Examples with ISqlParserFilter com.baomidou.mybatisplus.core.parser.ISqlParserFilter used on opensource projects

Search in sources :

Example 1 with ISqlParserFilter

use of com.baomidou.mybatisplus.core.parser.ISqlParserFilter in project kms by mahonelau.

the class MybatisPlusConfig method tenantConfig.

/**
 * 多租户的配置
 * @param paginationInterceptor
 */
private void tenantConfig(PaginationInterceptor paginationInterceptor) {
    /*
         * 【测试多租户】 SQL 解析处理拦截器<br>
         * 这里固定写成住户 1 实际情况你可以从cookie读取,因此数据看不到 【 麻花藤 】 这条记录( 注意观察 SQL )<br>
         */
    List<ISqlParser> sqlParserList = new ArrayList<>();
    TenantSqlParser tenantSqlParser = new JeecgTenantParser();
    tenantSqlParser.setTenantHandler(new TenantHandler() {

        @Override
        public Expression getTenantId(boolean select) {
            String tenant_id = oConvertUtils.getString(TenantContext.getTenant(), "0");
            return new LongValue(tenant_id);
        }

        @Override
        public String getTenantIdColumn() {
            return tenant_field;
        }

        @Override
        public boolean doTableFilter(String tableName) {
            // return excludeTable.contains(tableName);
            if (tenantTable.contains(tableName)) {
                return false;
            }
            return true;
        }

        private Expression in(String ids) {
            final InExpression inExpression = new InExpression();
            inExpression.setLeftExpression(new Column(getTenantIdColumn()));
            final ExpressionList itemsList = new ExpressionList();
            final List<Expression> inValues = new ArrayList<>(2);
            for (String id : ids.split(",")) {
                inValues.add(new LongValue(id));
            }
            itemsList.setExpressions(inValues);
            inExpression.setRightItemsList(itemsList);
            return inExpression;
        }
    });
    sqlParserList.add(tenantSqlParser);
    paginationInterceptor.setSqlParserList(sqlParserList);
    paginationInterceptor.setSqlParserFilter(new ISqlParserFilter() {

        @Override
        public boolean doFilter(MetaObject metaObject) {
            String sql = (String) metaObject.getValue(PluginUtils.DELEGATE_BOUNDSQL_SQL);
            for (String tableName : tenantTable) {
                String sql_lowercase = sql.toLowerCase();
                if (sql_lowercase.indexOf(tableName.toLowerCase()) >= 0) {
                    for (String key : DDL_KEYWORD) {
                        if (sql_lowercase.indexOf(key) >= 0) {
                            return true;
                        }
                    }
                    return false;
                }
            }
            /*if ("mapper路径.方法名".equals(ms.getId())) {
                    //使用这种判断也可以避免走此过滤器
                    return true;
                }*/
            return true;
        }
    });
}
Also used : TenantHandler(com.baomidou.mybatisplus.extension.plugins.tenant.TenantHandler) MetaObject(org.apache.ibatis.reflection.MetaObject) InExpression(net.sf.jsqlparser.expression.operators.relational.InExpression) ArrayList(java.util.ArrayList) ISqlParserFilter(com.baomidou.mybatisplus.core.parser.ISqlParserFilter) TenantSqlParser(com.baomidou.mybatisplus.extension.plugins.tenant.TenantSqlParser) ISqlParser(com.baomidou.mybatisplus.core.parser.ISqlParser) Expression(net.sf.jsqlparser.expression.Expression) InExpression(net.sf.jsqlparser.expression.operators.relational.InExpression) Column(net.sf.jsqlparser.schema.Column) LongValue(net.sf.jsqlparser.expression.LongValue) ArrayList(java.util.ArrayList) List(java.util.List) ExpressionList(net.sf.jsqlparser.expression.operators.relational.ExpressionList) ExpressionList(net.sf.jsqlparser.expression.operators.relational.ExpressionList)

Example 2 with ISqlParserFilter

use of com.baomidou.mybatisplus.core.parser.ISqlParserFilter in project kykms by mahonelau.

the class MybatisPlusConfig method tenantConfig.

/**
 * 多租户的配置
 * @param paginationInterceptor
 */
private void tenantConfig(PaginationInterceptor paginationInterceptor) {
    /*
         * 【测试多租户】 SQL 解析处理拦截器<br>
         * 这里固定写成住户 1 实际情况你可以从cookie读取,因此数据看不到 【 麻花藤 】 这条记录( 注意观察 SQL )<br>
         */
    List<ISqlParser> sqlParserList = new ArrayList<>();
    TenantSqlParser tenantSqlParser = new JeecgTenantParser();
    tenantSqlParser.setTenantHandler(new TenantHandler() {

        @Override
        public Expression getTenantId(boolean select) {
            String tenant_id = oConvertUtils.getString(TenantContext.getTenant(), "0");
            return new LongValue(tenant_id);
        }

        @Override
        public String getTenantIdColumn() {
            return tenant_field;
        }

        @Override
        public boolean doTableFilter(String tableName) {
            // return excludeTable.contains(tableName);
            if (tenantTable.contains(tableName)) {
                return false;
            }
            return true;
        }

        private Expression in(String ids) {
            final InExpression inExpression = new InExpression();
            inExpression.setLeftExpression(new Column(getTenantIdColumn()));
            final ExpressionList itemsList = new ExpressionList();
            final List<Expression> inValues = new ArrayList<>(2);
            for (String id : ids.split(",")) {
                inValues.add(new LongValue(id));
            }
            itemsList.setExpressions(inValues);
            inExpression.setRightItemsList(itemsList);
            return inExpression;
        }
    });
    sqlParserList.add(tenantSqlParser);
    paginationInterceptor.setSqlParserList(sqlParserList);
    paginationInterceptor.setSqlParserFilter(new ISqlParserFilter() {

        @Override
        public boolean doFilter(MetaObject metaObject) {
            String sql = (String) metaObject.getValue(PluginUtils.DELEGATE_BOUNDSQL_SQL);
            for (String tableName : tenantTable) {
                String sql_lowercase = sql.toLowerCase();
                if (sql_lowercase.indexOf(tableName.toLowerCase()) >= 0) {
                    for (String key : DDL_KEYWORD) {
                        if (sql_lowercase.indexOf(key) >= 0) {
                            return true;
                        }
                    }
                    return false;
                }
            }
            /*if ("mapper路径.方法名".equals(ms.getId())) {
                    //使用这种判断也可以避免走此过滤器
                    return true;
                }*/
            return true;
        }
    });
}
Also used : TenantHandler(com.baomidou.mybatisplus.extension.plugins.tenant.TenantHandler) MetaObject(org.apache.ibatis.reflection.MetaObject) InExpression(net.sf.jsqlparser.expression.operators.relational.InExpression) ArrayList(java.util.ArrayList) ISqlParserFilter(com.baomidou.mybatisplus.core.parser.ISqlParserFilter) TenantSqlParser(com.baomidou.mybatisplus.extension.plugins.tenant.TenantSqlParser) ISqlParser(com.baomidou.mybatisplus.core.parser.ISqlParser) Expression(net.sf.jsqlparser.expression.Expression) InExpression(net.sf.jsqlparser.expression.operators.relational.InExpression) Column(net.sf.jsqlparser.schema.Column) LongValue(net.sf.jsqlparser.expression.LongValue) ArrayList(java.util.ArrayList) List(java.util.List) ExpressionList(net.sf.jsqlparser.expression.operators.relational.ExpressionList) ExpressionList(net.sf.jsqlparser.expression.operators.relational.ExpressionList)

Example 3 with ISqlParserFilter

use of com.baomidou.mybatisplus.core.parser.ISqlParserFilter in project dynamic_dataSource by tianliuzhen.

the class MybatisPlusConfig method paginationInterceptor.

/*  @Bean
    public PaginationInterceptor paginationInterceptor() {
        PaginationInterceptor paginationInterceptor = new PaginationInterceptor();
        // 设置请求的页面大于最大页后操作, true调回到首页,false 继续请求  默认false
        // paginationInterceptor.setOverflow(false);
        // 设置最大单页限制数量,默认 500 条,-1 不受限制
        // paginationInterceptor.setLimit(500);



        List<ISqlParser> sqlParserList = new ArrayList<>();
        // 如果设置了全局逻辑删除、这里会失效,设置局部没关系已经测试
        // 攻击 SQL 阻断解析器、加入解析链
        sqlParserList.add(new BlockAttackSqlParser() {
            @Override
            public void processDelete(Delete delete) {
                // 如果你想自定义做点什么,可以重写父类方法像这样子
                if ("user_test".equals(delete.getTable().getName())) {
                    // 自定义跳过某个表,其他关联表可以调用 delete.getTables() 判断
                    log.info("跳过表:"+"user_test(这个表允许全部删除)");
                    return ;
                }
                super.processDelete(delete);
            }
        });
        paginationInterceptor.setSqlParserList(sqlParserList);

        return paginationInterceptor;
    }*/
@Bean
public PaginationInterceptor paginationInterceptor() {
    PaginationInterceptor paginationInterceptor = new PaginationInterceptor();
    /**
     * 1、【测试攻击 SQL】 阻断解析器、加入解析链
     *     自定义设置参考上面注释
     */
    List<ISqlParser> sqlParserList = new ArrayList<>();
    sqlParserList.add(new BlockAttackSqlParser());
    /**
     * 2、【测试多租户】 SQL 解析处理拦截器<br>
     * 传入的值一般都是配置文件 静态变量或者session中取出
     * 意思就是在你的所有的sql 加一个条件 即是 where  AND user.manager_id = 0
     */
    TenantSqlParser tenantSqlParser = new TenantSqlParser();
    tenantSqlParser.setTenantHandler(new TenantHandler() {

        @Override
        public Expression getTenantId(boolean where) {
            // 此判断用于支持返回多个租户 ID 场景,具体使用查看示例工程
            return new LongValue(0L);
        }

        @Override
        public String getTenantIdColumn() {
            // 多租户自定义字段
            return "manager_id";
        }

        @Override
        public boolean doTableFilter(String tableName) {
            /*
            if ("user".equals(tableName)) {
                return true;
            }*/
            return false;
        }
    });
    sqlParserList.add(tenantSqlParser);
    paginationInterceptor.setSqlParserList(sqlParserList);
    paginationInterceptor.setSqlParserFilter(new ISqlParserFilter() {

        @Override
        public boolean doFilter(MetaObject metaObject) {
            MappedStatement ms = SqlParserHelper.getMappedStatement(metaObject);
            // 意思允许 UserMapper下的这个 getAll 不用加  AND user.manager_id = 0
            if ("com.aaa.mybatisplus.mapper.UserMapper.getAll".equals(ms.getId())) {
                return true;
            }
            return false;
        }
    });
    return paginationInterceptor;
}
Also used : TenantHandler(com.baomidou.mybatisplus.extension.plugins.tenant.TenantHandler) MetaObject(org.apache.ibatis.reflection.MetaObject) ArrayList(java.util.ArrayList) BlockAttackSqlParser(com.baomidou.mybatisplus.extension.parsers.BlockAttackSqlParser) ISqlParserFilter(com.baomidou.mybatisplus.core.parser.ISqlParserFilter) PaginationInterceptor(com.baomidou.mybatisplus.extension.plugins.PaginationInterceptor) TenantSqlParser(com.baomidou.mybatisplus.extension.plugins.tenant.TenantSqlParser) ISqlParser(com.baomidou.mybatisplus.core.parser.ISqlParser) Expression(net.sf.jsqlparser.expression.Expression) LongValue(net.sf.jsqlparser.expression.LongValue) MappedStatement(org.apache.ibatis.mapping.MappedStatement) Bean(org.springframework.context.annotation.Bean)

Example 4 with ISqlParserFilter

use of com.baomidou.mybatisplus.core.parser.ISqlParserFilter in project jshERP by jishenghua.

the class TenantConfig method paginationInterceptor.

@Bean
public PaginationInterceptor paginationInterceptor(HttpServletRequest request) {
    PaginationInterceptor paginationInterceptor = new PaginationInterceptor();
    List<ISqlParser> sqlParserList = new ArrayList<>();
    TenantSqlParser tenantSqlParser = new TenantSqlParser();
    tenantSqlParser.setTenantHandler(new TenantHandler() {

        @Override
        public Expression getTenantId() {
            String token = request.getHeader("X-Access-Token");
            Long tenantId = Tools.getTenantIdByToken(token);
            if (tenantId != 0L) {
                return new LongValue(tenantId);
            } else {
                // 超管
                return null;
            }
        }

        @Override
        public String getTenantIdColumn() {
            return "tenant_id";
        }

        @Override
        public boolean doTableFilter(String tableName) {
            // 获取开启状态
            Boolean res = true;
            String token = request.getHeader("X-Access-Token");
            Long tenantId = Tools.getTenantIdByToken(token);
            if (tenantId != 0L) {
                // 这里可以判断是否过滤表
                if ("jsh_material_property".equals(tableName) || "jsh_sequence".equals(tableName) || "jsh_user_business".equals(tableName) || "jsh_function".equals(tableName) || "jsh_platform_config".equals(tableName) || "jsh_tenant".equals(tableName)) {
                    res = true;
                } else {
                    res = false;
                }
            }
            return res;
        }
    });
    sqlParserList.add(tenantSqlParser);
    paginationInterceptor.setSqlParserList(sqlParserList);
    paginationInterceptor.setSqlParserFilter(new ISqlParserFilter() {

        @Override
        public boolean doFilter(MetaObject metaObject) {
            MappedStatement ms = SqlParserHelper.getMappedStatement(metaObject);
            // 过滤自定义查询此时无租户信息约束出现
            if ("com.jsh.erp.datasource.mappers.UserMapperEx.getUserListByUserNameOrLoginName".equals(ms.getId())) {
                return true;
            } else if ("com.jsh.erp.datasource.mappers.RoleMapperEx.getRoleWithoutTenant".equals(ms.getId())) {
                return true;
            } else if ("com.jsh.erp.datasource.mappers.LogMapperEx.insertLogWithUserId".equals(ms.getId())) {
                return true;
            }
            return false;
        }
    });
    return paginationInterceptor;
}
Also used : TenantHandler(com.baomidou.mybatisplus.extension.plugins.tenant.TenantHandler) MetaObject(org.apache.ibatis.reflection.MetaObject) ArrayList(java.util.ArrayList) ISqlParserFilter(com.baomidou.mybatisplus.core.parser.ISqlParserFilter) PaginationInterceptor(com.baomidou.mybatisplus.extension.plugins.PaginationInterceptor) TenantSqlParser(com.baomidou.mybatisplus.extension.plugins.tenant.TenantSqlParser) ISqlParser(com.baomidou.mybatisplus.core.parser.ISqlParser) Expression(net.sf.jsqlparser.expression.Expression) LongValue(net.sf.jsqlparser.expression.LongValue) MappedStatement(org.apache.ibatis.mapping.MappedStatement) Bean(org.springframework.context.annotation.Bean)

Aggregations

ISqlParser (com.baomidou.mybatisplus.core.parser.ISqlParser)4 ISqlParserFilter (com.baomidou.mybatisplus.core.parser.ISqlParserFilter)4 TenantHandler (com.baomidou.mybatisplus.extension.plugins.tenant.TenantHandler)4 TenantSqlParser (com.baomidou.mybatisplus.extension.plugins.tenant.TenantSqlParser)4 ArrayList (java.util.ArrayList)4 Expression (net.sf.jsqlparser.expression.Expression)4 LongValue (net.sf.jsqlparser.expression.LongValue)4 MetaObject (org.apache.ibatis.reflection.MetaObject)4 PaginationInterceptor (com.baomidou.mybatisplus.extension.plugins.PaginationInterceptor)2 List (java.util.List)2 ExpressionList (net.sf.jsqlparser.expression.operators.relational.ExpressionList)2 InExpression (net.sf.jsqlparser.expression.operators.relational.InExpression)2 Column (net.sf.jsqlparser.schema.Column)2 MappedStatement (org.apache.ibatis.mapping.MappedStatement)2 Bean (org.springframework.context.annotation.Bean)2 BlockAttackSqlParser (com.baomidou.mybatisplus.extension.parsers.BlockAttackSqlParser)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial