我最近将Java Melody添加到了grails应用程序中。因此,我想限制可以访问监控端点的IP地址,并为其添加基本身份验证,以便在应用程序发布供公众使用后,任何人都无法访问监控端点。
我已根据他们的文档(https://github.com/javamelody/javamelody/wiki/UserGuide#16-security)向我的web.xml添加了过滤器。
他们看起来像这样:
<filter>
<filter-name>javamelody</filter-name>
<filter-class>net.bull.javamelody.MonitoringFilter</filter-class>
<init-param>
<param-name>authorized-users</param-name>
<param-value>user1:pwd1</param-value>
</init-param>
<init-param>
<param-name>allowed-addr-pattern</param-name>
<param-value>192\.168\.1\.*</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>javamelody</filter-name>
<url-pattern>/monitoring</url-pattern>
</filter-mapping>
我在使用grails run-app运行应用程序时验证了它的工作原理。如果我尝试访问监控端点,系统会提示我输入用户名和密码。
但是,当我创建一个war文件并将其部署为在jetty实例上运行时,安全过滤器不再起作用。我可以在不提供用户名和密码的情况下访问监控端点。
任何人都可以帮助我吗?我是新手,我真的不知道如何处理这个问题。我四处寻找答案,但没有什么能适合这个法案。我不确定问题是Java Melody还是Jetty。
感谢我能得到的所有帮助。谢谢!
编辑:
grails prod run-app中使用的整个web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0"
metadata-complete="true"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>/@grails.project.key@</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/applicationContext.xml</param-value>
</context-param>
<context-param>
<param-name>webAppRootKey</param-name>
<param-value>@grails.project.key@</param-value>
</context-param>
<filter>
<filter-name>charEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetBeanName</param-name>
<param-value>characterEncodingFilter</param-value>
</init-param>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter>
<filter-name>javamelody</filter-name>
<filter-class>net.bull.javamelody.MonitoringFilter</filter-class>
<init-param>
<param-name>authorized-users</param-name>
<param-value>user1:pwd1</param-value>
</init-param>
<init-param>
<param-name>allowed-addr-pattern</param-name>
<param-value>192\.168\.1\.*</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>charEncodingFilter</filter-name>
<url-pattern>/ *</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>javamelody</filter-name>
<url-pattern>/monitoring</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.codehaus.groovy.grails.web.context.GrailsContextLoaderListener</listener-class>
</listener>
<!-- Grails dispatcher servlet -->
<servlet>
<servlet-name>grails</servlet-name>
<servlet-class>org.codehaus.groovy.grails.web.servlet.GrailsDispatcherServlet</servlet-class>
<init-param>
<param-name>dispatchOptionsRequest</param-name>
<param-value>true</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
<async-supported>true</async-supported>
</servlet>
<!-- The Groovy Server Pages servlet -->
<servlet>
<servlet-name>gsp</servlet-name>
<servlet-class>org.codehaus.groovy.grails.web.pages.GroovyPagesServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>gsp</servlet-name>
<url-pattern>*.gsp</url-pattern>
</servlet-mapping>
<session-config>
<!-- 30 minutes -->
<session-timeout>30</session-timeout>
</session-config>
<welcome-file-list>
<!--
The order of the welcome pages is important. JBoss deployment will
break if index.gsp is first in the list.
-->
<welcome-file>index.html</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>index.gsp</welcome-file>
</welcome-file-list>
我的WAR文件的Web.xml:
<web-app xmlns="http://java.sun.com/xml/ns/javaee" metadata-complete="true" version="3.0" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<display-name>/radius-api-production-0.1</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/applicationContext.xml</param-value>
</context-param>
<context-param>
<param-name>webAppRootKey</param-name>
<param-value>radius-api-production-0.1</param-value>
</context-param>
<context-param>
<param-name>sample</param-name>
<param-value>Sample Value</param-value>
</context-param>
<context-param>
<param-name>javamelody.displayed-counters</param-name>
<param-value>http,sql,error,log,spring,jsp</param-value>
</context-param>
<filter>
<filter-name>monitoring</filter-name>
<filter-class>net.bull.javamelody.MonitoringFilter</filter-class>
<async-supported>true</async-supported>
</filter>
<filter>
<filter-name>charEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<async-supported>true</async-supported>
<init-param>
<param-name>targetBeanName</param-name>
<param-value>characterEncodingFilter</param-value>
</init-param>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter>
<filter-name>AssetPipelineFilter</filter-name>
<filter-class>asset.pipeline.AssetPipelineFilter</filter-class>
<async-supported>true</async-supported>
</filter>
<filter>
<filter-name>javamelody</filter-name>
<filter-class>net.bull.javamelody.MonitoringFilter</filter-class>
<async-supported>true</async-supported>
<init-param>
<param-name>authorized-users</param-name>
<param-value>user1:pwd1</param-value>
</init-param>
</filter>
<filter>
<filter-name>urlMapping</filter-name>
<filter-class>org.codehaus.groovy.grails.web.mapping.filter.UrlMappingsFilter</filter-class>
<async-supported>true</async-supported>
</filter>
<filter>
<filter-name>hiddenHttpMethod</filter-name>
<filter-class>org.codehaus.groovy.grails.web.filters.HiddenHttpMethodFilter</filter-class>
<async-supported>true</async-supported>
</filter>
<filter>
<filter-name>grailsWebRequest</filter-name>
<filter-class>org.codehaus.groovy.grails.web.servlet.mvc.GrailsWebRequestFilter</filter-class>
<async-supported>true</async-supported>
</filter>
<filter>
<filter-name>grailsCacheFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<async-supported>true</async-supported>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>charEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>hiddenHttpMethod</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>javamelody</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AssetPipelineFilter</filter-name>
<url-pattern>/assets/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>grailsWebRequest</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>monitoring</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>urlMapping</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>grailsCacheFilter</filter-name>
<url-pattern>*.dispatch</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
</filter-mapping>
<listener>
<listener-class>net.bull.javamelody.SessionListener</listener-class>
</listener>
<listener>
<listener-class>org.codehaus.groovy.grails.plugins.log4j.web.util.Log4jConfigListener</listener-class>
</listener>
<listener>
<listener-class>org.codehaus.groovy.grails.web.context.GrailsContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>grails</servlet-name>
<servlet-class>org.codehaus.groovy.grails.web.servlet.GrailsDispatcherServlet</servlet-class>
<init-param>
<param-name>dispatchOptionsRequest</param-name>
<param-value>true</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
<async-supported>true</async-supported>
</servlet>
<servlet>
<servlet-name>gsp</servlet-name>
<servlet-class>org.codehaus.groovy.grails.web.pages.GroovyPagesServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>grails-errorhandler</servlet-name>
<servlet-class>org.codehaus.groovy.grails.web.servlet.ErrorHandlingServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>gsp</servlet-name>
<url-pattern>*.gsp</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>grails-errorhandler</servlet-name>
<url-pattern>/grails-errorhandler</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>grails</servlet-name>
<url-pattern>*.dispatch</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>30</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>index.gsp</welcome-file>
</welcome-file-list>
<error-page>
<error-code>500</error-code>
<location>/grails-errorhandler</location>
</error-page>
答案 0 :(得分:0)
LOG.debug("JavaMelody filter init started");
public void init(FilterConfig config) throws ServletException {
//log the init-params here
//blabla
super.init(config);
}
您的问题看起来像是由web.xml conflit引起的,提供整个web.xml文件和版本信息会更好。