Oops. Sometimes "SSI" and "SSL" get crossed. It's easy to misread "shtml" as "Secure HTML". Either that or maybe there's dirt on the screen near the base of the "I"_

Of course, SSI Apache-style is pointless, since
JSP's have an "include" facility that's as good or better. If you simply want SSI-type operations on ".shtml" pages, you can either:
A) front Tomcat with Apache (the high-performance approach)
B) Setup Tomcat's web.xml to interpret shtml's into JSP's (the sneaky approach)
Some people, when well-known sources tell them that fire will burn them, don't put their hands in the fire.
Some people, being skeptical, will put their hands in the fire, get burned, and learn not to put their hands in the fire.
And some people, believing that they know better than well-known sources, will claim it's a lie, put their hands in the fire, and continue to scream it's a lie even as their hands burn down to charred stumps.