Tomcat jndi druid configuration and bug fix

Use Tomcat jndi to securely connect to the database

Summary of requirements

Because the company was maliciously attacked, the superiors communicated that all sensitive data must be encrypted, and all project development must be separated from the database account password, so the database connection method was changed to use jndi.

The operation and maintenance is responsible for configuring jdbc under Tomcat conf, and providing a data source name, development of connecting to the database through the data source name, development of the database account password without touching hands, ensuring security is controlled by the operation and maintenance

Code modification

1. Original code (spring datasource original configuration)

• 1.1 spring-datasource.xml

<bean id="dataSource" class="com.alibaba.druid.pool.DruidDataSource" init-method="init" destroy-method="close">
        <property name="name" value="CBoard Meta Data"/>
        <property name="url" value="${jdbc_url}"/>
        <property name="username" value="${jdbc_username}"/>
        <property name="password" value="${jdbc_password}"/>

        <property name="initialSize" value="0"/>
        <property name="maxActive" value="20"/>
        <property name="minIdle" value="0"/>
        <property name="maxWait" value="60000"/>

        <property name="validationQuery" value="${validationQuery}"/>
        <property name="testOnBorrow" value="false"/>
        <property name="testOnReturn" value="false"/>
        <property name="testWhileIdle" value="true"/>
        <property name="timeBetweenEvictionRunsMillis" value="60000"/>
        <property name="minEvictableIdleTimeMillis" value="25200000"/>
        <property name="removeAbandoned" value="true"/>
        <property name="removeAbandonedTimeout" value="1800"/>
        <property name="logAbandoned" value="true"/>
        <property name="filters" value="mergeStat,log4j"/>
    </bean>

• 1.2 config.properties

validationQuery=$[validationQuery]
jdbc_url=$[jdbc_url]
jdbc_username=$[jdbc_username]
jdbc_password=$[jdbc_password]

• 1.3 vars.sit.properties

validationQuery=SELECT 1
jdbc_url=jdbc:mysql://172.16.41.156:3306/ocean?characterEncoding=utf-8
jdbc_username=ocean
jdbc_password=ocean

• 1.4 pom.xml

...
<profile>
            <id>sit</id>
            <activation>
                <activeByDefault>true</activeByDefault>
            </activation>
            <build>
                <filters>
                    <filter>./vars/vars.sit.properties</filter>
                </filters>
            </build>
        </profile>
...

• 1.5 maven packaging commands

mvn clean package -Dmaven.skip.test=true -Psit

2. After modification

• 2.1 spring-datasource.xml

    <bean id="dataSource" class="org.springframework.jndi.JndiObjectFactoryBean">
        <property name="jndiName" value="java:comp/env/${jndi.jndi-name}"/>
    </bean>

• 2.2 config.properties

jndi.jndi-name=$[jndi.jndi-name]

• 2.3 vars.sit.properties

jndi.jndi-name=jdbc/oceanBD

• 2.4 pom.xml Same as 1.4
• 2.5 Tomcat lib目录下add jar

druid-1.1.12.jar
mysql-connector-java-5.1.24.jar
log4j-1.2.17.jar

• 2.6 Modify the Tomcat conf/context.xml
  <context> tag and add the <Resource> tag.
  If the picture is convenient, jdbc/cboardBDyou can directly write it in 2.1

<Resource name="jdbc/oceanBD"
	factory="com.alibaba.druid.pool.DruidDataSourceFactory"
	auth="Container"
	type="javax.sql.DataSource"
	driverClassName="com.mysql.jdbc.Driver"
	url="jdbc:mysql://172.16.41.156:3306/ocean?useUnicode=true&amp;characterEncoding=utf-8"
	username="ocean"
	password="ocean"
				
	initialSize="0"
	maxActive="20"
	minIdle="0"
	maxWait="60000"
				
	validationQuery="select 1"
	testOnBorrow="false"
	testOnReturn="false"
	testWhileIdle="true"
	timeBetweenEvictionRunsMillis="60000"
	minEvictableIdleTimeMillis="25200000"
	removeabandoned="true"
	removeabandonedtimeout="1800"
	logabandoned="true"
	filters="mergeStat,log4j"
				
	connectionProperties="druid.stat.mergeSql=true;druid.stat.slowSqlMillis=2000"
	useGlobalDataSourceStat="true"
	poolPreparedStatements="false"
	maxOpenPreparedStatements="20"
	asyncInit="true"/>

• 2.7 maven packaging is the same as 1.5

BUG fix

bug overview

1. After the change is completed, start and access normally in the idea local development environment,
   
2. The test environment starts normally and can only access the Tomcat manager project (Tomcat comes with docs examples host-manager manager ROOT and several built-in projects)
   . Projects developed cannot be accessed
   

bug investigation

1. Check the startup log, there is no task error in the log, and the project developed under wepapps and the project that comes with Tomcat are started
2. Check the local and test environment Tomcat version, local 8.0, test 8.5, change the local to 8.5, the local still starts successfully

bug fix

1. Solution 1 Delete irrelevant projects
   Delete all projects under webapps, only keep the developed projects
2. Option two modify the Tomcat conf/server.xml file

在\<Host \>标签中添加子标签:
<Context path="" docBase="要运行的项目名称" debug="0" reloadable="true"/>

bug fix supplement

Change the jndi configured in context.xml to server.xml, and configure the reference in context.xml 无法解决上述bug. This can be used as a reference for the configuration of the global DataSource and the DataSource of a single project. The configuration is as follows

1. Configure <Resource> of context.xml to <GlobalNamingResources> of server.xml
   
2. Configuration in context.xml
   

bug conjecture

During the startup process, Tomcat's own project covers the developed project

Reference URL

https://www.cnblogs.com/zyxiaohuihui/p/9300282.html (private data source/global configuration)
https://www.cnblogs.com/xuange306/p/6398926.html (bug solution 2 operation)
https ://blog.csdn.net/deniro_li/article/details/96716817 (jndi druid connection reference)