1,web.xml配置
<servlet>
<servlet-name>DruidStatView</servlet-name>
<servlet-class>com.alibaba.druid.support.http.StatViewServlet</servlet-class>
<init-param>
<!-- 允許清空統計數據 -->
<param-name>resetEnable</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<!-- 用戶名 -->
<param-name>loginUsername</param-name>
<param-value>druid</param-value>
</init-param>
<init-param>
<!-- 密碼 -->
<param-name>loginPassword</param-name>
<param-value>123456</param-value>
</init-param>
<init-param>
<param-name>allow</param-name> <!-- 訪問IP白名單 -->
<param-value>XXX.XXX.XXX.XXX</param-value>
</init-param>
<init-param>
<param-name>deny</param-name> <!-- 訪問IP黑名單 -->
<param-value></param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>DruidStatView</servlet-name>
<url-pattern>/druid/*</url-pattern>
</servlet-mapping>
添加以上配置就可以訪問http://localhost:8080/XXX/druid/login.html
在配置IP白名單和黑名單時,始終不能夠有效。
才發現在驗證IP時druid是使用request.getRemoteAddr(),但是服務器是使用nginx+tomcat,使用了nginx的反向代理,使用該方法始終獲取到的IP地址為nginx服務器的IP地址,即127.0.0.1,解決辦法如下:
public class CustomStatViewServlet extends StatViewServlet{
private static final long serialVersionUID = 1L;
@Override
public boolean isPermittedRequest(HttpServletRequest request) {
String remoteAddress = Utils.getIpAddr(request);
return isPermittedRequest(remoteAddress);
}
}
以下為getIpAddr方法內容:
public static String getIpAddr(HttpServletRequest request) {
String ip = request.getHeader("X-Forwarded-For");
if(StringUtils.isNotEmpty(ip) && !"unKnown".equalsIgnoreCase(ip)){
//多次反向代理后會有多個ip值,第一個ip才是真實ip
int index = ip.indexOf(",");
if(index != -1){
return ip.substring(0,index);
}else{
return ip;
}
}
ip = request.getHeader("X-Real-IP");
if(StringUtils.isNotEmpty(ip) && !"unKnown".equalsIgnoreCase(ip)){
return ip;
}
return request.getRemoteAddr();
}
單后將上面web.xml中的servlet-class的配置改為你如下:
<servlet-class>com.XXXX.CustomStatViewServlet</servlet-class>
2,Nginx配置
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
搞定!