问题描述
这是一个解决方案,尽管可能不是最好的解决方案,但是我的重点不是这个,只是为了解决错误,我在Spring Boot 2.2.5.RELEASE版本上启用了AJP。添加:
((AbstractAjpProtocol) ajpConnector.getProtocolHandler()).setSecretrequired(false);
我的AJP配置完整课程:
package com.ssldemo.config;import org.apache.catalina.connector.Connector;import org.apache.coyote.ajp.AbstractAjpProtocol;import org.springframework.beans.factory.annotation.Value;import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;@Configurationpublic class TomcatConfiguration {@Value("${tomcat.ajp.port}")int ajpPort;@Value("${tomcat.ajp.remoteauthentication}")String remoteAuthentication;@Value("${tomcat.ajp.enabled}")boolean tomcatAjpEnabled;@Beanpublic TomcatServletWebServerFactory servletContainer() {TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory();if (tomcatAjpEnabled) {Connector ajpConnector = new Connector("AJP/1.3");ajpConnector.setPort(ajpPort);ajpConnector.setSecure(false);ajpConnector.setAllowTrace(false);ajpConnector.setScheme("http");((AbstractAjpProtocol) ajpConnector.getProtocolHandler()).setSecretrequired(false);tomcat.addAdditionalTomcatConnectors(ajpConnector);}return tomcat;}}
application.properties
server.port=8082tomcat.ajp.port=9090tomcat.ajp.remoteauthentication=falsetomcat.ajp.enabled=true
解决方法
由以下原因导致:java.lang.IllegalArgumentException:AJP连接器配置了secretRequired =“
true”,但是secret属性为null或“”。此组合无效。在org.apache.catalina.connector.Connector.startInternal(Connector.java:1035)的org.apache.coyote.ajp.AbstractAjpProtocol.start(AbstractAjpProtocol.java:264)…省略了22个常见框架
将springboot从2.1.9升级到2.2.5后,我看到上述错误。升级是克服Ghostcat漏洞所必需的,方法是将tomcat版本升级到9.0.31,该版本已与最新的springboot
2.2.5捆绑在一起。