use of com.baomidou.mybatisplus.core.parser.ISqlParserFilter in project kms by mahonelau.
the class MybatisPlusConfig method tenantConfig.
/**
* 多租户的配置
* @param paginationInterceptor
*/
private void tenantConfig(PaginationInterceptor paginationInterceptor) {
/*
* 【测试多租户】 SQL 解析处理拦截器<br>
* 这里固定写成住户 1 实际情况你可以从cookie读取,因此数据看不到 【 麻花藤 】 这条记录( 注意观察 SQL )<br>
*/
List<ISqlParser> sqlParserList = new ArrayList<>();
TenantSqlParser tenantSqlParser = new JeecgTenantParser();
tenantSqlParser.setTenantHandler(new TenantHandler() {
@Override
public Expression getTenantId(boolean select) {
String tenant_id = oConvertUtils.getString(TenantContext.getTenant(), "0");
return new LongValue(tenant_id);
}
@Override
public String getTenantIdColumn() {
return tenant_field;
}
@Override
public boolean doTableFilter(String tableName) {
// return excludeTable.contains(tableName);
if (tenantTable.contains(tableName)) {
return false;
}
return true;
}
private Expression in(String ids) {
final InExpression inExpression = new InExpression();
inExpression.setLeftExpression(new Column(getTenantIdColumn()));
final ExpressionList itemsList = new ExpressionList();
final List<Expression> inValues = new ArrayList<>(2);
for (String id : ids.split(",")) {
inValues.add(new LongValue(id));
}
itemsList.setExpressions(inValues);
inExpression.setRightItemsList(itemsList);
return inExpression;
}
});
sqlParserList.add(tenantSqlParser);
paginationInterceptor.setSqlParserList(sqlParserList);
paginationInterceptor.setSqlParserFilter(new ISqlParserFilter() {
@Override
public boolean doFilter(MetaObject metaObject) {
String sql = (String) metaObject.getValue(PluginUtils.DELEGATE_BOUNDSQL_SQL);
for (String tableName : tenantTable) {
String sql_lowercase = sql.toLowerCase();
if (sql_lowercase.indexOf(tableName.toLowerCase()) >= 0) {
for (String key : DDL_KEYWORD) {
if (sql_lowercase.indexOf(key) >= 0) {
return true;
}
}
return false;
}
}
/*if ("mapper路径.方法名".equals(ms.getId())) {
//使用这种判断也可以避免走此过滤器
return true;
}*/
return true;
}
});
}
use of com.baomidou.mybatisplus.core.parser.ISqlParserFilter in project kykms by mahonelau.
the class MybatisPlusConfig method tenantConfig.
/**
* 多租户的配置
* @param paginationInterceptor
*/
private void tenantConfig(PaginationInterceptor paginationInterceptor) {
/*
* 【测试多租户】 SQL 解析处理拦截器<br>
* 这里固定写成住户 1 实际情况你可以从cookie读取,因此数据看不到 【 麻花藤 】 这条记录( 注意观察 SQL )<br>
*/
List<ISqlParser> sqlParserList = new ArrayList<>();
TenantSqlParser tenantSqlParser = new JeecgTenantParser();
tenantSqlParser.setTenantHandler(new TenantHandler() {
@Override
public Expression getTenantId(boolean select) {
String tenant_id = oConvertUtils.getString(TenantContext.getTenant(), "0");
return new LongValue(tenant_id);
}
@Override
public String getTenantIdColumn() {
return tenant_field;
}
@Override
public boolean doTableFilter(String tableName) {
// return excludeTable.contains(tableName);
if (tenantTable.contains(tableName)) {
return false;
}
return true;
}
private Expression in(String ids) {
final InExpression inExpression = new InExpression();
inExpression.setLeftExpression(new Column(getTenantIdColumn()));
final ExpressionList itemsList = new ExpressionList();
final List<Expression> inValues = new ArrayList<>(2);
for (String id : ids.split(",")) {
inValues.add(new LongValue(id));
}
itemsList.setExpressions(inValues);
inExpression.setRightItemsList(itemsList);
return inExpression;
}
});
sqlParserList.add(tenantSqlParser);
paginationInterceptor.setSqlParserList(sqlParserList);
paginationInterceptor.setSqlParserFilter(new ISqlParserFilter() {
@Override
public boolean doFilter(MetaObject metaObject) {
String sql = (String) metaObject.getValue(PluginUtils.DELEGATE_BOUNDSQL_SQL);
for (String tableName : tenantTable) {
String sql_lowercase = sql.toLowerCase();
if (sql_lowercase.indexOf(tableName.toLowerCase()) >= 0) {
for (String key : DDL_KEYWORD) {
if (sql_lowercase.indexOf(key) >= 0) {
return true;
}
}
return false;
}
}
/*if ("mapper路径.方法名".equals(ms.getId())) {
//使用这种判断也可以避免走此过滤器
return true;
}*/
return true;
}
});
}
use of com.baomidou.mybatisplus.core.parser.ISqlParserFilter in project dynamic_dataSource by tianliuzhen.
the class MybatisPlusConfig method paginationInterceptor.
/* @Bean
public PaginationInterceptor paginationInterceptor() {
PaginationInterceptor paginationInterceptor = new PaginationInterceptor();
// 设置请求的页面大于最大页后操作, true调回到首页,false 继续请求 默认false
// paginationInterceptor.setOverflow(false);
// 设置最大单页限制数量,默认 500 条,-1 不受限制
// paginationInterceptor.setLimit(500);
List<ISqlParser> sqlParserList = new ArrayList<>();
// 如果设置了全局逻辑删除、这里会失效,设置局部没关系已经测试
// 攻击 SQL 阻断解析器、加入解析链
sqlParserList.add(new BlockAttackSqlParser() {
@Override
public void processDelete(Delete delete) {
// 如果你想自定义做点什么,可以重写父类方法像这样子
if ("user_test".equals(delete.getTable().getName())) {
// 自定义跳过某个表,其他关联表可以调用 delete.getTables() 判断
log.info("跳过表:"+"user_test(这个表允许全部删除)");
return ;
}
super.processDelete(delete);
}
});
paginationInterceptor.setSqlParserList(sqlParserList);
return paginationInterceptor;
}*/
@Bean
public PaginationInterceptor paginationInterceptor() {
PaginationInterceptor paginationInterceptor = new PaginationInterceptor();
/**
* 1、【测试攻击 SQL】 阻断解析器、加入解析链
* 自定义设置参考上面注释
*/
List<ISqlParser> sqlParserList = new ArrayList<>();
sqlParserList.add(new BlockAttackSqlParser());
/**
* 2、【测试多租户】 SQL 解析处理拦截器<br>
* 传入的值一般都是配置文件 静态变量或者session中取出
* 意思就是在你的所有的sql 加一个条件 即是 where AND user.manager_id = 0
*/
TenantSqlParser tenantSqlParser = new TenantSqlParser();
tenantSqlParser.setTenantHandler(new TenantHandler() {
@Override
public Expression getTenantId(boolean where) {
// 此判断用于支持返回多个租户 ID 场景,具体使用查看示例工程
return new LongValue(0L);
}
@Override
public String getTenantIdColumn() {
// 多租户自定义字段
return "manager_id";
}
@Override
public boolean doTableFilter(String tableName) {
/*
if ("user".equals(tableName)) {
return true;
}*/
return false;
}
});
sqlParserList.add(tenantSqlParser);
paginationInterceptor.setSqlParserList(sqlParserList);
paginationInterceptor.setSqlParserFilter(new ISqlParserFilter() {
@Override
public boolean doFilter(MetaObject metaObject) {
MappedStatement ms = SqlParserHelper.getMappedStatement(metaObject);
// 意思允许 UserMapper下的这个 getAll 不用加 AND user.manager_id = 0
if ("com.aaa.mybatisplus.mapper.UserMapper.getAll".equals(ms.getId())) {
return true;
}
return false;
}
});
return paginationInterceptor;
}
use of com.baomidou.mybatisplus.core.parser.ISqlParserFilter in project jshERP by jishenghua.
the class TenantConfig method paginationInterceptor.
@Bean
public PaginationInterceptor paginationInterceptor(HttpServletRequest request) {
PaginationInterceptor paginationInterceptor = new PaginationInterceptor();
List<ISqlParser> sqlParserList = new ArrayList<>();
TenantSqlParser tenantSqlParser = new TenantSqlParser();
tenantSqlParser.setTenantHandler(new TenantHandler() {
@Override
public Expression getTenantId() {
String token = request.getHeader("X-Access-Token");
Long tenantId = Tools.getTenantIdByToken(token);
if (tenantId != 0L) {
return new LongValue(tenantId);
} else {
// 超管
return null;
}
}
@Override
public String getTenantIdColumn() {
return "tenant_id";
}
@Override
public boolean doTableFilter(String tableName) {
// 获取开启状态
Boolean res = true;
String token = request.getHeader("X-Access-Token");
Long tenantId = Tools.getTenantIdByToken(token);
if (tenantId != 0L) {
// 这里可以判断是否过滤表
if ("jsh_material_property".equals(tableName) || "jsh_sequence".equals(tableName) || "jsh_user_business".equals(tableName) || "jsh_function".equals(tableName) || "jsh_platform_config".equals(tableName) || "jsh_tenant".equals(tableName)) {
res = true;
} else {
res = false;
}
}
return res;
}
});
sqlParserList.add(tenantSqlParser);
paginationInterceptor.setSqlParserList(sqlParserList);
paginationInterceptor.setSqlParserFilter(new ISqlParserFilter() {
@Override
public boolean doFilter(MetaObject metaObject) {
MappedStatement ms = SqlParserHelper.getMappedStatement(metaObject);
// 过滤自定义查询此时无租户信息约束出现
if ("com.jsh.erp.datasource.mappers.UserMapperEx.getUserListByUserNameOrLoginName".equals(ms.getId())) {
return true;
} else if ("com.jsh.erp.datasource.mappers.RoleMapperEx.getRoleWithoutTenant".equals(ms.getId())) {
return true;
} else if ("com.jsh.erp.datasource.mappers.LogMapperEx.insertLogWithUserId".equals(ms.getId())) {
return true;
}
return false;
}
});
return paginationInterceptor;
}
Aggregations