Folks:
I'm seeing a warning in my logs when I use request.secret for the AJP
connector when I load the APR native libraries. The warning is:
WARNING: [SetAllPropertiesRule]{Server/Service/Connector}
Setting property 'request.secret' to 'somesillypassword' did not find a
matching property.
I'm running a three node Tomcat cluster for testing with the following
configuraiton:
OS: Fedora 15 32 bit
JVM: java version 1.6.0_31
Java(TM) SE Runtime Environment (build 1.6.0_31-b04)
Java HotSpot(TM) Client VM (build 20.6-b01, mixed mode, sharing)
Tomcat: 6.0.35
Native: 1.1.22
APR: apr-util-devel-1.3.12-1.fc15.i686 (Fedora RPM)
SSL: openssl-devel-1.0.0g-1.fc15.i686 (Fedora RPM)
If I load the native libraries with the following setenv.sh
(CATALINA_BASE and CATALINA_HOME are set in a parent script):
#!/bin/bash
JMX_PORT=9004
CATALINA_OPTS=-Djava.library.path=$CATALINA_HOME/bin/libs \
-Dcom.sun.management.jmxremote \
-Dcom.sun.management.jmxremote.port=$JMX_PORT \
-Dcom.sun.management.jmxremote.ssl=false \
-Dcom.sun.management.jmxremote.authenticate=false
JAVA_OPTS=-Dlog4j.home=$CATALINA_BASE/logs
export CATALINA_OPTS JAVA_OPTS
I get the WARNING message above.
If I comment out the native libraries and run the following setenv.sh
script:
#!/bin/bash
JMX_PORT=9004
# CATALINA_OPTS=-Djava.library.path=$CATALINA_HOME/bin/libs \
CATALINA_OPTS=-Dcom.sun.management.jmxremote \
-Dcom.sun.management.jmxremote.port=$JMX_PORT \
-Dcom.sun.management.jmxremote.ssl=false \
-Dcom.sun.management.jmxremote.authenticate=false
JAVA_OPTS=-Dlog4j.home=$CATALINA_BASE/logs
export CATALINA_OPTS JAVA_OPTS
I get a warning about not loading the native libraries, but no warning
about the connector.
Here's the snippet from my server.xml.
!-- Define an AJP 1.3 Connector on port 8019 --
Connector port=8019 protocol=AJP/1.3 redirectPort=8453
request.secret=somesillypassword
connectionTimeout=60
URIEncoding=UTF-8/
I'll post the entire server.xml if people think it's appropriate, but
since it has clustering and farm deployment in it, it's a bit long.
Here's the relevant portion of my workers.properties file:
worker.template.type=ajp13
worker.template.host=192.168.0.254
worker.template.socket_connect_timeout=5000
worker.template.socket_keepalive=true
worker.template.ping_mode=A
worker.template.ping_timeout=1
worker.template.connection_pool_minsize=0
worker.template.connection_pool_timeout=600
worker.template.reply_timeout=30
worker.template.recovery_options=3
worker.deimos.reference=worker.template
worker.deimos.port=8019
worker.lb.type=lb
worker.lb.error_escalation_time=0
worker.lb.max_reply_timeouts=10
worker.lb.balance_workers=deimos,mars,phobos
# work around a security issue
worker.lb.secret=somesillypassword
Snippets from httpd.conf:
# uses default DocumentRoot
VirtualHost *:80
ServerName phoenix.mdeggers.org
ServerAlias phoenix
ServerAlias localhost.localdomain
ServerAlias localhost
JkMountFile /etc/httpd/conf.d/uriworkermap.properties
/VirtualHost
And snippets from uriworkermap.properties
#
# RPets - a random pet generator / matcher / test application
#
/RPets=lb
/RPets/*=lb
Here's the really odd thing. Even with the native libraries loaded and
the warning message in catalina.out, the cluster works. I start up the
cluster and then go to http://localhost/RPets, and the
application works as expected.
If the warning is real and the attribute is discarded, I would expect
the application to be unavailable when the native libraries are loaded.
Is this just a spurious warning? I suspect that it is, because
otherwise the Apache HTTPD - Tomcat AJP (via mod_jk 1.2.32) shouldn't
work.
And yes I know, with Tomcat 6.0.35 the attribute is no longer
necessary.
I also tried this with Tomcat 6.0.29 and got the same results (and
there the attribute IS necessary to avoid a security issue).
Puzzled . . . .
/mde/
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
