配置_StatViewServlet配置

配置_StatViewServlet配置Druid内置提供了一个StatViewServlet用于展示Druid的统计信息。这个StatVi
ewServlet的用途包括：提供监控信息展示的html页面提供监控信息的JSONAPI注意：使用StatViewServlet
，建议使用druid0.2.6以上版本。1.配置web.xmlStatViewServlet是一个标准的javax.servl
et.http.HttpServlet，需要配置在你web应用中的WEB-INF/web.xml中。vlet-name>DruidStatViewcom.alibaba
.druid.support.http.StatViewServletervlet-mapping>DruidStatViewattern>/druid/根据配置中的url-pattern
来访问内置监控页面，如果是上面的配置，内置监控页面的首页是/druid/index.html例如：http://110.76.43
.235:9000/druid/index.htmlhttp://110.76.43.235:9000/druid/index.h
tml?http://110.76.43.235:8080/mini-web/druid/index.htmlhttp://110
.76.43.235:8080/mini-web/druid/index.html?1.1配置监控页面访问密码需要配置Servl
et的?loginUsername?和?loginPassword这两个初始参数。具体可以参考:?http://blog.csdn
.net/renfufei/article/details/39553639为Druid监控配置访问权限(配置访问监控信息的用户与
密码)1.1.1为Druid监控配置访问权限(配置访问监控信息的用户与密码)Druid是一个强大的新兴数据库连接池,兼容DBCP，
是阿里巴巴做的开源项目.不仅提供了强悍的数据源实现,还内置了一个比较靠谱的监控组件。GitHub项目主页:https://gi
thub.com/alibaba/druidhttps://github.com/alibaba/druid常见问题回答请参考:
https://github.com/alibaba/druid/wiki/%E5%B8%B8%E8%A7%81%E9%97%AE
%E9%A2%98https://github.com/alibaba/druid/wiki/%E5%B8%B8%E8%A7%81
%E9%97%AE%E9%A2%98因为想要监控数据,又不愿意谁都可以访问,所以想要配置个密码.在开源群里一问,就知道原来内部已经
有实现了.先贴完成后的代码:web.xml部分:[html]http://blog.csdn.net/renfufei/art
icle/details/39553639viewplainhttp://blog.csdn.net/renfufei/art
icle/details/39553639copyhttp://blog.csdn.net/renfufei/article/d
etails/39553639printhttp://blog.csdn.net/renfufei/article/details
/39553639?DruidWebStatFilterame>com.alibaba.druid.support.http.WebStatFilterfilter-class>exclusionsaram-value>.js,.gif,.jpg,.png,.css,.ico,.jsp,/druid/,/dow
nload/sess
ionStatMaxCount2000it-param>sessionStatEnable
truem-name>principalSessionNamesession_use
r_keyprofil
eEnabletrue>DruidWebStatFilterter-name>/DruidStatViewt-name>com.alibaba.druid.support.http.StatViewSer
vletr
esetEnabletrueram>loginUsernameame>druid
loginPasswordd
ruidrvlet-name>DruidStatView/druid/l-pattern>下面分享一下如何查找的。首先,因为使用的是MAVEN,所以查看源码
时maven会自动帮你下载.我们在web.xml中点击com.alibaba.druid.support.http.Sta
tViewServlet进入class文件,等一会源码下载好就可以查看.发现有类似下面这样的代码:[java]http:/
/blog.csdn.net/renfufei/article/details/39553639viewplainhttp:/
/blog.csdn.net/renfufei/article/details/39553639copyhttp://blog.
csdn.net/renfufei/article/details/39553639printhttp://blog.csdn.n
et/renfufei/article/details/39553639?publicclassStatViewServlet
extendsResourceSerlvet{privatefinalstaticLogLOG=LogFact
ory.getLog(StatViewServlet.class);privatestaticfinallongseri
alVersionUID=1L;publicstaticfinalStringPARAM_NAME_RESET_EN
ABLE="resetEnable";publicstaticfinalStringPARAM_NAME_JMX_U
RL="jmxUrl";publicstaticfinalStringPARAM_NAME_JMX_USERNAME
="jmxUsername";publicstaticfinalStringPARAM_NAME_JMX_PASSW
ORD="jmxPassword";privateDruidStatServicestatService=Druid
StatService.getInstance();/web.xml中配置的jmx的连接地址/privateStr
ingjmxUrl=null;/web.xml中配置的jmx的用户名/privateStringjmxUs
ername=null;/web.xml中配置的jmx的密码/privateStringjmxPasswor
d=null;.........可以看出,继承了StatViewServletextendsResourceSerlv
et而在其中的jmxUrl、jmxUsername和jmxPassword很显然是连接远程JMX时使用的,那么我就想着去
看看父类:com.alibaba.druid.support.http.ResourceSerlvet[java]http:/
/blog.csdn.net/renfufei/article/details/39553639viewplainhttp:/
/blog.csdn.net/renfufei/article/details/39553639copyhttp://blog.
csdn.net/renfufei/article/details/39553639printhttp://blog.csdn.n
et/renfufei/article/details/39553639?@SuppressWarnings("serial")
publicabstractclassResourceSerlvetextendsHttpServlet{priva
tefinalstaticLogLOG=LogFactory.getLog(ResourceSerlvet.class
);publicstaticfinalStringSESSION_USER_KEY="druid-user";pu
blicstaticfinalStringPARAM_NAME_USERNAME="loginUsername";p
ublicstaticfinalStringPARAM_NAME_PASSWORD="loginPassword";
publicstaticfinalStringPARAM_NAME_ALLOW="allow";publicsta
ticfinalStringPARAM_NAME_DENY="deny";publicstaticfinalSt
ringPARAM_REMOTE_ADDR="remoteAddress";protectedStringuserna
me=null;protectedStringpassword=null;..........看到了usern
ame和password,很高兴,先配置了试试,但是配置这两个初始化参数后没起作用,于是继续查找.看到了service方法
,我们知道,Servlet的业务逻辑就是从这里开始的。[java]http://blog.csdn.net/renfufei/a
rticle/details/39553639viewplainhttp://blog.csdn.net/renfufei/a
rticle/details/39553639copyhttp://blog.csdn.net/renfufei/article
/details/39553639printhttp://blog.csdn.net/renfufei/article/detai
ls/39553639?publicvoidservice(HttpServletRequestrequest,HttpS
ervletResponseresponse)throwsServletException,IOException{.
.....if(isRequireAuth()//&&!ContainsUser(request)//&&!("/l
ogin.html".equals(path)//||path.startsWith("/css")//||path.s
tartsWith("/js")//||path.startsWith("/img"))){if(contextPat
h==null||contextPath.equals("")||contextPath.equals("/")){
response.sendRedirect("/druid/login.html");}else{if("".equa
ls(path)){response.sendRedirect("druid/login.html");}else{r
esponse.sendRedirect("login.html");}}return;}......发现调用了is
RequireAuth()方法,看着像是判断是否需要授权验证,于是进去看[java]http://blog.csdn.net/
renfufei/article/details/39553639viewplainhttp://blog.csdn.net/
renfufei/article/details/39553639copyhttp://blog.csdn.net/renfuf
ei/article/details/39553639printhttp://blog.csdn.net/renfufei/art
icle/details/39553639?publicbooleanisRequireAuth(){returnthi
s.username!=null;}那现在知道是username在作怪,也设置了,但是没有起作用,于是搜索usern
ame,[java]http://blog.csdn.net/renfufei/article/details/3955363
9viewplainhttp://blog.csdn.net/renfufei/article/details/3955363
9copyhttp://blog.csdn.net/renfufei/article/details/39553639print
http://blog.csdn.net/renfufei/article/details/39553639?publicvoi
dinit()throwsServletException{initAuthEnv();}privatevoid
initAuthEnv(){StringparamUserName=getInitParameter(PARAM_NAM
E_USERNAME);if(!StringUtils.isEmpty(paramUserName)){this.user
name=paramUserName;}StringparamPassword=getInitParameter(P
ARAM_NAME_PASSWORD);if(!StringUtils.isEmpty(paramPassword)){t
his.password=paramPassword;}......然后发现了初始化验证环境时使用了PARAM_NAME
_USERNAME这个参数,顺便的学习了一个新API:getInitParameter方法获取Servlet的初始化参数,
是HttpServlet的父类GenericServlet类提供的:[java]http://blog.csdn.net/r
enfufei/article/details/39553639viewplainhttp://blog.csdn.net/r
enfufei/article/details/39553639copyhttp://blog.csdn.net/renfufe
i/article/details/39553639printhttp://blog.csdn.net/renfufei/arti
cle/details/39553639?StringparamUserName=getInitParameter(PARA
M_NAME_USERNAME);那么很简单,找到PARAM_NAME_USERNAME即可:[java]http://b
log.csdn.net/renfufei/article/details/39553639viewplainhttp://b
log.csdn.net/renfufei/article/details/39553639copyhttp://blog.cs
dn.net/renfufei/article/details/39553639printhttp://blog.csdn.net
/renfufei/article/details/39553639?publicstaticfinalStringPAR
AM_NAME_USERNAME="loginUsername";publicstaticfinalStringPA
RAM_NAME_PASSWORD="loginPassword";于是在web.xml中换上,OK，成功进行了拦截.示
例如下:DruidStat
Viewcom.alibaba.druid.support.htt
p.StatViewServletl
oginUsernamedruidit-param>loginPasswordparam-name>druidrvlet>DruidStatViewme>/druid/2.配置
allow和denyStatViewSerlvet展示出来的监控信息比较敏感，是系统运行的内部情况，如果你需要做访问控制，可以配置
allow和deny这两个参数。比如：DruidStatViewt-name>com.alibaba.druid.support.http.StatViewSer
vletallow
128.242.127.1/24,128.242.128.1param>deny12
8.242.127.4判断规则deny优先于allo
w，如果在deny列表中，就算在allow列表中，也会被拒绝。如果allow没有配置或者为空，则允许所有访问ip配置规则配置的格式
或者/其中128.242.127.1/2424表示，前面24位是子网
掩码，比对的时候，前面24位相同就匹配。不支持IPV6由于匹配规则不支持IPV6，配置了allow或者deny之后，会导致IPV6
无法访问。3.配置resetEnable在StatViewSerlvet输出的html页面中，有一个功能是ResetAll，执
行这个操作之后，会导致所有计数器清零，重新计数。你可以通过配置参数关闭它。Dru
idStatViewcom.alibaba.druid.support.http.StatViewServletresetEnablefalse4.按需要配置Spring和Web的关联监控Web关联监控配置?https://github.com/alibaba/druid/wiki/%E9%85%8D%E7%BD%AE_%E9%85%8D%E7%BD%AEWebStatFilterhttps://github.com/alibaba/druid/wiki/%E9%85%8D%E7%BD%AE_%E9%85%8D%E7%BD%AEWebStatFilterSpring关联监控配置?https://github.com/alibaba/druid/wiki/%E9%85%8D%E7%BD%AE_Druid%E5%92%8CSpring%E5%85%B3%E8%81%94%E7%9B%91%E6%8E%A7%E9%85%8D%E7%BD%AEhttps://github.com/alibaba/druid/wiki/%E9%85%8D%E7%BD%AE_Druid%E5%92%8CSpring%E5%85%B3%E8%81%94%E7%9B%91%E6%8E%A7%E9%85%8D%E7%BD%AE