Caused by: java.lang.IllegalArgumentException: The AJP Connector is configured with secretRequired="true" but the secret attribute is either null or "". This combination is not valid. at org.apache.coyote.ajp.AbstractAjpProtocol.start(AbstractAjpProtocol.java:264) at org.apache.catalina.connector.Connector.startInternal(Connector.java:1035) ... 22 common frames omitted
I am seeing the above errors after upgrading the springboot from 2.1.9 to 2.2.5. The upgrade was necessary to overcome Ghostcat vulnerability by upgrading tomcat version to 9.0.31 which is being bundled with the latest springboot 2.2.5.
Here is one solution, though probably not the best one, but my focus was not this, just to pass through the error, I was enabling AJP on Spring Boot 2.2.5.RELEASE version. Add this:
((AbstractAjpProtocol) ajpConnector.getProtocolHandler()).setSecretRequired(false);
My full class for AJP configuration:
package com.ssldemo.config;
import org.apache.catalina.connector.Connector;
import org.apache.coyote.ajp.AbstractAjpProtocol;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class TomcatConfiguration {
@Value("${tomcat.ajp.port}")
int ajpPort;
@Value("${tomcat.ajp.remoteauthentication}")
String remoteAuthentication;
@Value("${tomcat.ajp.enabled}")
boolean tomcatAjpEnabled;
@Bean
public TomcatServletWebServerFactory servletContainer() {
TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory();
if (tomcatAjpEnabled) {
Connector ajpConnector = new Connector("AJP/1.3");
ajpConnector.setPort(ajpPort);
ajpConnector.setSecure(false);
ajpConnector.setAllowTrace(false);
ajpConnector.setScheme("http");
((AbstractAjpProtocol) ajpConnector.getProtocolHandler()).setSecretRequired(false);
tomcat.addAdditionalTomcatConnectors(ajpConnector);
}
return tomcat;
}
}
application.properties
server.port=8082
tomcat.ajp.port=9090
tomcat.ajp.remoteauthentication=false
tomcat.ajp.enabled=true
Worked for me with Spring Boot 2.2.6! Nice solution.
It's worth pointing out that above configuration reintroduce Ghostcat vulnerability which has been fixed by configuring AJP connector to
secretRequired="true"
by default! Secure configuration can be found e.g. access.redhat.com/solutions/4851251In case anyone else hits this problem you'll likely also get an error message along the lines of:
The Tomcat connector configured to listen on port 11001 failed to start. The port may already be in use or the connector may be misconfigured.
This is a lie, the port isn't bound and no amount of looking with netstat or rebooting will find anything.