diff -up ./java/org/apache/coyote/ajp/AbstractAjpProtocol.java.orig ./java/org/apache/coyote/ajp/AbstractAjpProtocol.java
--- ./java/org/apache/coyote/ajp/AbstractAjpProtocol.java.orig 2020-03-12 13:33:31.792406379 -0400
+++ ./java/org/apache/coyote/ajp/AbstractAjpProtocol.java 2020-03-12 13:35:24.222117728 -0400
@@ -16,7 +16,6 @@
*/
package org.apache.coyote.ajp;
-import java.net.InetAddress;
import java.util.regex.Pattern;
import org.apache.coyote.AbstractProtocol;
@@ -49,8 +48,6 @@ public abstract class AbstractAjpProtoco
setConnectionTimeout(Constants.DEFAULT_CONNECTION_TIMEOUT);
// AJP does not use Send File
getEndpoint().setUseSendfile(false);
- // AJP listens on loopback by default
- getEndpoint().setAddress(InetAddress.getLoopbackAddress());
ConnectionHandler<S> cHandler = new ConnectionHandler<>(this);
setHandler(cHandler);
getEndpoint().setHandler(cHandler);
@@ -180,7 +177,7 @@ public abstract class AbstractAjpProtoco
}
- private boolean secretRequired = true;
+ private boolean secretRequired = false;
public void setSecretRequired(boolean secretRequired) {
this.secretRequired = secretRequired;
}
diff -up ./webapps/docs/changelog.xml.orig ./webapps/docs/changelog.xml
--- ./webapps/docs/changelog.xml.orig 2020-03-12 13:33:54.354348454 -0400
+++ ./webapps/docs/changelog.xml 2020-03-12 13:37:17.041828075 -0400
@@ -178,14 +178,10 @@
Disable (comment out in server.xml) the AJP/1.3 connector by default.
(markt)
</update>
- <update>
- Change the default bind address for the AJP/1.3 connector to be the
- loopback address. (markt)
- </update>
<add>
Rename the <code>requiredSecret</code> attribute of the AJP/1.3
Connector to <code>secret</code> and add a new attribute
- <code>secretRequired</code> that defaults to <code>true</code>. When
+ <code>secretRequired</code> that defaults to <code>false</code>. When
<code>secretRequired</code> is <code>true</code> the AJP/1.3 Connector
will not start unless the <code>secret</code> attribute is configured to
a non-null, non-zero length String. (markt)
diff -up ./webapps/docs/config/ajp.xml.orig ./webapps/docs/config/ajp.xml
--- ./webapps/docs/config/ajp.xml.orig 2020-03-12 13:34:10.383307302 -0400
+++ ./webapps/docs/config/ajp.xml 2020-03-12 13:36:17.617980639 -0400
@@ -315,7 +315,10 @@
<attribute name="address" required="false">
<p>For servers with more than one IP address, this attribute
specifies which address will be used for listening on the specified
- port. By default, the loopback address will be used.</p>
+ port. By default, this port will be used on all IP addresses
+ associated with the server. A value of <code>127.0.0.1</code>
+ indicates that the Connector will only listen on the loopback
+ interface.</p>
</attribute>
<attribute name="allowedRequestAttributesPattern" required="false">
@@ -465,7 +468,7 @@
<attribute name="secretRequired" required="false">
<p>If this attribute is <code>true</code>, the AJP Connector will only
start if the <strong>secret</strong> attribute is configured with a
- non-null, non-zero length value. The default value is <code>true</code>.
+ non-null, non-zero length value. The default value is <code>false</code>.
This attributue should only be set to <code>false</code> when the
Connector is used on a trusted network.</p>
</attribute>