Spring Boot 2 - AJP

后端 未结 2 991
无人及你
无人及你 2021-02-10 23:39

I added an connector for AJP to my spring boot 2 project

 @Bean
 public ServletWebServerFactory servletContainer() {
        TomcatServletWebServerFactory tomcat         


        
2条回答
  •  粉色の甜心
    2021-02-11 00:30

    We used the code of tomas answers for a longer time successfully but it stopped working after we had upgraded to a Spring Boot version > 2.2.4. We got this error message on startup:

    APPLICATION FAILED TO START

    Description:

    The Tomcat connector configured to listen on port 1234 failed to start. The port may already be in use or the connector may be misconfigured.

    Action:

    Verify the connector's configuration, identify and stop any process that's listening on port 1234, or configure this application to listen on another port.

    But the port was not used, so what was the problem?

    The issue was caused by the fix for the Ghostcat vulnerability of AJP in Tomcat that was included in Spring Boot 2.2.5.

    Now you have two options, either you use AJP with a secret:

    final Connector connector = new Connector("AJP/1.3");
    connector.setScheme("http");
    connector.setPort(ajpPort);
    connector.setAllowTrace(false);
    
    final AbstractAjpProtocol protocol = (AbstractAjpProtocol) connector.getProtocolHandler();
    connector.setSecure(true);
    protocol.setSecret(ajpSecret);
    
    

    or without one, but for that you have to explicitly set setSecretRequired to false:

    final Connector connector = new Connector("AJP/1.3");
    connector.setScheme("http");
    connector.setPort(ajpPort);
    connector.setAllowTrace(false);
    
    final AbstractAjpProtocol protocol = (AbstractAjpProtocol) connector.getProtocolHandler();
    connector.setSecure(false);
    protocol.setSecretRequired(false);
    

    Note: The later solution will make your tomcat vulnerable to Ghostcat again.

    For more information have a look at this thread: Springboot -The AJP Connector is configured with secretRequired="true" but the secret attribute is either null or "" after upgrade to 2.2.5

提交回复
热议问题