Springboot -AJP连接器配置有secretRequired =“ true”。但秘密属性为null或“”升级到2.2.5之后 [英] Springboot -The AJP Connector is configured with secretRequired="true" but the secret attribute is either null or "" after upgrade to 2.2.5

问题描述

原因：java.lang.IllegalArgumentException：AJP连接器配置了secretRequired = true，但是secret属性为null或。此组合无效。在org.apache.catalina.connector.Connector.startInternal（Connector.java:1035）的org.apache.coyote.ajp.AbstractAjpProtocol.start（AbstractAjpProtocol.java:264）...省略了22个常见框架

Caused by: java.lang.IllegalArgumentException: The AJP Connector is configured with secretRequired="true" but the secret attribute is either null or "". This combination is not valid. at org.apache.coyote.ajp.AbstractAjpProtocol.start(AbstractAjpProtocol.java:264) at org.apache.catalina.connector.Connector.startInternal(Connector.java:1035) ... 22 common frames omitted

在将springboot从2.1.9升级到2.2.5之后，我看到了以上错误。升级是克服Ghostcat漏洞所必需的，方法是将tomcat版本升级到与最新的springboot 2.2.5捆绑在一起的9.0.31。

I am seeing the above errors after upgrading the springboot from 2.1.9 to 2.2.5. The upgrade was necessary to overcome Ghostcat vulnerability by upgrading tomcat version to 9.0.31 which is being bundled with the latest springboot 2.2.5.

推荐答案

这是一个解决方案，尽管可能不是最好的解决方案，但我的关注点不是这个，只是为了解决错误，我在Spring Boot 2.2.5.RELEASE版本上启用了AJP。
添加此内容：

Here is one solution, though probably not the best one, but my focus was not this, just to pass through the error, I was enabling AJP on Spring Boot 2.2.5.RELEASE version. Add this:

((AbstractAjpProtocol) ajpConnector.getProtocolHandler()).setSecretRequired(false);

AJP配置的完整课程：

My full class for AJP configuration:

package com.ssldemo.config;

import org.apache.catalina.connector.Connector;
import org.apache.coyote.ajp.AbstractAjpProtocol;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class TomcatConfiguration {

    @Value("${tomcat.ajp.port}")
    int ajpPort;

    @Value("${tomcat.ajp.remoteauthentication}")
    String remoteAuthentication;

    @Value("${tomcat.ajp.enabled}")
    boolean tomcatAjpEnabled;

    @Bean
    public TomcatServletWebServerFactory servletContainer() {

        TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory();
        if (tomcatAjpEnabled) {
            Connector ajpConnector = new Connector("AJP/1.3");
            ajpConnector.setPort(ajpPort);
            ajpConnector.setSecure(false);
            ajpConnector.setAllowTrace(false);
            ajpConnector.setScheme("http");
            ((AbstractAjpProtocol) ajpConnector.getProtocolHandler()).setSecretRequired(false);
            tomcat.addAdditionalTomcatConnectors(ajpConnector);
        }

        return tomcat;
    }

}

application.properties

application.properties

server.port=8082
tomcat.ajp.port=9090
tomcat.ajp.remoteauthentication=false
tomcat.ajp.enabled=true

这篇关于Springboot -AJP连接器配置有secretRequired =“ true”。但秘密属性为null或“”升级到2.2.5之后的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！