Configs2026年7月1日·1 分钟阅读

Alibaba Druid — High-Performance JDBC Connection Pool with Monitoring

A production-grade JDBC connection pool for Java that provides built-in SQL monitoring, wall-based security filtering, and detailed performance statistics.

Agent 就绪

Agent 可直接安装

这个资产可安装;Agent 先选择当前运行时、检查安装计划,再运行匹配命令。

Native · 98/100策略:允许
Agent 入口
任意 MCP/CLI Agent
类型
Skill
安装
Single
信任
信任等级:Established
入口
Alibaba Druid Overview
直接安装命令
npx -y tokrepo@latest install f53bfd3c-7526-11f1-9bc6-00163e2b0d79 --target codex

先 dry-run 确认安装计划,再运行此命令。

Introduction

Alibaba Druid is a JDBC connection pool designed for monitoring and performance analysis. Beyond pooling connections, it provides a built-in web console that displays SQL execution statistics, slow query logs, and connection usage in real time.

What Alibaba Druid Does

  • Manages JDBC connection pooling with configurable min/max pool sizes and timeouts
  • Collects per-SQL execution metrics including count, time, rows, and error rate
  • Provides a built-in web dashboard (StatViewServlet) for real-time monitoring
  • Includes a WallFilter that blocks SQL injection patterns at the driver level
  • Supports SQL parsing and formatting for MySQL, PostgreSQL, Oracle, and SQL Server

Architecture Overview

Druid wraps the standard JDBC DataSource interface and intercepts every SQL call through a filter chain. The StatFilter collects timing and count data per SQL template. The WallFilter parses each statement through a dialect-specific SQL parser and rejects dangerous patterns. All statistics are stored in memory and exposed via a Servlet-based dashboard or JMX.

Self-Hosting & Configuration

  • Add druid-spring-boot-starter for automatic Spring Boot integration
  • Enable the stat view servlet in application.yml for the monitoring dashboard
  • Configure connection pool sizes via initialSize, minIdle, and maxActive
  • Set slowSqlMillis to flag queries exceeding your latency threshold
  • Optionally export metrics to Prometheus via the druid-spring-boot-actuator module

Key Features

  • Built-in SQL monitoring dashboard with no external dependencies
  • SQL injection firewall (WallFilter) that works at the connection pool level
  • Detailed per-SQL statistics: execution count, total time, max time, affected rows
  • Full SQL parser supporting 6+ database dialects
  • Connection leak detection with stack-trace logging

Comparison with Similar Tools

  • HikariCP — fastest raw throughput; Druid trades marginal speed for built-in monitoring and security
  • Apache DBCP2 — Apache's pool; Druid adds SQL-level metrics and the wall filter
  • c3p0 — legacy pool; Druid is more actively maintained with modern diagnostics
  • PgBouncer — PostgreSQL-specific external pooler; Druid is a JVM-embedded, database-agnostic solution

FAQ

Q: Is Druid slower than HikariCP? A: In raw connection-acquire benchmarks HikariCP is slightly faster, but Druid's monitoring overhead is negligible in most production workloads.

Q: Can I use Druid without Spring Boot? A: Yes. Druid works as a standalone DataSource in any Java application.

Q: Does the WallFilter protect against all SQL injection? A: It blocks common injection patterns at the SQL parser level, but should complement application-level parameterized queries, not replace them.

Q: How do I access the monitoring console? A: Enable stat-view-servlet and visit /druid/index.html on your application server.

Sources

讨论

登录后参与讨论。
还没有评论,来写第一条吧。

相关资产