File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Tomcat and the fly likes Security Exception while starting tomcat Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Security Exception while starting tomcat" Watch "Security Exception while starting tomcat" New topic

Security Exception while starting tomcat

Bharadwaj Adepu
Ranch Hand

Joined: Dec 30, 2007
Posts: 99
Hi am getting a security exception when i am trying to start the tomcat..
can any one please solve this?
What is the reason for this error?

Mar 12, 2008 11:27:57 AM org.apache.catalina.core.AprLifecycleListener init
INFO: The Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: C:\Program Files\Java\jdk1.5.0\bin;.;C:\WINDOWS\system32;C:\WINDOWS;D:\OraDb10g\bin;C:\Program Files\Java\jdk1.5.0\jre\bin;C:\Program Files\Java\jdk1.5.0\jre\bin\client;C:\Program Files\Java\jdk1.5.0\bin
Mar 12, 2008 11:27:57 AM org.apache.coyote.http11.Http11Protocol init
INFO: Initializing Coyote HTTP/1.1 on http-80
Mar 12, 2008 11:27:57 AM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 786 ms
Mar 12, 2008 11:27:57 AM org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
Mar 12, 2008 11:27:57 AM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/6.0.14
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(
at sun.reflect.DelegatingMethodAccessorImpl.invoke(
at java.lang.reflect.Method.invoke(
at org.apache.catalina.startup.Bootstrap.start(
at org.apache.catalina.startup.Bootstrap.main(
Caused by: java.lang.SecurityException: Servlet of class org.apache.catalina.servlets.InvokerServlet is privileged and cannot be loaded by this web application
at org.apache.catalina.core.StandardWrapper.loadServlet(
at org.apache.catalina.core.StandardWrapper.load(
at org.apache.catalina.core.StandardContext.loadOnStartup(
at org.apache.catalina.core.StandardContext.start(
at org.apache.catalina.core.ContainerBase.start(
at org.apache.catalina.core.StandardHost.start(
at org.apache.catalina.core.ContainerBase.start(
at org.apache.catalina.core.StandardEngine.start(
at org.apache.catalina.core.StandardService.start(
at org.apache.catalina.core.StandardServer.start(
at org.apache.catalina.startup.Catalina.start(
... 6 more

SCJP 1.5
Anubhav Anand
Ranch Hand

Joined: May 18, 2007
Posts: 341

As far as I know Invoker servlet, is condemned except for casual testing or development. Some people call it certifiably evil

You may like to view this link.

I suppose you have made the InvokerServlet as your servlet-class in the web.xml file.Something like

A way to reslove the privilege issue may be to have a context.xml file and include something like :

Well, as the verdict has it DON'T use InvokerServlet it is evil.
View this for more details.
An even better explanation is here JavaRanch FAQ-InvokerServlet
[ March 12, 2008: Message edited by: Anubhav Anand ]
subject: Security Exception while starting tomcat
It's not a secret anymore!