轉:
Druid是一個強大的新興數據庫連接池,兼容DBCP,是阿里巴巴做的開源項目.
不僅提供了強悍的數據源實現,還內置了一個比較靠譜的監控組件。
GitHub項目主頁: https://github.com/alibaba/druid
QQ群: 點擊鏈接加入群【阿里開源技術交流】
演示地址: https://cncounter.duapp.com/druid/index.html
常見問題回答請參考: https://github.com/alibaba/druid/wiki/%E5%B8%B8%E8%A7%81%E9%97%AE%E9%A2%98
一篇CSDN對Druid的介紹 druid簡單教程
因為想要監控數據,又不願意誰都可以訪問,所以想要配置個密碼.在開源群里一問,就知道原來內部已經有實現了.
先貼完成后的代碼:
web.xml 部分:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
<!
-- Druid,監控數據庫,以及WEB訪問連接信息 -->
<!
-- 參考: https://github.com/alibaba/druid/wiki/%E9%85%8D%E7%BD%AE_%E9%85%8D%E7%BD%AEWebStatFilter -->
<filter>
<filter-
name
>DruidWebStatFilter</filter-
name
>
<filter-class>com.alibaba.druid.support.http.WebStatFilter</filter-class>
<init-param>
<param-
name
>exclusions</param-
name
>
<param-value>*.js,*.gif,*.jpg,*.png,*.css,*.ico,*.jsp,/druid/*,/download/*</param-value>
</init-param>
<init-param>
<param-
name
>sessionStatMaxCount</param-
name
>
<param-value>2000</param-value>
</init-param>
<init-param>
<param-
name
>sessionStatEnable</param-
name
>
<param-value>
true
</param-value>
</init-param>
<init-param>
<param-
name
>principalSessionName</param-
name
>
<param-value>session_user_key</param-value>
</init-param>
<init-param>
<param-
name
>profileEnable</param-
name
>
<param-value>
true
</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-
name
>DruidWebStatFilter</filter-
name
>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!
-- 配置 Druid 監控信息顯示頁面 -->
<servlet>
<servlet-
name
>DruidStatView</servlet-
name
>
<servlet-class>com.alibaba.druid.support.http.StatViewServlet</servlet-class>
<init-param>
<!
-- 允許清空統計數據 -->
<param-
name
>resetEnable</param-
name
>
<param-value>
true
</param-value>
</init-param>
<init-param>
<!
-- 用戶名 -->
<param-
name
>loginUsername</param-
name
>
<param-value>druid</param-value>
</init-param>
<init-param>
<!
-- 密碼 -->
<param-
name
>loginPassword</param-
name
>
<param-value>druid</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-
name
>DruidStatView</servlet-
name
>
<url-pattern>/druid/*</url-pattern>
</servlet-mapping>
|
首先,因為使用的是 MAVEN, 所以查看源碼時maven會自動幫你下載. 我們在 web.xml 中點擊 com.alibaba.druid.support.http.StatViewServlet 進入class文件,等一會源碼下載好就可以查看. 發現有類似下面這樣的代碼:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
public
class StatViewServlet extends ResourceSerlvet {
private final
static
Log LOG = LogFactory.getLog(StatViewServlet.class);
private
static
final long serialVersionUID = 1L;
public
static
final String PARAM_NAME_RESET_ENABLE =
"resetEnable"
;
public
static
final String PARAM_NAME_JMX_URL =
"jmxUrl"
;
public
static
final String PARAM_NAME_JMX_USERNAME =
"jmxUsername"
;
public
static
final String PARAM_NAME_JMX_PASSWORD =
"jmxPassword"
;
private DruidStatService statService = DruidStatService.getInstance();
/** web.xml中配置的jmx的連接地址 */
private String jmxUrl =
null
;
/** web.xml中配置的jmx的用戶名 */
private String jmxUsername =
null
;
/** web.xml中配置的jmx的密碼 */
private String jmxPassword =
null
;
.........
|
而在其中的 jmxUrl、jmxUsername 和 jmxPassword 很顯然是連接遠程 JMX時使用的,那么我就想着去看看父類: com.alibaba.druid.support.http.ResourceSerlvet
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
@SuppressWarnings(
"serial"
)
public
abstract class ResourceSerlvet extends HttpServlet {
private final
static
Log LOG = LogFactory.getLog(ResourceSerlvet.class);
public
static
final String SESSION_USER_KEY =
"druid-user"
;
public
static
final String PARAM_NAME_USERNAME =
"loginUsername"
;
public
static
final String PARAM_NAME_PASSWORD =
"loginPassword"
;
public
static
final String PARAM_NAME_ALLOW =
"allow"
;
public
static
final String PARAM_NAME_DENY =
"deny"
;
public
static
final String PARAM_REMOTE_ADDR =
"remoteAddress"
;
protected String username =
null
;
protected String
password
=
null
;
..........
|
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
public
void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
......
if (isRequireAuth() //
&& !ContainsUser(request)//
&& !(
"/login.html"
.equals(path) //
|| path.startsWith(
"/css"
)//
|| path.startsWith(
"/js"
) //
|| path.startsWith(
"/img"
))) {
if (contextPath ==
null
|| contextPath.equals(
""
) || contextPath.equals(
"/"
)) {
response.sendRedirect(
"/druid/login.html"
);
}
else
{
if (
""
.equals(path)) {
response.sendRedirect(
"druid/login.html"
);
}
else
{
response.sendRedirect(
"login.html"
);
}
}
return
;
}
......
|
|
1
2
3
|
public
boolean isRequireAuth() {
return
this.username !=
null
;
}
|
那現在知道是 username 在作怪,也設置了,但是沒有起作用,於是搜索 username ,
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
public
void init() throws ServletException {
initAuthEnv();
}
private void initAuthEnv() {
String paramUserName = getInitParameter(PARAM_NAME_USERNAME);
if (!StringUtils.isEmpty(paramUserName)) {
this.username = paramUserName;
}
String paramPassword = getInitParameter(PARAM_NAME_PASSWORD);
if (!StringUtils.isEmpty(paramPassword)) {
this.
password
= paramPassword;
}
......
|
String paramUserName = getInitParameter(PARAM_NAME_USERNAME);
那么很簡單,找到 PARAM_NAME_USERNAME 即可: public static final String PARAM_NAME_USERNAME = "loginUsername"; public static final String PARAM_NAME_PASSWORD = "loginPassword";
於是在 web.xml 中換上,OK,成功進行了攔截.