Details
-
Bug
-
Resolution: Unresolved
-
Low
-
None
-
7.0.0
-
None
-
3
-
Severity 2 - Major
-
Description
Issue Summary
When Bamboo is configured to run using the AJP protocol with Apache Tomcat 8.5.51 or higher (bundled with Bamboo 7.0 and newer) the connector will fail to start.
Steps to Reproduce
- Configure the AJP connector following the instructions on the server.xml file
- Start Bamboo
Expected Results
AJP connector will successfully start
Actual Results
The below exception is thrown in the <installation_directory>/logs/catalina.out file and the connector fails to start:
09-Dec-2020 10:52:10.649 SEVERE [main] org.apache.catalina.core.StandardService.startInternal Failed to start connector [Connector[AJP/1.3-8009]] org.apache.catalina.LifecycleException: Protocol handler start failed at org.apache.catalina.connector.Connector.startInternal(Connector.java:1057) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) at org.apache.catalina.core.StandardService.startInternal(StandardService.java:440) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:766) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) at org.apache.catalina.startup.Catalina.start(Catalina.java:688) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:343) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:474) Caused by: java.lang.IllegalArgumentException: The AJP Connector is configured with secretRequired="true" but the secret attribute is either null or "". This combination is not valid. at org.apache.coyote.ajp.AbstractAjpProtocol.start(AbstractAjpProtocol.java:274) at org.apache.catalina.connector.Connector.startInternal(Connector.java:1055) ... 12 more
This error is caused by Apache Tomcat 8.5.51 and newer having the secretRequired parameter set to true by default. When secretRequired is true the AJP/1.3 Connector will not start unless the secret attribute is configured to a non-null, non-zero length string.
Workaround
Add a secret variable on the AJP connector on server.xml configuration which matches the secret added on the AJP configuration at proxy level.
Another potential solution is to disable this requirement by specifying secretRequired="false" on the server.xml , however this is not recommended due to security concerns.