0
我最近將Java Melody添加到了grails應用程序中。因此,我想限制可以訪問監控端點的IP地址,併爲其添加基本身份驗證,以便一旦應用程序發佈供公衆使用,任何人都無法訪問監控端點。Java Melody web.xml過濾器不能用於Jetty服務器
根據他們的文檔(https://github.com/javamelody/javamelody/wiki/UserGuide#16-security),我已經爲我的web.xml添加了過濾器。
他們看起來像這樣:
<filter>
<filter-name>javamelody</filter-name>
<filter-class>net.bull.javamelody.MonitoringFilter</filter-class>
<init-param>
<param-name>authorized-users</param-name>
<param-value>user1:pwd1</param-value>
</init-param>
<init-param>
<param-name>allowed-addr-pattern</param-name>
<param-value>192\.168\.1\.*</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>javamelody</filter-name>
<url-pattern>/monitoring</url-pattern>
</filter-mapping>
我驗證過它,當我運行使用Grails運行的應用程序的應用程序的工作。如果我嘗試訪問監控端點,則系統會提示輸入用戶名和密碼。
但是,當我創建一個war文件並將其部署到jetty實例上時,安全過濾器不再工作。我可以在不提供用戶名和密碼的情況下訪問監控端點。
任何人都可以幫助我嗎?我是新來的,我真的不知道如何處理這個問題。我四處尋找答案,但沒有什麼真正符合法案。我不確定這個問題是否與Java Melody或Jetty有關。
欣賞我所能得到的所有幫助。謝謝!
編輯:
我在grails prod run-app整體使用的web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0"
metadata-complete="true"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>/@[email protected]</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/applicationContext.xml</param-value>
</context-param>
<context-param>
<param-name>webAppRootKey</param-name>
<param-value>@[email protected]</param-value>
</context-param>
<filter>
<filter-name>charEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetBeanName</param-name>
<param-value>characterEncodingFilter</param-value>
</init-param>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter>
<filter-name>javamelody</filter-name>
<filter-class>net.bull.javamelody.MonitoringFilter</filter-class>
<init-param>
<param-name>authorized-users</param-name>
<param-value>user1:pwd1</param-value>
</init-param>
<init-param>
<param-name>allowed-addr-pattern</param-name>
<param-value>192\.168\.1\.*</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>charEncodingFilter</filter-name>
<url-pattern>/ *</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>javamelody</filter-name>
<url-pattern>/monitoring</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.codehaus.groovy.grails.web.context.GrailsContextLoaderListener</listener-class>
</listener>
<!-- Grails dispatcher servlet -->
<servlet>
<servlet-name>grails</servlet-name>
<servlet-class>org.codehaus.groovy.grails.web.servlet.GrailsDispatcherServlet</servlet-class>
<init-param>
<param-name>dispatchOptionsRequest</param-name>
<param-value>true</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
<async-supported>true</async-supported>
</servlet>
<!-- The Groovy Server Pages servlet -->
<servlet>
<servlet-name>gsp</servlet-name>
<servlet-class>org.codehaus.groovy.grails.web.pages.GroovyPagesServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>gsp</servlet-name>
<url-pattern>*.gsp</url-pattern>
</servlet-mapping>
<session-config>
<!-- 30 minutes -->
<session-timeout>30</session-timeout>
</session-config>
<welcome-file-list>
<!--
The order of the welcome pages is important. JBoss deployment will
break if index.gsp is first in the list.
-->
<welcome-file>index.html</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>index.gsp</welcome-file>
</welcome-file-list>
我WAR文件的web.xml:
<web-app xmlns="http://java.sun.com/xml/ns/javaee" metadata-complete="true" version="3.0" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<display-name>/radius-api-production-0.1</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/applicationContext.xml</param-value>
</context-param>
<context-param>
<param-name>webAppRootKey</param-name>
<param-value>radius-api-production-0.1</param-value>
</context-param>
<context-param>
<param-name>sample</param-name>
<param-value>Sample Value</param-value>
</context-param>
<context-param>
<param-name>javamelody.displayed-counters</param-name>
<param-value>http,sql,error,log,spring,jsp</param-value>
</context-param>
<filter>
<filter-name>monitoring</filter-name>
<filter-class>net.bull.javamelody.MonitoringFilter</filter-class>
<async-supported>true</async-supported>
</filter>
<filter>
<filter-name>charEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<async-supported>true</async-supported>
<init-param>
<param-name>targetBeanName</param-name>
<param-value>characterEncodingFilter</param-value>
</init-param>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter>
<filter-name>AssetPipelineFilter</filter-name>
<filter-class>asset.pipeline.AssetPipelineFilter</filter-class>
<async-supported>true</async-supported>
</filter>
<filter>
<filter-name>javamelody</filter-name>
<filter-class>net.bull.javamelody.MonitoringFilter</filter-class>
<async-supported>true</async-supported>
<init-param>
<param-name>authorized-users</param-name>
<param-value>user1:pwd1</param-value>
</init-param>
</filter>
<filter>
<filter-name>urlMapping</filter-name>
<filter-class>org.codehaus.groovy.grails.web.mapping.filter.UrlMappingsFilter</filter-class>
<async-supported>true</async-supported>
</filter>
<filter>
<filter-name>hiddenHttpMethod</filter-name>
<filter-class>org.codehaus.groovy.grails.web.filters.HiddenHttpMethodFilter</filter-class>
<async-supported>true</async-supported>
</filter>
<filter>
<filter-name>grailsWebRequest</filter-name>
<filter-class>org.codehaus.groovy.grails.web.servlet.mvc.GrailsWebRequestFilter</filter-class>
<async-supported>true</async-supported>
</filter>
<filter>
<filter-name>grailsCacheFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<async-supported>true</async-supported>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>charEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>hiddenHttpMethod</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>javamelody</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AssetPipelineFilter</filter-name>
<url-pattern>/assets/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>grailsWebRequest</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>monitoring</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>urlMapping</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>grailsCacheFilter</filter-name>
<url-pattern>*.dispatch</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
</filter-mapping>
<listener>
<listener-class>net.bull.javamelody.SessionListener</listener-class>
</listener>
<listener>
<listener-class>org.codehaus.groovy.grails.plugins.log4j.web.util.Log4jConfigListener</listener-class>
</listener>
<listener>
<listener-class>org.codehaus.groovy.grails.web.context.GrailsContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>grails</servlet-name>
<servlet-class>org.codehaus.groovy.grails.web.servlet.GrailsDispatcherServlet</servlet-class>
<init-param>
<param-name>dispatchOptionsRequest</param-name>
<param-value>true</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
<async-supported>true</async-supported>
</servlet>
<servlet>
<servlet-name>gsp</servlet-name>
<servlet-class>org.codehaus.groovy.grails.web.pages.GroovyPagesServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>grails-errorhandler</servlet-name>
<servlet-class>org.codehaus.groovy.grails.web.servlet.ErrorHandlingServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>gsp</servlet-name>
<url-pattern>*.gsp</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>grails-errorhandler</servlet-name>
<url-pattern>/grails-errorhandler</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>grails</servlet-name>
<url-pattern>*.dispatch</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>30</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>index.gsp</welcome-file>
</welcome-file-list>
<error-page>
<error-code>500</error-code>
<location>/grails-errorhandler</location>
</error-page>
我已經更新了我的帖子,以包括在'grails prod run-app'中使用的web.xml和在碼頭上運行的生成的war文件中包含的web.xml。我已經嘗試了你的建議(有些不完全),並發現我的旋律過濾器在執行'grails prod run-app'時被記錄下來,但是在碼頭上時沒有記錄。我的WAR的web.xml文件的生成可能導致它無法正常工作嗎? @PaniniGelato – Alron
我可以在jetty-web.xml中看到2個MonitoringFilter。一個名爲「monitoring」,沒有init-params,另一個名爲'javamelody',帶有參數。你可以嘗試刪除其中的一個嗎? – PaniniGelato