Example 1 with BlockAttackSqlParser
use of com.baomidou.mybatisplus.extension.parsers.BlockAttackSqlParser in project tutorials-java by Artister.
the class MybatisPlusConfig method sqlExplainInterceptor.
@Bean
public SqlExplainInterceptor sqlExplainInterceptor() {
SqlExplainInterceptor sqlExplainInterceptor = new SqlExplainInterceptor();
List<ISqlParser> sqlParserList = new ArrayList<>();
sqlParserList.add(new BlockAttackSqlParser());
sqlExplainInterceptor.setSqlParserList(sqlParserList);
return sqlExplainInterceptor;
}
Also used :
ISqlParser(com.baomidou.mybatisplus.core.parser.ISqlParser)
ArrayList(java.util.ArrayList)
BlockAttackSqlParser(com.baomidou.mybatisplus.extension.parsers.BlockAttackSqlParser)
SqlExplainInterceptor(com.baomidou.mybatisplus.extension.plugins.SqlExplainInterceptor)
Bean(org.springframework.context.annotation.Bean)
Example 2 with BlockAttackSqlParser
use of com.baomidou.mybatisplus.extension.parsers.BlockAttackSqlParser in project dynamic_dataSource by tianliuzhen.
the class MybatisPlusConfig method paginationInterceptor.
/* @Bean
public PaginationInterceptor paginationInterceptor() {
PaginationInterceptor paginationInterceptor = new PaginationInterceptor();
// 设置请求的页面大于最大页后操作, true调回到首页,false 继续请求 默认false
// paginationInterceptor.setOverflow(false);
// 设置最大单页限制数量,默认 500 条,-1 不受限制
// paginationInterceptor.setLimit(500);
List<ISqlParser> sqlParserList = new ArrayList<>();
// 如果设置了全局逻辑删除、这里会失效,设置局部没关系已经测试
// 攻击 SQL 阻断解析器、加入解析链
sqlParserList.add(new BlockAttackSqlParser() {
@Override
public void processDelete(Delete delete) {
// 如果你想自定义做点什么,可以重写父类方法像这样子
if ("user_test".equals(delete.getTable().getName())) {
// 自定义跳过某个表,其他关联表可以调用 delete.getTables() 判断
log.info("跳过表:"+"user_test(这个表允许全部删除)");
return ;
}
super.processDelete(delete);
}
});
paginationInterceptor.setSqlParserList(sqlParserList);
return paginationInterceptor;
}*/
@Bean
public PaginationInterceptor paginationInterceptor() {
PaginationInterceptor paginationInterceptor = new PaginationInterceptor();
/**
* 1、【测试攻击 SQL】 阻断解析器、加入解析链
* 自定义设置参考上面注释
*/
List<ISqlParser> sqlParserList = new ArrayList<>();
sqlParserList.add(new BlockAttackSqlParser());
/**
* 2、【测试多租户】 SQL 解析处理拦截器<br>
* 传入的值一般都是配置文件 静态变量或者session中取出
* 意思就是在你的所有的sql 加一个条件 即是 where AND user.manager_id = 0
*/
TenantSqlParser tenantSqlParser = new TenantSqlParser();
tenantSqlParser.setTenantHandler(new TenantHandler() {
@Override
public Expression getTenantId(boolean where) {
// 此判断用于支持返回多个租户 ID 场景,具体使用查看示例工程
return new LongValue(0L);
}
@Override
public String getTenantIdColumn() {
// 多租户自定义字段
return "manager_id";
}
@Override
public boolean doTableFilter(String tableName) {
/*
if ("user".equals(tableName)) {
return true;
}*/
return false;
}
});
sqlParserList.add(tenantSqlParser);
paginationInterceptor.setSqlParserList(sqlParserList);
paginationInterceptor.setSqlParserFilter(new ISqlParserFilter() {
@Override
public boolean doFilter(MetaObject metaObject) {
MappedStatement ms = SqlParserHelper.getMappedStatement(metaObject);
// 意思允许 UserMapper下的这个 getAll 不用加 AND user.manager_id = 0
if ("com.aaa.mybatisplus.mapper.UserMapper.getAll".equals(ms.getId())) {
return true;
}
return false;
}
});
return paginationInterceptor;
}
Also used :
TenantHandler(com.baomidou.mybatisplus.extension.plugins.tenant.TenantHandler)
MetaObject(org.apache.ibatis.reflection.MetaObject)
ArrayList(java.util.ArrayList)
BlockAttackSqlParser(com.baomidou.mybatisplus.extension.parsers.BlockAttackSqlParser)
ISqlParserFilter(com.baomidou.mybatisplus.core.parser.ISqlParserFilter)
PaginationInterceptor(com.baomidou.mybatisplus.extension.plugins.PaginationInterceptor)
TenantSqlParser(com.baomidou.mybatisplus.extension.plugins.tenant.TenantSqlParser)
ISqlParser(com.baomidou.mybatisplus.core.parser.ISqlParser)
Expression(net.sf.jsqlparser.expression.Expression)
LongValue(net.sf.jsqlparser.expression.LongValue)
MappedStatement(org.apache.ibatis.mapping.MappedStatement)
Bean(org.springframework.context.annotation.Bean)
Example 3 with BlockAttackSqlParser
use of com.baomidou.mybatisplus.extension.parsers.BlockAttackSqlParser in project ddf-common by dongfangding.
the class MyBatisConfig method paginationInterceptor.
/**
* 分页与攻击 SQL 阻断解析器
*
* @return
*/
@Bean
public PaginationInterceptor paginationInterceptor() {
PaginationInterceptor paginationInterceptor = new PaginationInterceptor();
// 设置请求的页面大于最大页后操作, true调回到首页,false 继续请求 默认false
// paginationInterceptor.setOverflow(false);
// 设置最大单页限制数量,默认 500 条,-1 不受限制
// paginationInterceptor.setLimit(500);
List<ISqlParser> sqlParserList = new ArrayList<>();
// 攻击 SQL 阻断解析器、加入解析链
sqlParserList.add(new BlockAttackSqlParser());
paginationInterceptor.setSqlParserList(sqlParserList);
return paginationInterceptor;
}
Also used :
ISqlParser(com.baomidou.mybatisplus.core.parser.ISqlParser)
ArrayList(java.util.ArrayList)
BlockAttackSqlParser(com.baomidou.mybatisplus.extension.parsers.BlockAttackSqlParser)
PaginationInterceptor(com.baomidou.mybatisplus.extension.plugins.PaginationInterceptor)
Bean(org.springframework.context.annotation.Bean)
Aggregations
ISqlParser (com.baomidou.mybatisplus.core.parser.ISqlParser)3
BlockAttackSqlParser (com.baomidou.mybatisplus.extension.parsers.BlockAttackSqlParser)3
ArrayList (java.util.ArrayList)3
Bean (org.springframework.context.annotation.Bean)3
PaginationInterceptor (com.baomidou.mybatisplus.extension.plugins.PaginationInterceptor)2
ISqlParserFilter (com.baomidou.mybatisplus.core.parser.ISqlParserFilter)1
SqlExplainInterceptor (com.baomidou.mybatisplus.extension.plugins.SqlExplainInterceptor)1
TenantHandler (com.baomidou.mybatisplus.extension.plugins.tenant.TenantHandler)1
TenantSqlParser (com.baomidou.mybatisplus.extension.plugins.tenant.TenantSqlParser)1
Expression (net.sf.jsqlparser.expression.Expression)1
LongValue (net.sf.jsqlparser.expression.LongValue)1
MappedStatement (org.apache.ibatis.mapping.MappedStatement)1
MetaObject (org.apache.ibatis.reflection.MetaObject)1
