Tomcat 8.5.51 - Issues with secretRequired="false"

Question

The secretRequired="false" option added to AJP connector is server.xml. However, the connector does not start with Protocol handler start failed error. It is behind an Apache Server version 2.4.25.

    <Connector port="8009"
               address="127.0.0.1" tomcatAuthentication="false" URIEncoding="UTF-8" enableLookups="false"
               protocol="AJP/1.3" redirectPort="8663" connectionTimeout="600000" secretRequired="false" />

The error:

Caused by: java.lang.IllegalArgumentException: The AJP Connector is configured with secretRequired="true" but the secret attribute is either null or "". This combination is not valid.

Thanks

Do you happen to have a second AJP connector in server.xml? – Olaf Kock Mar 05 '20 at 19:50 — Olaf Kock, Mar 05 '20 at 19:50
No, there is only one AJP. There is also a HTTP connection. – imriss Mar 05 '20 at 20:07 — imriss, Mar 05 '20 at 20:07
In Tomcat 8.5.56 the issue is gone. – M46 Jun 16 '20 at 20:59 — M46, Jun 16 '20 at 20:59

score 9 · Accepted Answer · answered May 13 '20 at 20:29

9

Adding the address attribute and specifying the loopback address is what worked for me on Tomcat 8.5.54.

<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" address="0.0.0.0" secretRequired="false" />

answered May 13 '20 at 20:29

user6708591

149
1
6

score 3 · Answer 2 · edited May 06 '20 at 19:10

3

Tomcat 9.0.34 has that secretReqiured set to true by default now to address CVS issue.

See these URLs for details of this issue:
https://access.redhat.com/solutions/4851251 https://tomcat.apache.org/tomcat-9.0-doc/config/ajp.html https://github.com/spring-projects/spring-boot/issues/20377

edited May 06 '20 at 19:10

carbontax

2,124
22
36

answered Apr 30 '20 at 01:00

Lionel

31
2

You can see that in the original question the parameter is turned off. Are you saying that it is no longer possible to override the default? – carbontax May 06 '20 at 19:13

Tomcat 8.5.51 - Issues with secretRequired="false"

2 Answers2