Introduction
Alibaba Druid is a JDBC connection pool designed for monitoring and performance analysis. Beyond pooling connections, it provides a built-in web console that displays SQL execution statistics, slow query logs, and connection usage in real time.
What Alibaba Druid Does
- Manages JDBC connection pooling with configurable min/max pool sizes and timeouts
- Collects per-SQL execution metrics including count, time, rows, and error rate
- Provides a built-in web dashboard (StatViewServlet) for real-time monitoring
- Includes a WallFilter that blocks SQL injection patterns at the driver level
- Supports SQL parsing and formatting for MySQL, PostgreSQL, Oracle, and SQL Server
Architecture Overview
Druid wraps the standard JDBC DataSource interface and intercepts every SQL call through a filter chain. The StatFilter collects timing and count data per SQL template. The WallFilter parses each statement through a dialect-specific SQL parser and rejects dangerous patterns. All statistics are stored in memory and exposed via a Servlet-based dashboard or JMX.
Self-Hosting & Configuration
- Add druid-spring-boot-starter for automatic Spring Boot integration
- Enable the stat view servlet in application.yml for the monitoring dashboard
- Configure connection pool sizes via initialSize, minIdle, and maxActive
- Set slowSqlMillis to flag queries exceeding your latency threshold
- Optionally export metrics to Prometheus via the druid-spring-boot-actuator module
Key Features
- Built-in SQL monitoring dashboard with no external dependencies
- SQL injection firewall (WallFilter) that works at the connection pool level
- Detailed per-SQL statistics: execution count, total time, max time, affected rows
- Full SQL parser supporting 6+ database dialects
- Connection leak detection with stack-trace logging
Comparison with Similar Tools
- HikariCP — fastest raw throughput; Druid trades marginal speed for built-in monitoring and security
- Apache DBCP2 — Apache's pool; Druid adds SQL-level metrics and the wall filter
- c3p0 — legacy pool; Druid is more actively maintained with modern diagnostics
- PgBouncer — PostgreSQL-specific external pooler; Druid is a JVM-embedded, database-agnostic solution
FAQ
Q: Is Druid slower than HikariCP? A: In raw connection-acquire benchmarks HikariCP is slightly faster, but Druid's monitoring overhead is negligible in most production workloads.
Q: Can I use Druid without Spring Boot? A: Yes. Druid works as a standalone DataSource in any Java application.
Q: Does the WallFilter protect against all SQL injection? A: It blocks common injection patterns at the SQL parser level, but should complement application-level parameterized queries, not replace them.
Q: How do I access the monitoring console? A: Enable stat-view-servlet and visit /druid/index.html on your application server.