On 14/02/2020 13:45, John Larsen wrote:
> Seems tomcat 9.0.31 has thrown me a curve and messed up my automation.
> Where can i understand this change better?
> "Rename the requiredSecret attribute of the AJP/1.3 Connector to secret and
> add a new attribute secretRequired that defaults to true. When
> secretRequired is truethe AJP/1.3 Connector will not start unless the secret
>  attribute is configured to a non-null, non-zero length String. (markt)"
> Or can i just change this to false? What it its purpose?

The purpose of that attribute is to stop you starting up Tomcat with an
AJP connector that is open to the world without stopping to think first.

AJP assumes all connecting clients are trusted.

You need to make sure that, through the combination of AJP
configuration, network configuratiom, etc. that this is the case.

If you describe your particular use case, we people on this list should
be able to provide you with recommended configuration options.


To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to