1,web.xml配置
<servlet>
<servlet-name>DruidStatView</servlet-name>
<servlet-class>com.alibaba.druid.support.http.StatViewServlet</servlet-class>
<init-param>
<!-- 允许清空统计数据 -->
<param-name>resetEnable</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<!-- 用户名 -->
<param-name>loginUsername</param-name>
<param-value>druid</param-value>
</init-param>
<init-param>
<!-- 密码 -->
<param-name>loginPassword</param-name>
<param-value>123456</param-value>
</init-param>
<init-param>
<param-name>allow</param-name> <!-- 访问IP白名单 -->
<param-value>XXX.XXX.XXX.XXX</param-value>
</init-param>
<init-param>
<param-name>deny</param-name> <!-- 访问IP黑名单 -->
<param-value></param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>DruidStatView</servlet-name>
<url-pattern>/druid/*</url-pattern>
</servlet-mapping>
添加以上配置就可以访问http://localhost:8080/XXX/druid/login.html
在配置IP白名单和黑名单时,始终不能够有效。
才发现在验证IP时druid是使用request.getRemoteAddr(),但是服务器是使用nginx+tomcat,使用了nginx的反向代理,使用该方法始终获取到的IP地址为nginx服务器的IP地址,即127.0.0.1,解决办法如下:
public class CustomStatViewServlet extends StatViewServlet{
private static final long serialVersionUID = 1L;
@Override
public boolean isPermittedRequest(HttpServletRequest request) {
String remoteAddress = Utils.getIpAddr(request);
return isPermittedRequest(remoteAddress);
}
}
以下为getIpAddr方法内容:
public static String getIpAddr(HttpServletRequest request) {
String ip = request.getHeader("X-Forwarded-For");
if(StringUtils.isNotEmpty(ip) && !"unKnown".equalsIgnoreCase(ip)){
//多次反向代理后会有多个ip值,第一个ip才是真实ip
int index = ip.indexOf(",");
if(index != -1){
return ip.substring(0,index);
}else{
return ip;
}
}
ip = request.getHeader("X-Real-IP");
if(StringUtils.isNotEmpty(ip) && !"unKnown".equalsIgnoreCase(ip)){
return ip;
}
return request.getRemoteAddr();
}
单后将上面web.xml中的servlet-class的配置改为你如下:
<servlet-class>com.XXXX.CustomStatViewServlet</servlet-class>
2,Nginx配置
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
搞定!