Re: issue faced in tomcat 8.5.51
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 3/4/20 05:55, Dave Ford wrote: > On Fri, 2020-02-28 at 13:39 +, Rathore, Rajendra wrote: >> Caused by: java.lang.IllegalArgumentException: The AJP Connector >> is configured with secretRequired="true" but the secret attribute >> is either null or "". This combination is not valid. > > Are you talking to this via an apache webserver using > mod_proxy_ajp? Only, the current stable release of apache (2.4.41) > doesn't support 'secret' AFAIK. > > See > > https://httpd.apache.org/docs/2.4/mod/mod_proxy_ajp.html > > and > > https://bz-he-de.apache.org/bugzilla/show_bug.cgi?id=53098 > > Note the above 'bug' in Apache is only 12 years old :-( It is actually just under 8 years old. The initial release of Apache httpd 2.4 was on 2012-02-21 and this enhancement request was filed by Dmitry on 2012-04-18, 2 months later. The httpd team takes stability VERY seriously and it looks like there was basically zero interest in applying this patch for the following (nearly) 8 years. Most AJP connections are being used as a proxying protocol across "trusted" networks, and so the whole "secret" thing is just a small band-aid to keep unauthorized users out. The "secret" provides about as much security as putting a sign on the front door of your home which says "please don't come in unless invited," and then not bothering to put a lock on the door. If you are considering locking-down your AJP endpoints by requiring a "secret" then you are probably not really locking-down your AJP endpoints. You are only pretending to do so. - -chris -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl5ikh8ACgkQHPApP6U8 pFjKyg//ZcmxLCDOobzXBldG3kzuMKTdiaVaCLmsf7AkD9AaTAU/Fu936vd2lxp9 6VoMicN7oCPXyYYpWvAyN7iSqNtDlv4wnNpvxI8PzC9ugdNRsjJ257mMzNxpw6PN y1YPIbTOSiEvc/3i0ieZz/MoMMUiPvGEK2z/7fERnWPQxCCEmzROqoMZ2llEDPrx xMMl2hjUwDZIEfxC7O4t0sL3FBlDk/vlYqbxY36zaA8XqlYwKGWdwghkzTnl8L4w 5Qt4PhZDSlkjQq4MP6FETc22lri0ccW9gr0M77xceuEh1jg5jhwfgu1t8rD47OZU HauCFILgXK/Pmvel7HYdBz1HOM6lC+NB5m5DPjg6b3jNW2cuK5akysqrBlZXPEZy 0cqkNzA4erlc1GnwlGzd6ZdH63euJB4afQxvM2OsDxEJrqajZVst88gQIQ5rfxb8 bzn+Sw0uWjKXW/X9OmW8UORRNjL7YnU+oFZuTAlLPts1X71OQ+ikvOmCgsGlY4U+ dERxZGZUQWoQUCFN9KNJaZvdoWssIGTe0tN1Hix/OT8HvSp5eLU3MdgbDe0p28zW zgaYYRIgQ6NkaWFoByAcLihumNaWE6fKJMn/rqQQGYof1a6WMVv+QZwK3EpTYCRx sZ8ql0FiscazKvo1Em1DZiix19O3AtIPibOSl0OtQKUnZAaKinY= =l0o1 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: issue faced in tomcat 8.5.51
On Fri, 2020-02-28 at 13:39 +, Rathore, Rajendra wrote: > Caused by: java.lang.IllegalArgumentException: The AJP Connector is > configured with secretRequired="true" but the secret attribute is > either null or "". This combination is not valid. Are you talking to this via an apache webserver using mod_proxy_ajp? Only, the current stable release of apache (2.4.41) doesn't support 'secret' AFAIK. See https://httpd.apache.org/docs/2.4/mod/mod_proxy_ajp.html and https://bz-he-de.apache.org/bugzilla/show_bug.cgi?id=53098 Note the above 'bug' in Apache is only 12 years old :-( Dave
Re: issue faced in tomcat 8.5.51
On 02.03.2020 07:38, Rathore, Rajendra wrote: Hi Calder/Team, I set the below flag as false but still it will giving the same error. If you really changed that attribute in the right place, and you restarted tomcat, it is quite unlikely that you would have the same error in the log. But if you really do, could you please copy the latest Connector configuration here, and another new extract of the log showing the error ? (Just copy/paste here please, not in an attachmemnt) I am using Apache http server(with AJP worker) and tomcat configuration, Is am I missing something in configuration, please let me know? Thanks and Regards, Rajendra Rathore 9922701491 -Original Message- From: calder Sent: Friday, February 28, 2020 7:41 PM To: Tomcat Users List Subject: Re: issue faced in tomcat 8.5.51 External email from: users-return-269823-rarathore=ptc@tomcat.apache.org On Fri, Feb 28, 2020, 07:39 Rathore, Rajendra wrote: Hi Team, I am using below configuration in server.xml for tomcat but I got below exception in start up time < snip > Caused by: java.lang.IllegalArgumentException: The AJP Connector is configured with secretRequired="true" but the secret attribute is either null or "". This combination is not valid Please let me know what should I put to fix the issue, it will be very helpful for me. I am stuck because of the above issue, we are using Apache and tomcat for serving the request. Let me know if anything else required from my side. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: issue faced in tomcat 8.5.51
Hi Calder/Team, I set the below flag as false but still it will giving the same error. I am using Apache http server(with AJP worker) and tomcat configuration, Is am I missing something in configuration, please let me know? Thanks and Regards, Rajendra Rathore 9922701491 -Original Message- From: calder Sent: Friday, February 28, 2020 7:41 PM To: Tomcat Users List Subject: Re: issue faced in tomcat 8.5.51 External email from: users-return-269823-rarathore=ptc@tomcat.apache.org On Fri, Feb 28, 2020, 07:39 Rathore, Rajendra wrote: > Hi Team, > > I am using below configuration in server.xml for tomcat > > secretRequired="false" secure="false" address="127.0.0.1" >tomcatAuthentication="false" enableLookups="false" > maxPostSize="-1" maxSavePostSize="8388608" maxParameterCount="-1" >useBodyEncodingForURI="true" URIEncoding="UTF-8" > backlog="100" packetSize="8192" >maxThreads="320" minSpareThreads="8"/> > > but I got below exception in start up time > < snip > > Caused by: java.lang.IllegalArgumentException: The AJP Connector is configured with secretRequired="true" but the secret > attribute is either null or "". This combination is not valid > Please let me know what should I put to fix the issue, it will be very > helpful for me. > > I am stuck because of the above issue, we are using Apache and tomcat > for serving the request. > > Let me know if anything else required from my side. >
Re: issue faced in tomcat 8.5.51
On 28.02.2020 15:11, calder wrote: On Fri, Feb 28, 2020, 07:39 Rathore, Rajendra wrote: Hi Team, I am using below configuration in server.xml for tomcat but I got below exception in start up time < snip > Caused by: java.lang.IllegalArgumentException: The AJP Connector is configured with secretRequired="true" but the secret attribute is either null or "". This combination is not valid Please let me know what should I put to fix the issue, it will be very helpful for me. Sure, here you go : look carefully at the on-line documentation, in http://tomcat.apache.org/tomcat-8.5-doc/config/ajp.html#Standard_Implementations Note, for information : these attributes and values have *changed in 8.5.51*, compared to previous tomcat revisions. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: issue faced in tomcat 8.5.51
On Fri, Feb 28, 2020, 07:39 Rathore, Rajendra wrote: > Hi Team, > > I am using below configuration in server.xml for tomcat > > secretRequired="false" secure="false" address="127.0.0.1" >tomcatAuthentication="false" enableLookups="false" > maxPostSize="-1" maxSavePostSize="8388608" maxParameterCount="-1" >useBodyEncodingForURI="true" URIEncoding="UTF-8" > backlog="100" packetSize="8192" >maxThreads="320" minSpareThreads="8"/> > > but I got below exception in start up time > < snip > > Caused by: java.lang.IllegalArgumentException: The AJP Connector is configured with secretRequired="true" but the secret > attribute is either null or "". This combination is not valid > Please let me know what should I put to fix the issue, it will be very > helpful for me. > > I am stuck because of the above issue, we are using Apache and tomcat for > serving the request. > > Let me know if anything else required from my side. >
