jsp-api and servlet-api jars must NOT be deployed by your web app. They should be marked as provided but not deployed by your app.
The server rejects all jars that already belong to the server runtime (such as tomcat-**.jar, servlet**.jar). Consider substituting the CORS filter you're using for this one: https://goo.gl/ctQ7Fs
java.lang.ClassNotFoundException: CNTCT_D.class at java.net.URLClassLoader$1.run(URLClassLoader.java:202) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:190)