到的。任何人都可以就如何解决这个问题提出建议吗?谢谢!
回答by Ben
回答by KTys
I got the same problem with a different package: cgi instead of ssi. I will walk thru the solution I found to get past the error.
我用不同的包遇到了同样的问题:cgi 而不是 ssi。我将通过我找到的解决方案来克服错误。
As with OP, I had a clean install of Tomcat 7.0.27. I was testing CGI. Working thru the initial setup I kept getting the following:
与 OP 一样,我全新安装了 Tomcat 7.0.27。我正在测试 CGI。通过初始设置,我不断得到以下信息:
SEVERE: Servlet /TestTomcatApp threw load() exception
java.lang.SecurityException: Restricted class org.apache.catalina.servlets.CGIServlet
at org.apache.catalina.core.DefaultInstanceManager.checkAccess(DefaultInstanceManager.java:548 )
which is pretty much identical to the OP except for the class involved.
除了所涉及的类外,它与 OP 几乎相同。
I searched "Tomcat Restricted DefaultInstanceManager" and located [this java source code] [1]:
我搜索了“Tomcat Restricted DefaultInstanceManager”并找到了 [this java source code] [1]:
private void [More ...] checkAccess(Class<?> clazz, Properties restricted) {
while (clazz != null) {
if ("restricted".equals(restricted.getProperty(clazz.getName()))) {
throw new SecurityException("Restricted class" + clazz);
}
clazz = clazz.getSuperclass();
}
}
The Properties class (which can be hot-linked from the code page referenced) indicated the code was most likely reading a .properties file. So I was able to zero in on catalina.properties and catalina.policy. After a careful reading of the documentation in those two files, plus reference to the [Tomcat SecurityManager Doc][2] I realized I had to add a grant statement to the catalina.policy file:
Properties 类(可以从引用的代码页热链接)表明代码最有可能读取 .properties 文件。所以我能够将 catalina.properties 和 catalina.policy 归零。在仔细阅读了这两个文件中的文档,并参考了 [Tomcat SecurityManager Doc][2] 之后,我意识到我必须在 catalina.policy 文件中添加一条授权语句:
// The Manager application needs access to the following packages to support the
// session display functionality. These settings support the following
// configurations:
// - default CATALINA_HOME == CATALINA_BASE
// - CATALINA_HOME != CATALINA_BASE, per instance Manager in CATALINA_BASE
// - CATALINA_HOME != CATALINA_BASE, shared Manager in CATALINA_HOME
grant codeBase "file:${catalina.base}/webapps/manager/-" {
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.ha.session";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager.util";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util";
**permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.servlets.CGIServlet";**
};
grant codeBase "file:${catalina.home}/webapps/manager/-" {
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.ha.session";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager.util";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util";
**permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.servlets.CGIServlet";
};**
(My additions bolded)
(我的补充加粗)
After restarting Tomcat the error went away.
重新启动Tomcat后,错误消失了。
NOTE: I realized this entire problem must be driven by the security issues of running certain modules on Tomcat. My use is purely for testing on a single machine, and no production is anticipated in this mode.
注意:我意识到这整个问题必须由在 Tomcat 上运行某些模块的安全问题驱动。我的用途纯粹是在单机上测试,在这种模式下预计不会生产。
回答by Chris White
So just to confirm (as this works for me):
所以只是为了确认(因为这对我有用):
- Download Tomcat 7.0.26 (zip)
- Unpacked
- Amended ${TOMCAT_HOME)/conf/web.xml
- Uncommented the SSI servlet definition around line 276
- Uncommented the SSI servlet mapping around line 370
- Amended ${TOMCAT_HOME}/conf/tomcat-users.xml
- Added role for admin-gui
- Added user admin with admin-gui role
Added a simple ssi.shtml page to ${TOMCAT_HOME}/webapps/host-manager:
<!--#printenv -->
Started Tomcat, no errors, http://localhost:8080/host-manager/ssi.shtmlworks as expected
- 下载 Tomcat 7.0.26 (zip)
- 打开包装
- 修改了 ${TOMCAT_HOME)/conf/web.xml
- 取消注释第 276 行周围的 SSI servlet 定义
- 取消注释第 370 行周围的 SSI servlet 映射
- 修改了 ${TOMCAT_HOME}/conf/tomcat-users.xml
- 为 admin-gui 添加了角色
- 添加了具有 admin-gui 角色的用户 admin
向 ${TOMCAT_HOME}/webapps/host-manager 添加了一个简单的 ssi.shtml 页面:
<!--#printenv -->
启动Tomcat,没有错误,http://localhost:8080/host-manager/ssi.shtml正常工作
Finally - you are editing the context.xml of the web application, not the web.xml in ${TOMCAT_HOME}/conf folder - i guess so as your example has the WatchedResource element
最后 - 您正在编辑 web 应用程序的 context.xml,而不是 ${TOMCAT_HOME}/conf 文件夹中的 web.xml - 我想你的例子有 WatchedResource 元素
