This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/7.0.x by this push:
new 0d633e7 Change the default bind address for AJP to the loopback
address
0d633e7 is described below
commit 0d633e72ebc7b3c242d0081c23bba5e4dacd9b72
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue Jan 21 13:02:13 2020 +0000
Change the default bind address for AJP to the loopback address
---
java/org/apache/coyote/ajp/AjpAprProtocol.java | 2 ++
java/org/apache/coyote/ajp/AjpNioProtocol.java | 2 ++
java/org/apache/coyote/ajp/AjpProtocol.java | 2 ++
java/org/apache/tomcat/util/compat/Jre7Compat.java | 19 +++++++++++++++
java/org/apache/tomcat/util/compat/JreCompat.java | 28 ++++++++++++++++++++++
webapps/docs/changelog.xml | 4 ++++
webapps/docs/config/ajp.xml | 5 +---
7 files changed, 58 insertions(+), 4 deletions(-)
diff --git a/java/org/apache/coyote/ajp/AjpAprProtocol.java
b/java/org/apache/coyote/ajp/AjpAprProtocol.java
index 7b4a825..418d2ca 100644
--- a/java/org/apache/coyote/ajp/AjpAprProtocol.java
+++ b/java/org/apache/coyote/ajp/AjpAprProtocol.java
@@ -20,6 +20,7 @@ import org.apache.coyote.AbstractProtocol;
import org.apache.coyote.Processor;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.compat.JreCompat;
import org.apache.tomcat.util.net.AbstractEndpoint;
import org.apache.tomcat.util.net.AprEndpoint;
import org.apache.tomcat.util.net.AprEndpoint.Handler;
@@ -61,6 +62,7 @@ public class AjpAprProtocol extends AbstractAjpProtocol<Long>
{
public AjpAprProtocol() {
endpoint = new AprEndpoint();
+ endpoint.setAddress(JreCompat.getInstance().getLoopbackAddress());
cHandler = new AjpConnectionHandler(this);
((AprEndpoint) endpoint).setHandler(cHandler);
setSoLinger(Constants.DEFAULT_CONNECTION_LINGER);
diff --git a/java/org/apache/coyote/ajp/AjpNioProtocol.java
b/java/org/apache/coyote/ajp/AjpNioProtocol.java
index 741cb22..8668323 100644
--- a/java/org/apache/coyote/ajp/AjpNioProtocol.java
+++ b/java/org/apache/coyote/ajp/AjpNioProtocol.java
@@ -23,6 +23,7 @@ import org.apache.coyote.AbstractProtocol;
import org.apache.coyote.Processor;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.compat.JreCompat;
import org.apache.tomcat.util.net.AbstractEndpoint;
import org.apache.tomcat.util.net.NioChannel;
import org.apache.tomcat.util.net.NioEndpoint;
@@ -56,6 +57,7 @@ public class AjpNioProtocol extends
AbstractAjpProtocol<NioChannel> {
public AjpNioProtocol() {
endpoint = new NioEndpoint();
+ endpoint.setAddress(JreCompat.getInstance().getLoopbackAddress());
cHandler = new AjpConnectionHandler(this);
((NioEndpoint) endpoint).setHandler(cHandler);
setSoLinger(Constants.DEFAULT_CONNECTION_LINGER);
diff --git a/java/org/apache/coyote/ajp/AjpProtocol.java
b/java/org/apache/coyote/ajp/AjpProtocol.java
index 50f6f58..69c24eb 100644
--- a/java/org/apache/coyote/ajp/AjpProtocol.java
+++ b/java/org/apache/coyote/ajp/AjpProtocol.java
@@ -22,6 +22,7 @@ import org.apache.coyote.AbstractProtocol;
import org.apache.coyote.Processor;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.compat.JreCompat;
import org.apache.tomcat.util.net.AbstractEndpoint;
import org.apache.tomcat.util.net.JIoEndpoint;
import org.apache.tomcat.util.net.JIoEndpoint.Handler;
@@ -57,6 +58,7 @@ public class AjpProtocol extends AbstractAjpProtocol<Socket> {
public AjpProtocol() {
endpoint = new JIoEndpoint();
+ endpoint.setAddress(JreCompat.getInstance().getLoopbackAddress());
cHandler = new AjpConnectionHandler(this);
((JIoEndpoint) endpoint).setHandler(cHandler);
setSoLinger(Constants.DEFAULT_CONNECTION_LINGER);
diff --git a/java/org/apache/tomcat/util/compat/Jre7Compat.java
b/java/org/apache/tomcat/util/compat/Jre7Compat.java
index 43513a9..d469f48 100644
--- a/java/org/apache/tomcat/util/compat/Jre7Compat.java
+++ b/java/org/apache/tomcat/util/compat/Jre7Compat.java
@@ -20,6 +20,7 @@ import java.io.OutputStream;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
+import java.net.InetAddress;
import java.sql.CallableStatement;
import java.sql.Connection;
import java.sql.DatabaseMetaData;
@@ -56,6 +57,7 @@ class Jre7Compat extends JreCompat {
private static final Method resultSetGetObjectName;
private static final Method statementCloseOnCompletion;
private static final Method statementIsCloseOnCompletion;
+ private static final Method getLoopbackAddress;
static {
Method m1 = null;
@@ -72,6 +74,7 @@ class Jre7Compat extends JreCompat {
Method m12 = null;
Method m13 = null;
Method m14 = null;
+ Method m15 = null;
Constructor<GZIPOutputStream> c = null;
try {
// Order is important for the error handling below.
@@ -91,6 +94,7 @@ class Jre7Compat extends JreCompat {
m12 = ResultSet.class.getMethod("getObject", String.class,
Class.class);
m13 = Statement.class.getMethod("closeOnCompletion");
m14 = Statement.class.getMethod("isCloseOnCompletion");
+ m15 = InetAddress.class.getMethod("getLoopbackAddress");
} catch (SecurityException e) {
// Should never happen
log.error(sm.getString("jre7Compat.unexpected"), e);
@@ -118,6 +122,7 @@ class Jre7Compat extends JreCompat {
resultSetGetObjectName = m12;
statementCloseOnCompletion = m13;
statementIsCloseOnCompletion = m14;
+ getLoopbackAddress = m15;
}
@@ -353,6 +358,20 @@ class Jre7Compat extends JreCompat {
}
+ @Override
+ public InetAddress getLoopbackAddress() {
+ try {
+ return (InetAddress) getLoopbackAddress.invoke(null);
+ } catch (IllegalArgumentException e) {
+ throw new UnsupportedOperationException(e);
+ } catch (IllegalAccessException e) {
+ throw new UnsupportedOperationException(e);
+ } catch (InvocationTargetException e) {
+ throw new UnsupportedOperationException(e);
+ }
+ }
+
+
// Java 9 methods
@Override
diff --git a/java/org/apache/tomcat/util/compat/JreCompat.java
b/java/org/apache/tomcat/util/compat/JreCompat.java
index b3ba44f..e7a3b4f 100644
--- a/java/org/apache/tomcat/util/compat/JreCompat.java
+++ b/java/org/apache/tomcat/util/compat/JreCompat.java
@@ -21,8 +21,10 @@ import java.io.IOException;
import java.io.OutputStream;
import java.lang.reflect.AccessibleObject;
import java.lang.reflect.Method;
+import java.net.InetAddress;
import java.net.URL;
import java.net.URLConnection;
+import java.net.UnknownHostException;
import java.sql.CallableStatement;
import java.sql.Connection;
import java.sql.DatabaseMetaData;
@@ -232,6 +234,32 @@ public class JreCompat {
}
+ public InetAddress getLoopbackAddress() {
+ // Javadoc for getByName() states that calling with null will return
one
+ // of the loopback addresses
+ InetAddress result = null;
+ try {
+ result = InetAddress.getByName(null);
+ } catch (UnknownHostException e) {
+ // This would be unusual but ignore it in this case.
+ }
+ if (result == null) {
+ // Fallback to default IPv4 loopback address.
+ // Not perfect but good enough and if the address is not valid the
+ // bind will fail later with an appropriate error message
+ try {
+ result = InetAddress.getByName("127.0.0.1");
+ } catch (UnknownHostException e) {
+ // Unreachable.
+ // For text representations of IP addresses only the format is
+ // checked.
+ }
+ }
+
+ return result;
+ }
+
+
// Java 6 implementation of Java 8 methods
public static boolean isJre8Available() {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 584867a..6760df4 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -143,6 +143,10 @@
Disable (comment out in server.xml) the AJP/1.3 connector by default.
(markt)
</update>
+ <update>
+ Change the default bind address for the AJP/1.3 connector to be the
+ loopback address. (markt)
+ </update>
</changelog>
</subsection>
<subsection name="Jasper">
diff --git a/webapps/docs/config/ajp.xml b/webapps/docs/config/ajp.xml
index d0ba75b..90ed2c5 100644
--- a/webapps/docs/config/ajp.xml
+++ b/webapps/docs/config/ajp.xml
@@ -306,10 +306,7 @@
<attribute name="address" required="false">
<p>For servers with more than one IP address, this attribute
specifies which address will be used for listening on the specified
- port. By default, this port will be used on all IP addresses
- associated with the server. A value of <code>127.0.0.1</code>
- indicates that the Connector will only listen on the loopback
- interface.</p>
+ port. By default, the loopback address will be used.</p>
</attribute>
<attribute name="bindOnInit" required="false">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
