Alibaba Druid 未授权访问
Alibaba Druid登录增加安全系数
方案一
在DruidDBConfig中增加druidServlet方法,定义登录账号密码或者白名单访问,具体如下
@Bean
public ServletRegistrationBean druidServlet() {
ServletRegistrationBean servletRegistrationBean = new ServletRegistrationBean();
servletRegistrationBean.setServlet(new StatViewServlet());
servletRegistrationBean.addUrlMappings("/druid/*");
Map<String, String> initParameters = new HashMap<>();
initParameters.put("resetEnable", "false");
initParameters.put("allow", "");
initParameters.put("loginUsername", "admin@123");
initParameters.put("loginPassword", "admin@123");
initParameters.put("deny", "");
servletRegistrationBean.setInitParameters(initParameters);
return servletRegistrationBean;
}
方案二
项目不使用或者很少用到Durid监控页,可以直接禁用
#是否启用StatViewServlet(监控页面),默认true-启动,false-不启动
spring.datasource.druid.stat-view-servlet.enabled=false