Java Melody web.xml过滤器不适用于Jetty Server
[英]Java Melody web.xml filters not working with Jetty Server
问题描述
I've recently added Java Melody to a grails application. 
我最近将Java Melody添加到了grails应用程序中。 So I wanted to restrict the IP addresses that can access the monitoring endpoint, and also add basic auth for it so that not anyone can access the monitoring endpoint once the application is released for public use. 因此,我想限制可以访问监视端点的IP地址,并为其添加基本身份验证,以便一旦将应用程序发布以供公众使用,则没有人可以访问监视端点。
I've added filters to my web.xml, according to their documentation ( https://github.com/javamelody/javamelody/wiki/UserGuide#16-security ). 根据他们的文档( https://github.com/javamelody/javamelody/wiki/UserGuide#16-security ),我已经在我的web.xml中添加了过滤器。
They look like this: 他们看起来像这样:
<filter>
<filter-name>javamelody</filter-name>
<filter-class>net.bull.javamelody.MonitoringFilter</filter-class>
<init-param>
<param-name>authorized-users</param-name>
<param-value>user1:pwd1</param-value>
</init-param>
<init-param>
<param-name>allowed-addr-pattern</param-name>
<param-value>192\.168\.1\.*</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>javamelody</filter-name>
<url-pattern>/monitoring</url-pattern>
</filter-mapping>
I've verified that it works when I run the application using grails run-app. 我已经验证了使用grails run-app运行应用程序时该方法是否有效。 If i try to access the monitoring endpoint, I am prompted for a username and password. 如果我尝试访问监视端点,则会提示我输入用户名和密码。
However, when I create a war file and deploy it to run on a jetty instance, the security filters don't work anymore. 但是,当我创建一个战争文件并将其部署到码头实例上运行时,安全过滤器将不再起作用。 I can access the monitoring endpoint without providing a username and password. 我可以在不提供用户名和密码的情况下访问监视端点。
Can anyone help me? 谁能帮我? I'm new to this and I really don't know how to proceed with this problem. 我对此并不陌生,我真的不知道如何解决这个问题。 I searched around for answers but nothing really fits the bill. 我到处寻找答案,但没有一个真的合适。 I'm not sure if the issue is with Java Melody or with Jetty. 我不确定问题是Java Melody还是Jetty。
Appreciate all the help I can get. 感谢所有我能得到的帮助。 Thanks! 谢谢!
EDIT: 编辑:
My whole web.xml used in grails prod run-app : 我的整个web.xml用于grails prod run-app :
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0"
metadata-complete="true"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>/@grails.project.key@</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/applicationContext.xml</param-value>
</context-param>
<context-param>
<param-name>webAppRootKey</param-name>
<param-value>@grails.project.key@</param-value>
</context-param>
<filter>
<filter-name>charEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetBeanName</param-name>
<param-value>characterEncodingFilter</param-value>
</init-param>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter>
<filter-name>javamelody</filter-name>
<filter-class>net.bull.javamelody.MonitoringFilter</filter-class>
<init-param>
<param-name>authorized-users</param-name>
<param-value>user1:pwd1</param-value>
</init-param>
<init-param>
<param-name>allowed-addr-pattern</param-name>
<param-value>192\.168\.1\.*</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>charEncodingFilter</filter-name>
<url-pattern>/ *</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>javamelody</filter-name>
<url-pattern>/monitoring</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.codehaus.groovy.grails.web.context.GrailsContextLoaderListener</listener-class>
</listener>
<!-- Grails dispatcher servlet -->
<servlet>
<servlet-name>grails</servlet-name>
<servlet-class>org.codehaus.groovy.grails.web.servlet.GrailsDispatcherServlet</servlet-class>
<init-param>
<param-name>dispatchOptionsRequest</param-name>
<param-value>true</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
<async-supported>true</async-supported>
</servlet>
<!-- The Groovy Server Pages servlet -->
<servlet>
<servlet-name>gsp</servlet-name>
<servlet-class>org.codehaus.groovy.grails.web.pages.GroovyPagesServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>gsp</servlet-name>
<url-pattern>*.gsp</url-pattern>
</servlet-mapping>
<session-config>
<!-- 30 minutes -->
<session-timeout>30</session-timeout>
</session-config>
<welcome-file-list>
<!--
The order of the welcome pages is important. JBoss deployment will
break if index.gsp is first in the list.
-->
<welcome-file>index.html</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>index.gsp</welcome-file>
</welcome-file-list>
Web.xml of my WAR file: 我的WAR文件的Web.xml:
<web-app xmlns="http://java.sun.com/xml/ns/javaee" metadata-complete="true" version="3.0" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<display-name>/radius-api-production-0.1</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/applicationContext.xml</param-value>
</context-param>
<context-param>
<param-name>webAppRootKey</param-name>
<param-value>radius-api-production-0.1</param-value>
</context-param>
<context-param>
<param-name>sample</param-name>
<param-value>Sample Value</param-value>
</context-param>
<context-param>
<param-name>javamelody.displayed-counters</param-name>
<param-value>http,sql,error,log,spring,jsp</param-value>
</context-param>
<filter>
<filter-name>monitoring</filter-name>
<filter-class>net.bull.javamelody.MonitoringFilter</filter-class>
<async-supported>true</async-supported>
</filter>
<filter>
<filter-name>charEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<async-supported>true</async-supported>
<init-param>
<param-name>targetBeanName</param-name>
<param-value>characterEncodingFilter</param-value>
</init-param>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter>
<filter-name>AssetPipelineFilter</filter-name>
<filter-class>asset.pipeline.AssetPipelineFilter</filter-class>
<async-supported>true</async-supported>
</filter>
<filter>
<filter-name>javamelody</filter-name>
<filter-class>net.bull.javamelody.MonitoringFilter</filter-class>
<async-supported>true</async-supported>
<init-param>
<param-name>authorized-users</param-name>
<param-value>user1:pwd1</param-value>
</init-param>
</filter>
<filter>
<filter-name>urlMapping</filter-name>
<filter-class>org.codehaus.groovy.grails.web.mapping.filter.UrlMappingsFilter</filter-class>
<async-supported>true</async-supported>
</filter>
<filter>
<filter-name>hiddenHttpMethod</filter-name>
<filter-class>org.codehaus.groovy.grails.web.filters.HiddenHttpMethodFilter</filter-class>
<async-supported>true</async-supported>
</filter>
<filter>
<filter-name>grailsWebRequest</filter-name>
<filter-class>org.codehaus.groovy.grails.web.servlet.mvc.GrailsWebRequestFilter</filter-class>
<async-supported>true</async-supported>
</filter>
<filter>
<filter-name>grailsCacheFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<async-supported>true</async-supported>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>charEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>hiddenHttpMethod</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>javamelody</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AssetPipelineFilter</filter-name>
<url-pattern>/assets/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>grailsWebRequest</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>monitoring</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>urlMapping</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>grailsCacheFilter</filter-name>
<url-pattern>*.dispatch</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
</filter-mapping>
<listener>
<listener-class>net.bull.javamelody.SessionListener</listener-class>
</listener>
<listener>
<listener-class>org.codehaus.groovy.grails.plugins.log4j.web.util.Log4jConfigListener</listener-class>
</listener>
<listener>
<listener-class>org.codehaus.groovy.grails.web.context.GrailsContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>grails</servlet-name>
<servlet-class>org.codehaus.groovy.grails.web.servlet.GrailsDispatcherServlet</servlet-class>
<init-param>
<param-name>dispatchOptionsRequest</param-name>
<param-value>true</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
<async-supported>true</async-supported>
</servlet>
<servlet>
<servlet-name>gsp</servlet-name>
<servlet-class>org.codehaus.groovy.grails.web.pages.GroovyPagesServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>grails-errorhandler</servlet-name>
<servlet-class>org.codehaus.groovy.grails.web.servlet.ErrorHandlingServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>gsp</servlet-name>
<url-pattern>*.gsp</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>grails-errorhandler</servlet-name>
<url-pattern>/grails-errorhandler</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>grails</servlet-name>
<url-pattern>*.dispatch</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>30</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>index.gsp</welcome-file>
</welcome-file-list>
<error-page>
<error-code>500</error-code>
<location>/grails-errorhandler</location>
</error-page>
1 个解决方案
解决方案1
0 2015-11-04 05:14:12
- you can turn on debug logging to see if the monitorFilter is started. 您可以打开调试日志记录以查看monitorFilter是否已启动。 I've found this in melody's source. 我已经在melody的资料中找到了这个。
LOG.debug("JavaMelody filter init started"); - you can extend the monitorFilter, override the init method and add logging of the init-params. 您可以扩展monitorFilter,重写init方法并添加init-params的日志记录。 like:
public void init(FilterConfig config) throws ServletException { //log the init-params here //blabla super.init(config); }例如: public void init(FilterConfig config) throws ServletException { //log the init-params here //blabla super.init(config); }public void init(FilterConfig config) throws ServletException { //log the init-params here //blabla super.init(config); }
Your problem looks like caused by web.xml conflit, providing the whole web.xml file and versions info would be better. 您的问题似乎是由web.xml冲突引起的,提供整个web.xml文件和版本信息会更好。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
如何将 web.xml 代码转换为 java melody 的 java 配置 - How to convert web.xml code to java config for java melody
嵌入式码头的Java web.xml位置 - Java web.xml location for embedded jetty
码头web.xml 503 - Jetty web.xml 503
如何使用Maven和Jetty将web.xml组合到Lauch服务器端 - How compose web.xml to lauch server side with maven and jetty
用于Java服务器界面的web.xml - web.xml for java server faces
web.xml-Java Servlet过滤器和WebSphere-URL模式问题 - web.xml - Java Servlet Filters and WebSphere - URL Pattern issues
使用web.xml配置嵌入式jetty? - Configure embedded jetty with web.xml?
web.xml中的会话超时不适用于weblogic服务器 - Session Timeout in web.xml not working for weblogic server
码头:使用Maven时用Java代替Web.xml声明Servlet - Jetty: declare servlets in java in stead of web.xml when using maven
web.xml-Java Servlet过滤器-在处理JSP页面之前(在Tomcat上)未运行 - web.xml - Java Servlet Filters - Not being run before processing the JSP page (on Tomcat)
相关标签