javaweb druid出现未授权访问
可以通过ip直接访问druid的控制台。
通过登录到控制台可以查看好多的敏感信息
javaweb解决方案:
关闭druid的控制台
<!-- <servlet-mapping>-->
<!-- <servlet-name>DruidStatView</servlet-name>-->
<!-- <url-pattern>/druid/*</url-pattern>-->
<!-- </servlet-mapping>-->
打开druid的控制台
<servlet>
<servlet-name>druidStatView</servlet-name>
<servlet-class>com.alibaba.druid.support.http.StatViewServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>druidStatView</servlet-name>
<url-pattern>/druid/*</url-pattern>
</servlet-mapping>
druid控制台配置账号密码
<servlet>
<servlet-name>druidStatView</servlet-name>
<servlet-class>com.alibaba.druid.support.http.StatViewServlet</servlet-class>
<init-param>
<param-name>loginUsername</param-name>
<param-value>账号</param-value>
</init-param>
<init-param>
<param-name>loginPassword</param-name>
<param-value>密码</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>druidStatView</servlet-name>
<url-pattern>/druid/*</url-pattern>
</servlet-mapping>
本文来自博客园,作者:King-DA,转载请注明原文链接:https://www.cnblogs.com/qingmuchuanqi48/articles/16115067.html
浙公网安备 33010602011771号