I want in some specific apps to enable HttpHeaderSecurityFilter (I might
have some insecure applications at the same server).
I've edited web.xml of one application (not the tomcat/conf/web.xml file to
add this filter):
<filter>
<filter-name>httpHeaderSecurity</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</
filter-class>
<async-supported>true</async-supported>
<init-param>
<param-name>hstsMaxAgeSeconds</param-name>
<param-value>31536000</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>httpHeaderSecurity</filter-name>
<url-pattern>/*</url-pattern>
<url-pattern>/</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
But I've got the error message when running from Tomcat 8.0.9.0. This
happened in a development environment, this Tomcat was installed with
Netbeans 8.0.1.
08-Sep-2016 09:35:37.108 SEVERE [http-nio-8084-exec-7]
org.apache.catalina.core.StandardContext.filterStart Exception starting
filter httpHeaderSecurity
java.lang.ClassNotFoundException: org.apache.catalina.filters.
HttpHeaderSecurityFilter
at java.net.URLClassLoader$1.run(URLClassLoader.java:366)
at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
at java.lang.ClassLoader.loadClass(ClassLoader.java:425)
at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
at org.apache.catalina.core.DefaultInstanceManager.loadClass(
DefaultInstanceManager.java:540)
at org.apache.catalina.core.DefaultInstanceManager.
loadClassMaybePrivileged(DefaultInstanceManager.java:531)
at org.apache.catalina.core.DefaultInstanceManager.newInstance(
DefaultInstanceManager.java:150)
at org.apache.catalina.core.ApplicationFilterConfig.getFilter(
ApplicationFilterConfig.java:258)
at org.apache.catalina.core.ApplicationFilterConfig.<init>
(ApplicationFilterConfig.java:105)
at org.apache.catalina.core.StandardContext.filterStart(
StandardContext.java:4603)
at org.apache.catalina.core.StandardContext.startInternal(
StandardContext.java:5210)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.ContainerBase.addChildInternal(
ContainerBase.java:724)
at org.apache.catalina.core.ContainerBase.addChild(
ContainerBase.java:700)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:714)
at org.apache.catalina.startup.HostConfig.deployDescriptor(
HostConfig.java:581)
at org.apache.catalina.startup.HostConfig.deployApps(
HostConfig.java:455)
at org.apache.catalina.startup.HostConfig.check(HostConfig.java:1496)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(
NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(
DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(
BaseModelMBean.java:300)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(
DefaultMBeanServerInterceptor.java:819)
at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(
JmxMBeanServer.java:801)
at org.apache.catalina.manager.ManagerServlet.check(
ManagerServlet.java:1437)
at org.apache.catalina.manager.ManagerServlet.deploy(
ManagerServlet.java:884)
at org.apache.catalina.manager.ManagerServlet.doGet(
ManagerServlet.java:335)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:618)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
ApplicationFilterChain.java:291)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(
ApplicationFilterChain.java:206)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(
WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(
ApplicationFilterChain.java:206)
at org.netbeans.modules.web.monitor.server.MonitorFilter.
doFilter(MonitorFilter.java:393)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(
ApplicationFilterChain.java:206)
at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(
SetCharacterEncodingFilter.java:108)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(
ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(
StandardWrapperValve.java:219)
at org.apache.catalina.core.StandardContextValve.invoke(
StandardContextValve.java:106)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(
AuthenticatorBase.java:615)
at org.apache.catalina.core.StandardHostValve.invoke(
StandardHostValve.java:136)
at org.apache.catalina.valves.ErrorReportValve.invoke(
ErrorReportValve.java:79)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(
AbstractAccessLogValve.java:610)
at org.apache.catalina.core.StandardEngineValve.invoke(
StandardEngineValve.java:88)
at org.apache.catalina.connector.CoyoteAdapter.service(
CoyoteAdapter.java:526)
at org.apache.coyote.http11.AbstractHttp11Processor.process(
AbstractHttp11Processor.java:1078)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.
process(AbstractProtocol.java:655)
at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.
process(Http11NioProtocol.java:222)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.
doRun(NioEndpoint.java:1566)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.
run(NioEndpoint.java:1523)
at java.util.concurrent.ThreadPoolExecutor.runWorker(
ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(
ThreadPoolExecutor.java:615)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(
TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
What could be the reason Tomcat is displaying ClassNotFoundExpceiotn for
org.apache.catalina.filters.HttpHeaderSecurityFilter, since this exists
since Tomcat 7?
