Re: issue faced in tomcat 8.5.51

2020-03-06 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256



On 3/4/20 05:55, Dave Ford wrote:
> On Fri, 2020-02-28 at 13:39 +, Rathore, Rajendra wrote:
>> Caused by: java.lang.IllegalArgumentException: The AJP Connector
>> is configured with secretRequired="true" but the secret attribute
>> is either null or "". This combination is not valid.
>
> Are you talking to this via an apache webserver using
> mod_proxy_ajp? Only, the current stable release of apache (2.4.41)
> doesn't support 'secret' AFAIK.
>
> See
>
> https://httpd.apache.org/docs/2.4/mod/mod_proxy_ajp.html
>
> and
>
> https://bz-he-de.apache.org/bugzilla/show_bug.cgi?id=53098
>
> Note the above 'bug' in Apache is only 12 years old :-(

It is actually just under 8 years old.

The initial release of Apache httpd 2.4 was on 2012-02-21 and this
enhancement request was filed by Dmitry on 2012-04-18, 2 months later.

The httpd team takes stability VERY seriously and it looks like there
was basically zero interest in applying this patch for the following
(nearly) 8 years.

Most AJP connections are being used as a proxying protocol across
"trusted" networks, and so the whole "secret" thing is just a small
band-aid to keep unauthorized users out.

The "secret" provides about as much security as putting a sign on the
front door of your home which says "please don't come in unless
invited," and then not bothering to put a lock on the door.

If you are considering locking-down your AJP endpoints by requiring a
"secret" then you are probably not really locking-down your AJP
endpoints. You are only pretending to do so.

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl5ikh8ACgkQHPApP6U8
pFjKyg//ZcmxLCDOobzXBldG3kzuMKTdiaVaCLmsf7AkD9AaTAU/Fu936vd2lxp9
6VoMicN7oCPXyYYpWvAyN7iSqNtDlv4wnNpvxI8PzC9ugdNRsjJ257mMzNxpw6PN
y1YPIbTOSiEvc/3i0ieZz/MoMMUiPvGEK2z/7fERnWPQxCCEmzROqoMZ2llEDPrx
xMMl2hjUwDZIEfxC7O4t0sL3FBlDk/vlYqbxY36zaA8XqlYwKGWdwghkzTnl8L4w
5Qt4PhZDSlkjQq4MP6FETc22lri0ccW9gr0M77xceuEh1jg5jhwfgu1t8rD47OZU
HauCFILgXK/Pmvel7HYdBz1HOM6lC+NB5m5DPjg6b3jNW2cuK5akysqrBlZXPEZy
0cqkNzA4erlc1GnwlGzd6ZdH63euJB4afQxvM2OsDxEJrqajZVst88gQIQ5rfxb8
bzn+Sw0uWjKXW/X9OmW8UORRNjL7YnU+oFZuTAlLPts1X71OQ+ikvOmCgsGlY4U+
dERxZGZUQWoQUCFN9KNJaZvdoWssIGTe0tN1Hix/OT8HvSp5eLU3MdgbDe0p28zW
zgaYYRIgQ6NkaWFoByAcLihumNaWE6fKJMn/rqQQGYof1a6WMVv+QZwK3EpTYCRx
sZ8ql0FiscazKvo1Em1DZiix19O3AtIPibOSl0OtQKUnZAaKinY=
=l0o1
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: issue faced in tomcat 8.5.51

2020-03-04 Thread Dave Ford
On Fri, 2020-02-28 at 13:39 +, Rathore, Rajendra wrote:
> Caused by: java.lang.IllegalArgumentException: The AJP Connector is
> configured with secretRequired="true" but the secret attribute is
> either null or "". This combination is not valid.

Are you talking to this via an apache webserver using mod_proxy_ajp?
Only, the current stable release of apache (2.4.41) doesn't support
'secret' AFAIK. 

See 

https://httpd.apache.org/docs/2.4/mod/mod_proxy_ajp.html

and

https://bz-he-de.apache.org/bugzilla/show_bug.cgi?id=53098

Note the above 'bug' in Apache is only 12 years old :-(

Dave



Re: issue faced in tomcat 8.5.51

2020-03-02 Thread tomcat/perl

On 02.03.2020 07:38, Rathore, Rajendra wrote:

Hi Calder/Team,

I set the below flag as false but still it will giving the same error.


If you really changed that attribute in the right place, and you restarted tomcat, it is 
quite unlikely that you would have the same error in the log.


But if you really do, could you please copy the latest Connector configuration here, and 
another new extract of the log showing the error ?

(Just copy/paste here please, not in an attachmemnt)



I am using Apache http server(with AJP worker) and tomcat configuration, Is am 
I missing something in configuration, please let me know?

Thanks and Regards,
Rajendra Rathore
9922701491

-Original Message-
From: calder 
Sent: Friday, February 28, 2020 7:41 PM
To: Tomcat Users List 
Subject: Re: issue faced in tomcat 8.5.51

External email from: users-return-269823-rarathore=ptc@tomcat.apache.org

On Fri, Feb 28, 2020, 07:39 Rathore, Rajendra  wrote:


Hi Team,

I am using below configuration in server.xml for tomcat



but I got below exception in start up time



< snip >





Caused by: java.lang.IllegalArgumentException:

The AJP Connector is configured with secretRequired="true" but the secret

attribute is either null or "". This combination is not valid







Please let me know what should I put to fix the issue, it will be very

helpful for me.

I am stuck because of the above issue, we are using Apache and tomcat
for serving the request.

Let me know if anything else required from my side.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



RE: issue faced in tomcat 8.5.51

2020-03-01 Thread Rathore, Rajendra
Hi Calder/Team,

I set the below flag as false but still it will giving the same error.

I am using Apache http server(with AJP worker) and tomcat configuration, Is am 
I missing something in configuration, please let me know?

Thanks and Regards,
Rajendra Rathore
9922701491

-Original Message-
From: calder  
Sent: Friday, February 28, 2020 7:41 PM
To: Tomcat Users List 
Subject: Re: issue faced in tomcat 8.5.51

External email from: users-return-269823-rarathore=ptc@tomcat.apache.org

On Fri, Feb 28, 2020, 07:39 Rathore, Rajendra  wrote:

> Hi Team,
>
> I am using below configuration in server.xml for tomcat
>
>  secretRequired="false" secure="false"  address="127.0.0.1"
>tomcatAuthentication="false" enableLookups="false"
> maxPostSize="-1" maxSavePostSize="8388608" maxParameterCount="-1"
>useBodyEncodingForURI="true" URIEncoding="UTF-8"
> backlog="100" packetSize="8192"
>maxThreads="320" minSpareThreads="8"/>
>
> but I got below exception in start up time
>

< snip >

>

Caused by: java.lang.IllegalArgumentException:

The AJP Connector is configured with secretRequired="true" but the secret
> attribute is either null or "". This combination is not valid
>





Please let me know what should I put to fix the issue, it will be very
> helpful for me.
>
> I am stuck because of the above issue, we are using Apache and tomcat 
> for serving the request.
>
> Let me know if anything else required from my side.
>


Re: issue faced in tomcat 8.5.51

2020-02-28 Thread tomcat/perl

On 28.02.2020 15:11, calder wrote:

On Fri, Feb 28, 2020, 07:39 Rathore, Rajendra  wrote:


Hi Team,

I am using below configuration in server.xml for tomcat



but I got below exception in start up time



< snip >





Caused by: java.lang.IllegalArgumentException:

The AJP Connector is configured with secretRequired="true" but the secret

attribute is either null or "". This combination is not valid






Please let me know what should I put to fix the issue, it will be very

helpful for me.



Sure, here you go : look carefully at the on-line documentation, in
http://tomcat.apache.org/tomcat-8.5-doc/config/ajp.html#Standard_Implementations

Note, for information : these attributes and values have *changed in 8.5.51*, compared to 
previous tomcat revisions.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: issue faced in tomcat 8.5.51

2020-02-28 Thread calder
On Fri, Feb 28, 2020, 07:39 Rathore, Rajendra  wrote:

> Hi Team,
>
> I am using below configuration in server.xml for tomcat
>
>  secretRequired="false" secure="false"  address="127.0.0.1"
>tomcatAuthentication="false" enableLookups="false"
> maxPostSize="-1" maxSavePostSize="8388608" maxParameterCount="-1"
>useBodyEncodingForURI="true" URIEncoding="UTF-8"
> backlog="100" packetSize="8192"
>maxThreads="320" minSpareThreads="8"/>
>
> but I got below exception in start up time
>

< snip >

>

Caused by: java.lang.IllegalArgumentException:

The AJP Connector is configured with secretRequired="true" but the secret
> attribute is either null or "". This combination is not valid
>





Please let me know what should I put to fix the issue, it will be very
> helpful for me.
>
> I am stuck because of the above issue, we are using Apache and tomcat for
> serving the request.
>
> Let me know if anything else required from my side.
>