Springboot -The AJP Connector is configured with secretRequired="true" but the secret attribute is either null or "" after upgrade to 2.2.5

Manjunath picture Manjunath · Mar 3, 2020 · Viewed 40.5k times · Source

Caused by: java.lang.IllegalArgumentException: The AJP Connector is configured with secretRequired="true" but the secret attribute is either null or "". This combination is not valid. at org.apache.coyote.ajp.AbstractAjpProtocol.start(AbstractAjpProtocol.java:264) at org.apache.catalina.connector.Connector.startInternal(Connector.java:1035) ... 22 common frames omitted

I am seeing the above errors after upgrading the springboot from 2.1.9 to 2.2.5. The upgrade was necessary to overcome Ghostcat vulnerability by upgrading tomcat version to 9.0.31 which is being bundled with the latest springboot 2.2.5.

Answer

Jainender Chauhan picture Jainender Chauhan · Apr 7, 2020

Navigate to the server.xml in tomcat :

Replace AJP with:

<Connector protocol="AJP/1.3" address="::1" port="8009"
           redirectPort="8443" secretRequired="false" />

But make sure that you understand the security implications of that (see Krzysztof Skrzynecki's answer for that).