Springboot -The AJP Connector is configured with secretRequired="true" but the secret attribute is either null or "" after upgrade to 2.2.5

Question 1

Springboot -The AJP Connector is configured with secretRequired="true" but the secret attribute is either null or "" after upgrade to 2.2.5

spring-boot tomcat9 ajp

Manjunath · Mar 3, 2020 · Viewed 40.5k times · Source

Answer

Answer

Navigate to the server.xml in tomcat :

Replace AJP with:

<Connector protocol="AJP/1.3" address="::1" port="8009"
           redirectPort="8443" secretRequired="false" />

But make sure that you understand the security implications of that (see Krzysztof Skrzynecki's answer for that).

Question 2

Caused by: java.lang.IllegalArgumentException: The AJP Connector is configured with secretRequired="true" but the secret attribute is either null or "". This combination is not valid. at org.apache.coyote.ajp.AbstractAjpProtocol.start(AbstractAjpProtocol.java:264) at org.apache.catalina.connector.Connector.startInternal(Connector.java:1035) ... 22 common frames omitted

I am seeing the above errors after upgrading the springboot from 2.1.9 to 2.2.5. The upgrade was necessary to overcome Ghostcat vulnerability by upgrading tomcat version to 9.0.31 which is being bundled with the latest springboot 2.2.5.

Springboot -The AJP Connector is configured with secretRequired="true" but the secret attribute is either null or "" after upgrade to 2.2.5

Answer

Related questions