On this page
Druid Connection Pool
Druid is Alibaba’s JDBC connection pool, popular in Chinese enterprise Java applications. It provides built-in monitoring, SQL statistics, and wall-filter (SQL injection protection).
Setup
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid-spring-boot-3-starter</artifactId>
<version>1.2.21</version>
</dependency>
spring:
datasource:
type: com.alibaba.druid.pool.DruidDataSource
druid:
url: jdbc:mysql://localhost:3306/mydb
username: root
password: secret
driver-class-name: com.mysql.cj.jdbc.Driver
initial-size: 5
min-idle: 5
max-active: 20
max-wait: 60000
time-between-eviction-runs-millis: 60000
min-evictable-idle-time-millis: 300000
validation-query: SELECT 1
test-while-idle: true
test-on-borrow: false
test-on-return: false
Monitoring Servlet
Druid includes a built-in web UI for monitoring:
@Configuration
public class DruidConfig {
@Bean
public ServletRegistrationBean<StatViewServlet> druidStatViewServlet() {
ServletRegistrationBean<StatViewServlet> bean =
new ServletRegistrationBean<>(new StatViewServlet(), "/druid/*");
bean.addInitParameter("loginUsername", "admin");
bean.addInitParameter("loginPassword", "admin");
bean.addInitParameter("allow", "127.0.0.1");
return bean;
}
@Bean
public FilterRegistrationBean<WebStatFilter> druidWebStatFilter() {
FilterRegistrationBean<WebStatFilter> bean =
new FilterRegistrationBean<>(new WebStatFilter());
bean.addUrlPatterns("/*");
bean.addInitParameter("exclusions", "*.js,*.css,/druid/*");
return bean;
}
}
Access at http://localhost:8080/druid/index.html.
SQL Statistics
Druid tracks SQL execution statistics automatically:
- Execution count and timing
- Slow SQL detection (configurable threshold)
- SQL merge (combines similar queries)
- Concurrent execution count
spring:
datasource:
druid:
filter:
stat:
enabled: true
slow-sql-millis: 2000
log-slow-sql: true
wall:
enabled: true # SQL injection protection
config:
multi-statement-allow: false
Wall Filter (SQL Injection Protection)
spring:
datasource:
druid:
filter:
wall:
enabled: true
config:
delete-allow: true
drop-table-allow: false
select-all-column-allow: true
Blocks dangerous SQL patterns like DROP TABLE, TRUNCATE, etc.
Druid vs HikariCP
| Feature | HikariCP | Druid |
|---|---|---|
| Performance | Fastest | Good |
| Monitoring UI | Via Actuator/JMX | Built-in web UI |
| SQL statistics | No | Yes |
| SQL injection filter | No | Yes (Wall Filter) |
| Spring Boot default | Yes (2.x+) | No |
| Community | Global | Strong in China |
Programmatic Access
@Autowired
private DataSource dataSource;
public void printStats() {
DruidDataSource druid = (DruidDataSource) dataSource;
System.out.println("Active: " + druid.getActiveCount());
System.out.println("Pooling: " + druid.getPoolingCount());
System.out.println("Wait threads: " + druid.getWaitThreadCount());
}
Best Practices
- Use HikariCP for new projects unless you need Druid’s monitoring features
- Secure the Druid monitoring UI with authentication in production
- Enable slow SQL logging to identify performance bottlenecks
- Use Wall Filter as an additional SQL injection defense layer
- Configure
max-activebased on database capacity, not application threads