Spring Boot 2 - AJP

Question

I added an connector for AJP to my spring boot 2 project

 @Bean
 public ServletWebServerFactory servletContainer() {
        TomcatServletWebServerFactory tomcat         


        

Answer 1

We used the code of tomas answers for a longer time successfully but it stopped working after we had upgraded to a Spring Boot version > 2.2.4. We got this error message on startup:

APPLICATION FAILED TO START

Description:

The Tomcat connector configured to listen on port 1234 failed to start. The port may already be in use or the connector may be misconfigured.

Action:

Verify the connector's configuration, identify and stop any process that's listening on port 1234, or configure this application to listen on another port.

But the port was not used, so what was the problem?

The issue was caused by the fix for the Ghostcat vulnerability of AJP in Tomcat that was included in Spring Boot 2.2.5.

Now you have two options, either you use AJP with a secret:

final Connector connector = new Connector("AJP/1.3");
connector.setScheme("http");
connector.setPort(ajpPort);
connector.setAllowTrace(false);

final AbstractAjpProtocol protocol = (AbstractAjpProtocol) connector.getProtocolHandler();
connector.setSecure(true);
protocol.setSecret(ajpSecret);

or without one, but for that you have to explicitly set setSecretRequired to false:

final Connector connector = new Connector("AJP/1.3");
connector.setScheme("http");
connector.setPort(ajpPort);
connector.setAllowTrace(false);

final AbstractAjpProtocol protocol = (AbstractAjpProtocol) connector.getProtocolHandler();
connector.setSecure(false);
protocol.setSecretRequired(false);

Note: The later solution will make your tomcat vulnerable to Ghostcat again.

For more information have a look at this thread: Springboot -The AJP Connector is configured with secretRequired="true" but the secret attribute is either null or "" after upgrade to 2.2.5

Answer 2

This works for me:

    @Bean
    public WebServerFactoryCustomizer<TomcatServletWebServerFactory> servletContainer() {
      return server -> {
        if (server instanceof TomcatServletWebServerFactory) {
            ((TomcatServletWebServerFactory) server).addAdditionalTomcatConnectors(redirectConnector());
        }
      };
    }

    private Connector redirectConnector() {
       Connector connector = new Connector("AJP/1.3");
       connector.setScheme("http");
       connector.setPort(ajpPort);
       connector.setSecure(false);
       connector.setAllowTrace(false);
       return connector;
    }