Folks: I'm seeing a warning in my logs when I use request.secret for the AJP connector when I load the APR native libraries. The warning is:
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'request.secret' to 'somesillypassword' did not find a matching property. I'm running a three node Tomcat cluster for testing with the following configuraiton: OS: Fedora 15 32 bit JVM: java version "1.6.0_31" Java(TM) SE Runtime Environment (build 1.6.0_31-b04) Java HotSpot(TM) Client VM (build 20.6-b01, mixed mode, sharing) Tomcat: 6.0.35 Native: 1.1.22 APR: apr-util-devel-1.3.12-1.fc15.i686 (Fedora RPM) SSL: openssl-devel-1.0.0g-1.fc15.i686 (Fedora RPM) If I load the native libraries with the following setenv.sh (CATALINA_BASE and CATALINA_HOME are set in a parent script): #!/bin/bash JMX_PORT=9004 CATALINA_OPTS="-Djava.library.path=$CATALINA_HOME/bin/libs \ -Dcom.sun.management.jmxremote \ -Dcom.sun.management.jmxremote.port=$JMX_PORT \ -Dcom.sun.management.jmxremote.ssl=false \ -Dcom.sun.management.jmxremote.authenticate=false" JAVA_OPTS="-Dlog4j.home=$CATALINA_BASE/logs" export CATALINA_OPTS JAVA_OPTS I get the WARNING message above. If I comment out the native libraries and run the following setenv.sh script: #!/bin/bash JMX_PORT=9004 # CATALINA_OPTS="-Djava.library.path=$CATALINA_HOME/bin/libs \ CATALINA_OPTS="-Dcom.sun.management.jmxremote \ -Dcom.sun.management.jmxremote.port=$JMX_PORT \ -Dcom.sun.management.jmxremote.ssl=false \ -Dcom.sun.management.jmxremote.authenticate=false" JAVA_OPTS="-Dlog4j.home=$CATALINA_BASE/logs" export CATALINA_OPTS JAVA_OPTS I get a warning about not loading the native libraries, but no warning about the connector. Here's the snippet from my server.xml. <!-- Define an AJP 1.3 Connector on port 8019 --> <Connector port="8019" protocol="AJP/1.3" redirectPort="8453" request.secret="somesillypassword" connectionTimeout="600000" URIEncoding="UTF-8"/> I'll post the entire server.xml if people think it's appropriate, but since it has clustering and farm deployment in it, it's a bit long. Here's the relevant portion of my workers.properties file: worker.template.type=ajp13 worker.template.host=192.168.0.254 worker.template.socket_connect_timeout=5000 worker.template.socket_keepalive=true worker.template.ping_mode=A worker.template.ping_timeout=10000 worker.template.connection_pool_minsize=0 worker.template.connection_pool_timeout=600 worker.template.reply_timeout=300000 worker.template.recovery_options=3 worker.deimos.reference=worker.template worker.deimos.port=8019 worker.lb.type=lb worker.lb.error_escalation_time=0 worker.lb.max_reply_timeouts=10 worker.lb.balance_workers=deimos,mars,phobos # work around a security issue worker.lb.secret=somesillypassword Snippets from httpd.conf: # uses default DocumentRoot <VirtualHost *:80> ServerName phoenix.mdeggers.org ServerAlias phoenix ServerAlias localhost.localdomain ServerAlias localhost JkMountFile /etc/httpd/conf.d/uriworkermap.properties </VirtualHost> And snippets from uriworkermap.properties # # RPets - a random pet generator / matcher / test application # /RPets=lb /RPets/*=lb Here's the really odd thing. Even with the native libraries loaded and the warning message in catalina.out, the cluster works. I start up the cluster and then go to http://localhost/RPets, and the application works as expected. If the warning is real and the attribute is discarded, I would expect the application to be unavailable when the native libraries are loaded. Is this just a spurious warning? I suspect that it is, because otherwise the Apache HTTPD - Tomcat AJP (via mod_jk 1.2.32) shouldn't work. And yes I know, with Tomcat 6.0.35 the attribute is no longer necessary. I also tried this with Tomcat 6.0.29 and got the same results (and there the attribute IS necessary to avoid a security issue). Puzzled . . . . /mde/ --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org