阅读(2450) (0)

MyBatis-Plus 插件-防全表更新与删除插件

2022-03-25 14:17:46 更新

BlockAttackInnerInterceptor

针对 ​update和 ​delete语句,作用: 阻止恶意的全表更新删除

注入​MybatisPlusInterceptor​类,并配置​BlockAttackInnerInterceptor​拦截器

@Configuration
public class MybatisPlusConfig {
  @Bean
  public MybatisPlusInterceptor mybatisPlusInterceptor() {
    MybatisPlusInterceptor interceptor = new MybatisPlusInterceptor();
    interceptor.addInnerInterceptor(new BlockAttackInnerInterceptor());
    return interceptor;
  }
}

测试示例(全表更新)

@SpringBootTest
public class QueryWrapperTest {

  @Autowired
  private UserService userService;

  /**
  + SQL:UPDATE user  SET name=?,email=?;
  */
  @Test
  public void test() {
    User user = new User();
    user.setId(999L);
    user.setName("custom_name");
    user.setEmail("xxx@mail.com");
    // com.baomidou.mybatisplus.core.exceptions.MybatisPlusException: Prohibition of table update operation
    userService.saveOrUpdate(user, null);
  }
}

测试示例(部分更新)

@SpringBootTest
public class QueryWrapperTest {

  @Autowired
  private UserService userService;

  /**
  + SQL:UPDATE user  SET name=?, email=? WHERE id = ?;
  */
  @Test
  public void test() {
    LambdaUpdateWrapper<User> wrapper = new LambdaUpdateWrapper<>();
    wrapper.eq(User::getId, 1);
    User user = new User();
    user.setId(10L);
    user.setName("custom_name");
    user.setEmail("xxx@mail.com");
    userService.saveOrUpdate(user, wrapper);
  }}