codecamp

MyBatis-Plus 插件-防全表更新与删除插件

BlockAttackInnerInterceptor

针对 ​update和 ​delete语句,作用: 阻止恶意的全表更新删除

注入​MybatisPlusInterceptor​类,并配置​BlockAttackInnerInterceptor​拦截器

@Configuration
public class MybatisPlusConfig {
  @Bean
  public MybatisPlusInterceptor mybatisPlusInterceptor() {
    MybatisPlusInterceptor interceptor = new MybatisPlusInterceptor();
    interceptor.addInnerInterceptor(new BlockAttackInnerInterceptor());
    return interceptor;
  }
}

测试示例(全表更新)

@SpringBootTest
public class QueryWrapperTest {

  @Autowired
  private UserService userService;

  /**
  + SQL:UPDATE user  SET name=?,email=?;
  */
  @Test
  public void test() {
    User user = new User();
    user.setId(999L);
    user.setName("custom_name");
    user.setEmail("xxx@mail.com");
    // com.baomidou.mybatisplus.core.exceptions.MybatisPlusException: Prohibition of table update operation
    userService.saveOrUpdate(user, null);
  }
}

测试示例(部分更新)

@SpringBootTest
public class QueryWrapperTest {

  @Autowired
  private UserService userService;

  /**
  + SQL:UPDATE user  SET name=?, email=? WHERE id = ?;
  */
  @Test
  public void test() {
    LambdaUpdateWrapper<User> wrapper = new LambdaUpdateWrapper<>();
    wrapper.eq(User::getId, 1);
    User user = new User();
    user.setId(10L);
    user.setName("custom_name");
    user.setEmail("xxx@mail.com");
    userService.saveOrUpdate(user, wrapper);
  }}


MyBatis-Plus 插件-多租户插件
MyBatis-Plus 插件-动态表名插件
温馨提示
下载编程狮App,免费阅读超1000+编程语言教程
取消
确定
目录

关闭

MIP.setData({ 'pageTheme' : getCookie('pageTheme') || {'day':true, 'night':false}, 'pageFontSize' : getCookie('pageFontSize') || 20 }); MIP.watch('pageTheme', function(newValue){ setCookie('pageTheme', JSON.stringify(newValue)) }); MIP.watch('pageFontSize', function(newValue){ setCookie('pageFontSize', newValue) }); function setCookie(name, value){ var days = 1; var exp = new Date(); exp.setTime(exp.getTime() + days*24*60*60*1000); document.cookie = name + '=' + value + ';expires=' + exp.toUTCString(); } function getCookie(name){ var reg = new RegExp('(^| )' + name + '=([^;]*)(;|$)'); return document.cookie.match(reg) ? JSON.parse(document.cookie.match(reg)[2]) : null; }