github
/
jeecg-boot
mirror of https://github.com/jeecgboot/jeecg-boot
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

升级spring boot 3.4.4

pull/8125/head
EightMonth 2025-04-16 16:18:32 +08:00
parent 36caab37e2
commit b70e709e53
22 changed files with 2062 additions and 2058 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
jeecg-boot/jeecg-boot-base-core/pom.xml
View File

@ -112,7 +112,15 @@
<!-- mybatis-plus -->
<dependency>
<groupId>com.baomidou</groupId>
<artifactId>mybatis-plus-boot-starter</artifactId>
<artifactId>mybatis-plus-spring-boot3-starter</artifactId>
<version>${mybatis-plus.version}</version>
</dependency>
<dependency>
<groupId>com.baomidou</groupId>
<!--JDK 11+-->
<artifactId>mybatis-plus-jsqlparser</artifactId>
<!--JDK 8+-->
<!--<artifactId>mybatis-plus-jsqlparser-4.9</artifactId>-->
<version>${mybatis-plus.version}</version>
</dependency>

1
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/aspect/AutoLogAspect.java
View File

@ -20,7 +20,6 @@ import org.jeecg.common.system.vo.LoginUser;
import org.jeecg.common.util.IpUtils;
import org.jeecg.common.util.SpringContextUtils;
import org.jeecg.common.util.oConvertUtils;
import org.springframework.core.LocalVariableTableParameterNameDiscoverer;
import org.springframework.core.StandardReflectionParameterNameDiscoverer;
import org.springframework.stereotype.Component;
import org.springframework.validation.BindingResult;

66
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/sqlInjection/InjectionAstNodeVisitor.java
View File

@ -1,33 +1,33 @@
package org.jeecg.common.util.sqlInjection;
import net.sf.jsqlparser.parser.CCJSqlParserDefaultVisitor;
import net.sf.jsqlparser.parser.SimpleNode;
import net.sf.jsqlparser.statement.select.UnionOp;
import org.jeecg.common.exception.JeecgSqlInjectionException;
/**
* (AST)
*
* @author guyadong
*/
public class InjectionAstNodeVisitor extends CCJSqlParserDefaultVisitor {
public InjectionAstNodeVisitor() {
}
/**
*
*
* @param node
* @param data
* @return
*/
@Override
public Object visit(SimpleNode node, Object data) {
Object value = node.jjtGetValue();
if (value instanceof UnionOp) {
throw new JeecgSqlInjectionException("DISABLE UNION");
}
return super.visit(node, data);
}
}
//package org.jeecg.common.util.sqlInjection;
//
//import net.sf.jsqlparser.parser.CCJSqlParserDefaultVisitor;
//import net.sf.jsqlparser.parser.SimpleNode;
//import net.sf.jsqlparser.statement.select.UnionOp;
//import org.jeecg.common.exception.JeecgSqlInjectionException;
//
///**
// * 基于抽象语法树(AST)的注入攻击分析实现
// *
// * @author guyadong
// */
//public class InjectionAstNodeVisitor extends CCJSqlParserDefaultVisitor {
// public InjectionAstNodeVisitor() {
// }
//
// /**
// * 处理禁止联合查询
// *
// * @param node
// * @param data
// * @return
// */
// @Override
// public Object visit(SimpleNode node, Object data) {
// Object value = node.jjtGetValue();
// if (value instanceof UnionOp) {
// throw new JeecgSqlInjectionException("DISABLE UNION");
// }
// return super.visit(node, data);
// }
//}
//

342
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/sqlInjection/InjectionSyntaxObjectAnalyzer.java
View File

@ -1,172 +1,172 @@
package org.jeecg.common.util.sqlInjection;
import net.sf.jsqlparser.expression.BinaryExpression;
import net.sf.jsqlparser.expression.Expression;
import net.sf.jsqlparser.expression.Function;
import net.sf.jsqlparser.expression.operators.conditional.AndExpression;
import net.sf.jsqlparser.expression.operators.conditional.OrExpression;
import net.sf.jsqlparser.expression.operators.relational.ComparisonOperator;
import net.sf.jsqlparser.schema.Column;
import net.sf.jsqlparser.statement.select.Join;
import net.sf.jsqlparser.statement.select.OrderByElement;
import net.sf.jsqlparser.statement.select.PlainSelect;
import net.sf.jsqlparser.statement.select.SelectItem;
import net.sf.jsqlparser.statement.select.SubSelect;
import net.sf.jsqlparser.statement.select.WithItem;
import net.sf.jsqlparser.util.TablesNamesFinder;
import org.jeecg.common.exception.JeecgSqlInjectionException;
import org.jeecg.common.util.sqlInjection.parse.ConstAnalyzer;
import org.jeecg.common.util.sqlInjection.parse.ParserSupport;
/**
* SQLSQL
*
* @author guyadong
*/
public class InjectionSyntaxObjectAnalyzer extends TablesNamesFinder {
/**
*
*/
private static final String DANGROUS_FUNCTIONS = "(sleep|benchmark|extractvalue|updatexml|ST_LatFromGeoHash|ST_LongFromGeoHash|GTID_SUBSET|GTID_SUBTRACT|floor|ST_Pointfromgeohash"
+ "|geometrycollection|multipoint|polygon|multipolygon|linestring|multilinestring)";
private static ThreadLocal<Boolean> disableSubselect = new ThreadLocal<Boolean>() {
@Override
protected Boolean initialValue() {
return true;
}
};
private ConstAnalyzer constAnalyzer = new ConstAnalyzer();
public InjectionSyntaxObjectAnalyzer() {
super();
init(true);
}
@Override
public void visitBinaryExpression(BinaryExpression binaryExpression) {
if (binaryExpression instanceof ComparisonOperator) {
if (isConst(binaryExpression.getLeftExpression()) && isConst(binaryExpression.getRightExpression())) {
/** 禁用恒等式 */
throw new JeecgSqlInjectionException("DISABLE IDENTICAL EQUATION " + binaryExpression);
}
}
super.visitBinaryExpression(binaryExpression);
}
@Override
public void visit(AndExpression andExpression) {
super.visit(andExpression);
checkConstExpress(andExpression.getLeftExpression());
checkConstExpress(andExpression.getRightExpression());
}
@Override
public void visit(OrExpression orExpression) {
super.visit(orExpression);
checkConstExpress(orExpression.getLeftExpression());
checkConstExpress(orExpression.getRightExpression());
}
@Override
public void visit(Function function) {
if (function.getName().matches(DANGROUS_FUNCTIONS)) {
/** 禁用危险函数 */
throw new JeecgSqlInjectionException("DANGROUS FUNCTION: " + function.getName());
}
super.visit(function);
}
@Override
public void visit(WithItem withItem) {
try {
/** 允许 WITH 语句中的子查询 */
disableSubselect.set(false);
super.visit(withItem);
} finally {
disableSubselect.set(true);
}
}
@Override
public void visit(SubSelect subSelect) {
try {
/** 允许语句中的子查询 */
disableSubselect.set(false);
super.visit(subSelect);
} finally {
disableSubselect.set(true);
}
// if (disableSubselect.get()) {
// // 禁用子查询
// throw new JeecgSqlInjectionException("DISABLE subselect " + subSelect);
//package org.jeecg.common.util.sqlInjection;
//
//
//import net.sf.jsqlparser.expression.BinaryExpression;
//import net.sf.jsqlparser.expression.Expression;
//import net.sf.jsqlparser.expression.Function;
//import net.sf.jsqlparser.expression.operators.conditional.AndExpression;
//import net.sf.jsqlparser.expression.operators.conditional.OrExpression;
//import net.sf.jsqlparser.expression.operators.relational.ComparisonOperator;
//import net.sf.jsqlparser.schema.Column;
//import net.sf.jsqlparser.statement.select.Join;
//import net.sf.jsqlparser.statement.select.OrderByElement;
//import net.sf.jsqlparser.statement.select.PlainSelect;
//import net.sf.jsqlparser.statement.select.SelectItem;
//import net.sf.jsqlparser.statement.select.SubSelect;
//import net.sf.jsqlparser.statement.select.WithItem;
//import net.sf.jsqlparser.util.TablesNamesFinder;
//import org.jeecg.common.exception.JeecgSqlInjectionException;
//import org.jeecg.common.util.sqlInjection.parse.ConstAnalyzer;
//import org.jeecg.common.util.sqlInjection.parse.ParserSupport;
//
///**
// * 基于SQL语法对象的SQL注入攻击分析实现
// *
// * @author guyadong
// */
//public class InjectionSyntaxObjectAnalyzer extends TablesNamesFinder {
// /**
// * 危险函数名
// */
// private static final String DANGROUS_FUNCTIONS = "(sleep|benchmark|extractvalue|updatexml|ST_LatFromGeoHash|ST_LongFromGeoHash|GTID_SUBSET|GTID_SUBTRACT|floor|ST_Pointfromgeohash"
// + "|geometrycollection|multipoint|polygon|multipolygon|linestring|multilinestring)";
//
// private static ThreadLocal<Boolean> disableSubselect = new ThreadLocal<Boolean>() {
// @Override
// protected Boolean initialValue() {
// return true;
// }
}
@Override
public void visit(Column tableColumn) {
if (ParserSupport.isBoolean(tableColumn)) {
throw new JeecgSqlInjectionException("DISABLE CONST BOOL " + tableColumn);
}
super.visit(tableColumn);
}
@Override
public void visit(PlainSelect plainSelect) {
if (plainSelect.getSelectItems() != null) {
for (SelectItem item : plainSelect.getSelectItems()) {
item.accept(this);
}
}
if (plainSelect.getFromItem() != null) {
plainSelect.getFromItem().accept(this);
}
if (plainSelect.getJoins() != null) {
for (Join join : plainSelect.getJoins()) {
join.getRightItem().accept(this);
for (Expression e : join.getOnExpressions()) {
e.accept(this);
}
}
}
if (plainSelect.getWhere() != null) {
plainSelect.getWhere().accept(this);
checkConstExpress(plainSelect.getWhere());
}
if (plainSelect.getHaving() != null) {
plainSelect.getHaving().accept(this);
}
if (plainSelect.getOracleHierarchical() != null) {
plainSelect.getOracleHierarchical().accept(this);
}
if (plainSelect.getOrderByElements() != null) {
for (OrderByElement orderByElement : plainSelect.getOrderByElements()) {
orderByElement.getExpression().accept(this);
}
}
if (plainSelect.getGroupBy() != null) {
for (Expression expression : plainSelect.getGroupBy().getGroupByExpressionList().getExpressions()) {
expression.accept(this);
}
}
}
private boolean isConst(Expression expression) {
return constAnalyzer.isConstExpression(expression);
}
private void checkConstExpress(Expression expression) {
if (constAnalyzer.isConstExpression(expression)) {
/** 禁用常量表达式 */
throw new JeecgSqlInjectionException("DISABLE CONST EXPRESSION " + expression);
}
}
}
// };
// private ConstAnalyzer constAnalyzer = new ConstAnalyzer();
//
// public InjectionSyntaxObjectAnalyzer() {
// super();
// init(true);
//
// }
//
// @Override
// public void visitBinaryExpression(BinaryExpression binaryExpression) {
// if (binaryExpression instanceof ComparisonOperator) {
// if (isConst(binaryExpression.getLeftExpression()) && isConst(binaryExpression.getRightExpression())) {
// /** 禁用恒等式 */
// throw new JeecgSqlInjectionException("DISABLE IDENTICAL EQUATION " + binaryExpression);
// }
// }
// super.visitBinaryExpression(binaryExpression);
// }
//
// @Override
// public void visit(AndExpression andExpression) {
// super.visit(andExpression);
// checkConstExpress(andExpression.getLeftExpression());
// checkConstExpress(andExpression.getRightExpression());
// }
//
// @Override
// public void visit(OrExpression orExpression) {
// super.visit(orExpression);
// checkConstExpress(orExpression.getLeftExpression());
// checkConstExpress(orExpression.getRightExpression());
// }
//
// @Override
// public void visit(Function function) {
// if (function.getName().matches(DANGROUS_FUNCTIONS)) {
// /** 禁用危险函数 */
// throw new JeecgSqlInjectionException("DANGROUS FUNCTION: " + function.getName());
// }
// super.visit(function);
// }
//
// @Override
// public void visit(WithItem withItem) {
// try {
// /** 允许 WITH 语句中的子查询 */
// disableSubselect.set(false);
// super.visit(withItem);
// } finally {
// disableSubselect.set(true);
// }
// }
//
// @Override
// public void visit(SubSelect subSelect) {
// try {
// /** 允许语句中的子查询 */
// disableSubselect.set(false);
// super.visit(subSelect);
// } finally {
// disableSubselect.set(true);
// }
//// if (disableSubselect.get()) {
//// // 禁用子查询
//// throw new JeecgSqlInjectionException("DISABLE subselect " + subSelect);
//// }
// }
//
// @Override
// public void visit(Column tableColumn) {
// if (ParserSupport.isBoolean(tableColumn)) {
// throw new JeecgSqlInjectionException("DISABLE CONST BOOL " + tableColumn);
// }
// super.visit(tableColumn);
// }
//
// @Override
// public void visit(PlainSelect plainSelect) {
// if (plainSelect.getSelectItems() != null) {
// for (SelectItem item : plainSelect.getSelectItems()) {
// item.accept(this);
// }
// }
//
// if (plainSelect.getFromItem() != null) {
// plainSelect.getFromItem().accept(this);
// }
//
// if (plainSelect.getJoins() != null) {
// for (Join join : plainSelect.getJoins()) {
// join.getRightItem().accept(this);
// for (Expression e : join.getOnExpressions()) {
// e.accept(this);
// }
// }
// }
// if (plainSelect.getWhere() != null) {
// plainSelect.getWhere().accept(this);
// checkConstExpress(plainSelect.getWhere());
// }
//
// if (plainSelect.getHaving() != null) {
// plainSelect.getHaving().accept(this);
// }
//
// if (plainSelect.getOracleHierarchical() != null) {
// plainSelect.getOracleHierarchical().accept(this);
// }
// if (plainSelect.getOrderByElements() != null) {
// for (OrderByElement orderByElement : plainSelect.getOrderByElements()) {
// orderByElement.getExpression().accept(this);
// }
// }
// if (plainSelect.getGroupBy() != null) {
// for (Expression expression : plainSelect.getGroupBy().getGroupByExpressionList().getExpressions()) {
// expression.accept(this);
// }
// }
// }
//
// private boolean isConst(Expression expression) {
// return constAnalyzer.isConstExpression(expression);
// }
//
// private void checkConstExpress(Expression expression) {
// if (constAnalyzer.isConstExpression(expression)) {
// /** 禁用常量表达式 */
// throw new JeecgSqlInjectionException("DISABLE CONST EXPRESSION " + expression);
// }
// }
//}
//
//

130
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/sqlInjection/SqlInjectionAnalyzer.java
View File

@ -1,65 +1,65 @@
package org.jeecg.common.util.sqlInjection;
import org.jeecg.common.exception.JeecgSqlInjectionException;
import org.jeecg.common.util.sqlInjection.parse.ParserSupport;
;
/**
* SQL
*
* @author guyadong
* :
* https://blog.csdn.net/10km/article/details/127767358
* https://gitee.com/l0km/sql2java/tree/dev/sql2java-manager/src/main/java/gu/sql2java/parser
*/
public class SqlInjectionAnalyzer {
//启用/关闭注入攻击检查
private boolean injectCheckEnable = true;
//防止SQL注入攻击分析实现
private final InjectionSyntaxObjectAnalyzer injectionChecker;
private final InjectionAstNodeVisitor injectionVisitor;
public SqlInjectionAnalyzer() {
this.injectionChecker = new InjectionSyntaxObjectAnalyzer();
this.injectionVisitor = new InjectionAstNodeVisitor();
}
/**
* /,
*
* @param enable
* @return
*/
public SqlInjectionAnalyzer injectCheckEnable(boolean enable) {
injectCheckEnable = enable;
return this;
}
/**
* SQL{@link JeecgSqlInjectionException}
*
* @param sqlParserInfo
* @throws JeecgSqlInjectionException
*/
public ParserSupport.SqlParserInfo injectAnalyse(ParserSupport.SqlParserInfo sqlParserInfo) throws JeecgSqlInjectionException {
if (null != sqlParserInfo && injectCheckEnable) {
/** SQL注入攻击检查 */
sqlParserInfo.statement.accept(injectionChecker);
sqlParserInfo.simpleNode.jjtAccept(injectionVisitor, null);
}
return sqlParserInfo;
}
/**
* sql
*/
public static void checkSql(String sql,boolean check){
SqlInjectionAnalyzer sqlInjectionAnalyzer = new SqlInjectionAnalyzer();
sqlInjectionAnalyzer.injectCheckEnable(check);
ParserSupport.SqlParserInfo sqlParserInfo = ParserSupport.parse0(sql, null,null);
sqlInjectionAnalyzer.injectAnalyse(sqlParserInfo);
}
}
//package org.jeecg.common.util.sqlInjection;
//
//import org.jeecg.common.exception.JeecgSqlInjectionException;
//import org.jeecg.common.util.sqlInjection.parse.ParserSupport;
//;
//
///**
// * SQL注入攻击分析器
// *
// * @author guyadong
// * 参考:
// * https://blog.csdn.net/10km/article/details/127767358
// * https://gitee.com/l0km/sql2java/tree/dev/sql2java-manager/src/main/java/gu/sql2java/parser
// */
//public class SqlInjectionAnalyzer {
//
// //启用/关闭注入攻击检查
// private boolean injectCheckEnable = true;
// //防止SQL注入攻击分析实现
// private final InjectionSyntaxObjectAnalyzer injectionChecker;
// private final InjectionAstNodeVisitor injectionVisitor;
//
// public SqlInjectionAnalyzer() {
// this.injectionChecker = new InjectionSyntaxObjectAnalyzer();
// this.injectionVisitor = new InjectionAstNodeVisitor();
// }
//
// /**
// * 启用/关闭注入攻击检查,默认启动
// *
// * @param enable
// * @return
// */
// public SqlInjectionAnalyzer injectCheckEnable(boolean enable) {
// injectCheckEnable = enable;
// return this;
// }
//
// /**
// * 对解析后的SQL对象执行注入攻击分析有注入攻击的危险则抛出异常{@link JeecgSqlInjectionException}
// *
// * @param sqlParserInfo
// * @throws JeecgSqlInjectionException
// */
// public ParserSupport.SqlParserInfo injectAnalyse(ParserSupport.SqlParserInfo sqlParserInfo) throws JeecgSqlInjectionException {
// if (null != sqlParserInfo && injectCheckEnable) {
// /** SQL注入攻击检查 */
// sqlParserInfo.statement.accept(injectionChecker);
// sqlParserInfo.simpleNode.jjtAccept(injectionVisitor, null);
// }
// return sqlParserInfo;
// }
//
// /**
// * sql校验
// */
// public static void checkSql(String sql,boolean check){
// SqlInjectionAnalyzer sqlInjectionAnalyzer = new SqlInjectionAnalyzer();
// sqlInjectionAnalyzer.injectCheckEnable(check);
// ParserSupport.SqlParserInfo sqlParserInfo = ParserSupport.parse0(sql, null,null);
// sqlInjectionAnalyzer.injectAnalyse(sqlParserInfo);
// }
//}
//
//

1138
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/sqlInjection/parse/ConstAnalyzer.java
View File

File diff suppressed because it is too large Load Diff

354
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/sqlInjection/parse/ParserSupport.java
View File

@ -1,177 +1,177 @@
package org.jeecg.common.util.sqlInjection.parse;
import lombok.extern.slf4j.Slf4j;
import net.sf.jsqlparser.JSQLParserException;
import net.sf.jsqlparser.parser.*;
import net.sf.jsqlparser.schema.Column;
import net.sf.jsqlparser.statement.Statement;
import net.sf.jsqlparser.statement.select.PlainSelect;
import net.sf.jsqlparser.statement.select.Select;
import net.sf.jsqlparser.statement.select.SelectBody;
import static com.google.common.base.Preconditions.checkArgument;
import static com.google.common.base.Preconditions.checkNotNull;
import java.lang.reflect.InvocationTargetException;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import com.google.common.base.Throwables;
import org.jeecg.common.exception.JeecgBootException;
import org.jeecg.common.exception.JeecgSqlInjectionException;
/**
* sql
*/
@Slf4j
public class ParserSupport {
/**
* SELECT SQL,SELECT
*
* @param sql
* @return
*/
public static Select parseSelect(String sql) {
Statement stmt;
try {
stmt = CCJSqlParserUtil.parse(checkNotNull(sql, "sql is null"));
} catch (JSQLParserException e) {
throw new JeecgBootException(e);
}
checkArgument(stmt instanceof Select, "%s is not SELECT statment", sql);
Select select = (Select) stmt;
SelectBody selectBody = select.getSelectBody();
// 暂时只支持简单的SELECT xxxx FROM ....语句不支持复杂语句如WITH
checkArgument(selectBody instanceof PlainSelect, "ONLY SUPPORT plain select statement %s", sql);
return (Select) stmt;
}
/**
* SELECT SQL,SELECT
*
* @param sql
* @return
*/
public static Select parseSelectUnchecked(String sql) {
try {
return parseSelect(sql);
} catch (Exception e) {
return null;
}
}
/**
* SQL,{@link Statement}
* {@code visitor}AST()
*
* @param sql SQL
* @param visitor {@link SimpleNodeVisitor}{@code null}
* @param sqlSyntaxNormalizer SQL{@code null}
* @throws JSQLParserException SQL
* @see #parse0(String, CCJSqlParserVisitor, SqlSyntaxNormalizer)
*/
public static Statement parse(String sql, CCJSqlParserVisitor visitor, SqlSyntaxNormalizer sqlSyntaxNormalizer) throws JSQLParserException {
return parse0(sql, visitor, sqlSyntaxNormalizer).statement;
}
/**
* {@link CCJSqlParserUtil#parseAST(String)}{@link CCJSqlParserUtil#parse(String)}SQL,
* {@link SqlParserInfo}
* {@code visitor}AST()
*
* @param sql SQL
* @param visitor {@link SimpleNodeVisitor}{@code null}
* @param sqlSyntaxAnalyzer SQL{@code null}
* @throws JSQLParserException SQL
* @see net.sf.jsqlparser.parser.Node#jjtAccept(SimpleNodeVisitor, Object)
*/
public static SqlParserInfo parse0(String sql, CCJSqlParserVisitor visitor, SqlSyntaxNormalizer sqlSyntaxAnalyzer) throws JeecgSqlInjectionException {
//检查是否非select开头暂不支持
if(!sql.toLowerCase().trim().startsWith("select ")) {
log.warn("传入sql 非select开头不支持非select开头的语句解析");
return null;
}
//检查是否存储过程,暂不支持
if(sql.toLowerCase().trim().startsWith("call ")){
log.warn("传入call 开头存储过程,不支持存储过程解析!");
return null;
}
//检查特殊语义的特殊字符,目前检查冒号、$、#三种特殊语义字符
String specialCharacters = "[:$#]";
Pattern pattern = Pattern.compile(specialCharacters);
Matcher matcher = pattern.matcher(sql);
if (matcher.find()) {
sql = sql.replaceAll("[:$#]", "@");
}
checkArgument(null != sql, "sql is null");
boolean allowComplexParsing = CCJSqlParserUtil.getNestingDepth(sql) <= CCJSqlParserUtil.ALLOWED_NESTING_DEPTH;
CCJSqlParser parser = CCJSqlParserUtil.newParser(sql).withAllowComplexParsing(allowComplexParsing);
Statement stmt;
try {
stmt = parser.Statement();
} catch (Exception ex) {
log.error("请注意SQL语法可能存在问题---> {}", ex.getMessage());
throw new JeecgSqlInjectionException("请注意SQL语法可能存在问题:"+sql);
}
if (null != visitor) {
parser.getASTRoot().jjtAccept(visitor, null);
}
if (null != sqlSyntaxAnalyzer) {
stmt.accept(sqlSyntaxAnalyzer.resetChanged());
}
return new SqlParserInfo(stmt.toString(), stmt, (SimpleNode) parser.getASTRoot());
}
/**
* {@link CCJSqlParser}SQL,{@code 'ORDER BY id DESC'}
*
* @param <T>
* @param input
* @param method {@link CCJSqlParser}
* @param targetType
* @return
* @since 3.18.3
*/
public static <T> T parseComponent(String input, String method, Class<T> targetType) {
try {
CCJSqlParser parser = new CCJSqlParser(new StringProvider(input));
try {
return checkNotNull(targetType, "targetType is null").cast(parser.getClass().getMethod(method).invoke(parser));
} catch (InvocationTargetException e) {
Throwables.throwIfUnchecked(e.getTargetException());
throw new RuntimeException(e.getTargetException());
}
} catch (IllegalAccessException | NoSuchMethodException | SecurityException e) {
Throwables.throwIfUnchecked(e);
throw new RuntimeException(e);
}
}
/**
* {@link Column}table,true/false()
*
* @param column
*/
public static boolean isBoolean(Column column) {
return null != column && null == column.getTable() &&
Pattern.compile("(true|false)", Pattern.CASE_INSENSITIVE).matcher(column.getColumnName()).matches();
}
public static class SqlParserInfo {
public String nativeSql;
public Statement statement;
public SimpleNode simpleNode;
SqlParserInfo(String nativeSql, Statement statement, SimpleNode simpleNode) {
this.nativeSql = nativeSql;
this.statement = statement;
this.simpleNode = simpleNode;
}
}
}
//package org.jeecg.common.util.sqlInjection.parse;
//
//import lombok.extern.slf4j.Slf4j;
//import net.sf.jsqlparser.JSQLParserException;
//import net.sf.jsqlparser.parser.*;
//import net.sf.jsqlparser.schema.Column;
//import net.sf.jsqlparser.statement.Statement;
//import net.sf.jsqlparser.statement.select.PlainSelect;
//import net.sf.jsqlparser.statement.select.Select;
//import net.sf.jsqlparser.statement.select.SelectBody;
//
//import static com.google.common.base.Preconditions.checkArgument;
//import static com.google.common.base.Preconditions.checkNotNull;
//
//import java.lang.reflect.InvocationTargetException;
//import java.util.regex.Matcher;
//import java.util.regex.Pattern;
//
//import com.google.common.base.Throwables;
//import org.jeecg.common.exception.JeecgBootException;
//import org.jeecg.common.exception.JeecgSqlInjectionException;
//
///**
// * 解析sql支持
// */
//@Slf4j
//public class ParserSupport {
// /**
// * 解析SELECT SQL语句,解析失败或非SELECT语句则抛出异常
// *
// * @param sql
// * @return
// */
// public static Select parseSelect(String sql) {
// Statement stmt;
// try {
// stmt = CCJSqlParserUtil.parse(checkNotNull(sql, "sql is null"));
// } catch (JSQLParserException e) {
// throw new JeecgBootException(e);
// }
// checkArgument(stmt instanceof Select, "%s is not SELECT statment", sql);
// Select select = (Select) stmt;
// SelectBody selectBody = select.getSelectBody();
// // 暂时只支持简单的SELECT xxxx FROM ....语句不支持复杂语句如WITH
// checkArgument(selectBody instanceof PlainSelect, "ONLY SUPPORT plain select statement %s", sql);
// return (Select) stmt;
// }
//
// /**
// * 解析SELECT SQL语句,解析失败或非SELECT语句则
// *
// * @param sql
// * @return
// */
// public static Select parseSelectUnchecked(String sql) {
// try {
// return parseSelect(sql);
// } catch (Exception e) {
// return null;
// }
// }
//
// /**
// * 实现SQL语句解析,解析成功则返回解析后的{@link Statement}
// * 并通过{@code visitor}参数提供基于AST(抽象语法树)的遍历所有节点的能力。
// *
// * @param sql SQL语句
// * @param visitor 遍历所有节点的{@link SimpleNodeVisitor}接口实例,为{@code null}忽略
// * @param sqlSyntaxNormalizer SQL语句分析转换器为{@code null}忽略
// * @throws JSQLParserException 输入的SQL语句有语法错误
// * @see #parse0(String, CCJSqlParserVisitor, SqlSyntaxNormalizer)
// */
// public static Statement parse(String sql, CCJSqlParserVisitor visitor, SqlSyntaxNormalizer sqlSyntaxNormalizer) throws JSQLParserException {
// return parse0(sql, visitor, sqlSyntaxNormalizer).statement;
// }
//
// /**
// * 参照{@link CCJSqlParserUtil#parseAST(String)}和{@link CCJSqlParserUtil#parse(String)}实现SQL语句解析,
// * 解析成功则返回解析后的{@link SqlParserInfo}对象,
// * 并通过{@code visitor}参数提供基于AST(抽象语法树)的遍历所有节点的能力。
// *
// * @param sql SQL语句
// * @param visitor 遍历所有节点的{@link SimpleNodeVisitor}接口实例,为{@code null}忽略
// * @param sqlSyntaxAnalyzer SQL语句分析转换器为{@code null}忽略
// * @throws JSQLParserException 输入的SQL语句有语法错误
// * @see net.sf.jsqlparser.parser.Node#jjtAccept(SimpleNodeVisitor, Object)
// */
// public static SqlParserInfo parse0(String sql, CCJSqlParserVisitor visitor, SqlSyntaxNormalizer sqlSyntaxAnalyzer) throws JeecgSqlInjectionException {
//
// //检查是否非select开头暂不支持
// if(!sql.toLowerCase().trim().startsWith("select ")) {
// log.warn("传入sql 非select开头不支持非select开头的语句解析");
// return null;
// }
//
// //检查是否存储过程,暂不支持
// if(sql.toLowerCase().trim().startsWith("call ")){
// log.warn("传入call 开头存储过程,不支持存储过程解析!");
// return null;
// }
//
// //检查特殊语义的特殊字符,目前检查冒号、$、#三种特殊语义字符
// String specialCharacters = "[:$#]";
// Pattern pattern = Pattern.compile(specialCharacters);
// Matcher matcher = pattern.matcher(sql);
// if (matcher.find()) {
// sql = sql.replaceAll("[:$#]", "@");
// }
//
// checkArgument(null != sql, "sql is null");
// boolean allowComplexParsing = CCJSqlParserUtil.getNestingDepth(sql) <= CCJSqlParserUtil.ALLOWED_NESTING_DEPTH;
//
// CCJSqlParser parser = CCJSqlParserUtil.newParser(sql).withAllowComplexParsing(allowComplexParsing);
// Statement stmt;
// try {
// stmt = parser.Statement();
// } catch (Exception ex) {
// log.error("请注意SQL语法可能存在问题---> {}", ex.getMessage());
// throw new JeecgSqlInjectionException("请注意SQL语法可能存在问题:"+sql);
// }
// if (null != visitor) {
// parser.getASTRoot().jjtAccept(visitor, null);
// }
// if (null != sqlSyntaxAnalyzer) {
// stmt.accept(sqlSyntaxAnalyzer.resetChanged());
// }
// return new SqlParserInfo(stmt.toString(), stmt, (SimpleNode) parser.getASTRoot());
// }
//
// /**
// * 调用{@link CCJSqlParser}解析SQL语句部件返回解析生成的对象,如{@code 'ORDER BY id DESC'}
// *
// * @param <T>
// * @param input
// * @param method 指定调用的{@link CCJSqlParser}解析方法
// * @param targetType 返回的解析对象类型
// * @return
// * @since 3.18.3
// */
// public static <T> T parseComponent(String input, String method, Class<T> targetType) {
// try {
// CCJSqlParser parser = new CCJSqlParser(new StringProvider(input));
// try {
// return checkNotNull(targetType, "targetType is null").cast(parser.getClass().getMethod(method).invoke(parser));
// } catch (InvocationTargetException e) {
// Throwables.throwIfUnchecked(e.getTargetException());
// throw new RuntimeException(e.getTargetException());
// }
// } catch (IllegalAccessException | NoSuchMethodException | SecurityException e) {
// Throwables.throwIfUnchecked(e);
// throw new RuntimeException(e);
// }
// }
//
// /**
// * 如果{@link Column}没有定义table,且字段名为true/false(不区分大小写)则视为布尔常量
// *
// * @param column
// */
// public static boolean isBoolean(Column column) {
// return null != column && null == column.getTable() &&
// Pattern.compile("(true|false)", Pattern.CASE_INSENSITIVE).matcher(column.getColumnName()).matches();
// }
//
// public static class SqlParserInfo {
// public String nativeSql;
// public Statement statement;
// public SimpleNode simpleNode;
//
// SqlParserInfo(String nativeSql, Statement statement, SimpleNode simpleNode) {
// this.nativeSql = nativeSql;
// this.statement = statement;
// this.simpleNode = simpleNode;
// }
// }
//}
//

74
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/sqlInjection/parse/SqlSyntaxNormalizer.java
View File

@ -1,37 +1,37 @@
package org.jeecg.common.util.sqlInjection.parse;
import net.sf.jsqlparser.util.TablesNamesFinder;
/**
* SQL<br>
* SQLSQL
*
*
* @author guyadong
* @since 3.17.0
*/
public class SqlSyntaxNormalizer extends TablesNamesFinder {
protected static final ThreadLocal<Boolean> changed = new ThreadLocal<>();
public SqlSyntaxNormalizer() {
super();
init(true);
}
/**
* {@code true},{@code false}
*/
public boolean changed() {
return Boolean.TRUE.equals(changed.get());
}
/**
* 线{@link #changed}
*/
public SqlSyntaxNormalizer resetChanged() {
changed.remove();
return this;
}
}
//package org.jeecg.common.util.sqlInjection.parse;
//
//import net.sf.jsqlparser.util.TablesNamesFinder;
//
///**
// * SQL语句分析转换器基类<br>
// * 基于SQL语法对象实现对SQL的修改
// * (暂时用不到)
// *
// * @author guyadong
// * @since 3.17.0
// */
//public class SqlSyntaxNormalizer extends TablesNamesFinder {
// protected static final ThreadLocal<Boolean> changed = new ThreadLocal<>();
//
// public SqlSyntaxNormalizer() {
// super();
// init(true);
//
// }
//
// /**
// * 语句改变返回{@code true},否则返回{@code false}
// */
// public boolean changed() {
// return Boolean.TRUE.equals(changed.get());
// }
//
// /**
// * 复位线程局部变量{@link #changed}状态
// */
// public SqlSyntaxNormalizer resetChanged() {
// changed.remove();
// return this;
// }
//}
//

510
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/sqlparse/JSqlParserAllTableManager.java
View File

@ -1,255 +1,255 @@
package org.jeecg.common.util.sqlparse;
import lombok.extern.slf4j.Slf4j;
import net.sf.jsqlparser.JSQLParserException;
import net.sf.jsqlparser.expression.*;
import net.sf.jsqlparser.parser.CCJSqlParserManager;
import net.sf.jsqlparser.schema.Column;
import net.sf.jsqlparser.schema.Table;
import net.sf.jsqlparser.statement.Statement;
import net.sf.jsqlparser.statement.select.*;
import org.jeecg.common.exception.JeecgBootException;
import org.jeecg.common.util.sqlparse.vo.SelectSqlInfo;
import java.io.StringReader;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
/**
*
*/
@Slf4j
public class JSqlParserAllTableManager {
private final String sql;
private final Map<String, SelectSqlInfo> allTableMap = new HashMap<>();
/**
*
*/
private final Map<String, String> tableAliasMap = new HashMap<>();
/**
* sql
*/
private String parsedSql = null;
JSqlParserAllTableManager(String selectSql) {
this.sql = selectSql;
}
/**
*
*
* @return
* @throws JSQLParserException
*/
public Map<String, SelectSqlInfo> parse() throws JSQLParserException {
// 1. 创建解析器
CCJSqlParserManager mgr = new CCJSqlParserManager();
// 2. 使用解析器解析sql生成具有层次结构的java类
Statement stmt = mgr.parse(new StringReader(this.sql));
if (stmt instanceof Select) {
Select selectStatement = (Select) stmt;
SelectBody selectBody = selectStatement.getSelectBody();
this.parsedSql = selectBody.toString();
// 3. 解析select查询sql的信息
if (selectBody instanceof PlainSelect) {
PlainSelect plainSelect = (PlainSelect) selectBody;
// 4. 合并 fromItems
List<FromItem> fromItems = new ArrayList<>();
fromItems.add(plainSelect.getFromItem());
// 4.1 处理join的表
List<Join> joins = plainSelect.getJoins();
if (joins != null) {
joins.forEach(join -> fromItems.add(join.getRightItem()));
}
// 5. 处理 fromItems
for (FromItem fromItem : fromItems) {
// 5.1 通过表名的方式from
if (fromItem instanceof Table) {
this.addSqlInfoByTable((Table) fromItem);
}
// 5.2 通过子查询的方式from
else if (fromItem instanceof SubSelect) {
this.handleSubSelect((SubSelect) fromItem);
}
}
// 6. 解析 selectFields
List<SelectItem> selectItems = plainSelect.getSelectItems();
for (SelectItem selectItem : selectItems) {
// 6.1 查询的是全部字段
if (selectItem instanceof AllColumns) {
// 当 selectItem 为 AllColumns 时fromItem 必定为 Table
String tableName = plainSelect.getFromItem(Table.class).getName();
// 此处必定不为空,因为在解析 fromItem 时,已经将表名添加到 allTableMap 中
SelectSqlInfo sqlInfo = this.allTableMap.get(tableName);
assert sqlInfo != null;
// 设置为查询全部字段
sqlInfo.setSelectAll(true);
sqlInfo.setSelectFields(null);
sqlInfo.setRealSelectFields(null);
}
// 6.2 查询的是带表别名( u.* )的全部字段
else if (selectItem instanceof AllTableColumns) {
AllTableColumns allTableColumns = (AllTableColumns) selectItem;
String aliasName = allTableColumns.getTable().getName();
// 通过别名获取表名
String tableName = this.tableAliasMap.get(aliasName);
if (tableName == null) {
tableName = aliasName;
}
SelectSqlInfo sqlInfo = this.allTableMap.get(tableName);
// 如果此处为空,则说明该字段是通过子查询获取的,所以可以不处理,只有实际表才需要处理
if (sqlInfo != null) {
// 设置为查询全部字段
sqlInfo.setSelectAll(true);
sqlInfo.setSelectFields(null);
sqlInfo.setRealSelectFields(null);
}
}
// 6.3 各种字段表达式处理
else if (selectItem instanceof SelectExpressionItem) {
SelectExpressionItem selectExpressionItem = (SelectExpressionItem) selectItem;
Expression expression = selectExpressionItem.getExpression();
Alias alias = selectExpressionItem.getAlias();
this.handleExpression(expression, alias, plainSelect.getFromItem());
}
}
} else {
log.warn("暂时尚未处理该类型的 SelectBody: {}", selectBody.getClass().getName());
throw new JeecgBootException("暂时尚未处理该类型的 SelectBody");
}
} else {
// 非 select 查询sql不做处理
throw new JeecgBootException("非 select 查询sql不做处理");
}
return this.allTableMap;
}
/**
*
*
* @param subSelect
*/
private void handleSubSelect(SubSelect subSelect) {
try {
String subSelectSql = subSelect.getSelectBody().toString();
// 递归调用解析
Map<String, SelectSqlInfo> map = JSqlParserUtils.parseAllSelectTable(subSelectSql);
if (map != null) {
this.assignMap(map);
}
} catch (Exception e) {
log.error("解析子查询出错", e);
}
}
/**
*
*
* @param expression
*/
private void handleExpression(Expression expression, Alias alias, FromItem fromItem) {
// 处理函数式字段 CONCAT(name,'(',age,')')
if (expression instanceof Function) {
Function functionExp = (Function) expression;
List<Expression> expressions = functionExp.getParameters().getExpressions();
for (Expression expItem : expressions) {
this.handleExpression(expItem, null, fromItem);
}
return;
}
// 处理字段上的子查询
if (expression instanceof SubSelect) {
this.handleSubSelect((SubSelect) expression);
return;
}
// 不处理字面量
if (expression instanceof StringValue ||
expression instanceof NullValue ||
expression instanceof LongValue ||
expression instanceof DoubleValue ||
expression instanceof HexValue ||
expression instanceof DateValue ||
expression instanceof TimestampValue ||
expression instanceof TimeValue
) {
return;
}
// 处理字段
if (expression instanceof Column) {
Column column = (Column) expression;
// 查询字段名
String fieldName = column.getColumnName();
String aliasName = fieldName;
if (alias != null) {
aliasName = alias.getName();
}
String tableName;
if (column.getTable() != null) {
// 通过列的表名获取 sqlInfo
// 例如 user.name这里的 tableName 就是 user
tableName = column.getTable().getName();
// 有可能是别名,需要转换为真实表名
if (this.tableAliasMap.get(tableName) != null) {
tableName = this.tableAliasMap.get(tableName);
}
} else {
// 当column的table为空时说明是 fromItem 中的字段
tableName = ((Table) fromItem).getName();
}
SelectSqlInfo $sqlInfo = this.allTableMap.get(tableName);
if ($sqlInfo != null) {
$sqlInfo.addSelectField(aliasName, fieldName);
} else {
log.warn("发生意外情况,未找到表名为 {} 的 SelectSqlInfo", tableName);
}
}
}
/**
* sqlInfo
*
* @param table
*/
private void addSqlInfoByTable(Table table) {
String tableName = table.getName();
// 解析 aliasName
if (table.getAlias() != null) {
this.tableAliasMap.put(table.getAlias().getName(), tableName);
}
SelectSqlInfo sqlInfo = new SelectSqlInfo(this.parsedSql);
sqlInfo.setFromTableName(table.getName());
this.allTableMap.put(sqlInfo.getFromTableName(), sqlInfo);
}
/**
* map
*
* @param source
*/
private void assignMap(Map<String, SelectSqlInfo> source) {
for (Map.Entry<String, SelectSqlInfo> entry : source.entrySet()) {
SelectSqlInfo sqlInfo = this.allTableMap.get(entry.getKey());
if (sqlInfo == null) {
this.allTableMap.put(entry.getKey(), entry.getValue());
} else {
// 合并
if (sqlInfo.getSelectFields() == null) {
sqlInfo.setSelectFields(entry.getValue().getSelectFields());
} else {
sqlInfo.getSelectFields().addAll(entry.getValue().getSelectFields());
}
if (sqlInfo.getRealSelectFields() == null) {
sqlInfo.setRealSelectFields(entry.getValue().getRealSelectFields());
} else {
sqlInfo.getRealSelectFields().addAll(entry.getValue().getRealSelectFields());
}
}
}
}
}
//package org.jeecg.common.util.sqlparse;
//
//import lombok.extern.slf4j.Slf4j;
//import net.sf.jsqlparser.JSQLParserException;
//import net.sf.jsqlparser.expression.*;
//import net.sf.jsqlparser.parser.CCJSqlParserManager;
//import net.sf.jsqlparser.schema.Column;
//import net.sf.jsqlparser.schema.Table;
//import net.sf.jsqlparser.statement.Statement;
//import net.sf.jsqlparser.statement.select.*;
//import org.jeecg.common.exception.JeecgBootException;
//import org.jeecg.common.util.sqlparse.vo.SelectSqlInfo;
//
//import java.io.StringReader;
//import java.util.ArrayList;
//import java.util.HashMap;
//import java.util.List;
//import java.util.Map;
//
///**
// * 解析所有表名和字段的类
// */
//@Slf4j
//public class JSqlParserAllTableManager {
//
// private final String sql;
// private final Map<String, SelectSqlInfo> allTableMap = new HashMap<>();
// /**
// * 别名对应实际表名
// */
// private final Map<String, String> tableAliasMap = new HashMap<>();
//
// /**
// * 解析后的sql
// */
// private String parsedSql = null;
//
// JSqlParserAllTableManager(String selectSql) {
// this.sql = selectSql;
// }
//
// /**
// * 开始解析
// *
// * @return
// * @throws JSQLParserException
// */
// public Map<String, SelectSqlInfo> parse() throws JSQLParserException {
// // 1. 创建解析器
// CCJSqlParserManager mgr = new CCJSqlParserManager();
// // 2. 使用解析器解析sql生成具有层次结构的java类
// Statement stmt = mgr.parse(new StringReader(this.sql));
// if (stmt instanceof Select) {
// Select selectStatement = (Select) stmt;
// SelectBody selectBody = selectStatement.getSelectBody();
// this.parsedSql = selectBody.toString();
// // 3. 解析select查询sql的信息
// if (selectBody instanceof PlainSelect) {
// PlainSelect plainSelect = (PlainSelect) selectBody;
// // 4. 合并 fromItems
// List<FromItem> fromItems = new ArrayList<>();
// fromItems.add(plainSelect.getFromItem());
// // 4.1 处理join的表
// List<Join> joins = plainSelect.getJoins();
// if (joins != null) {
// joins.forEach(join -> fromItems.add(join.getRightItem()));
// }
// // 5. 处理 fromItems
// for (FromItem fromItem : fromItems) {
// // 5.1 通过表名的方式from
// if (fromItem instanceof Table) {
// this.addSqlInfoByTable((Table) fromItem);
// }
// // 5.2 通过子查询的方式from
// else if (fromItem instanceof SubSelect) {
// this.handleSubSelect((SubSelect) fromItem);
// }
// }
// // 6. 解析 selectFields
// List<SelectItem> selectItems = plainSelect.getSelectItems();
// for (SelectItem selectItem : selectItems) {
// // 6.1 查询的是全部字段
// if (selectItem instanceof AllColumns) {
// // 当 selectItem 为 AllColumns 时fromItem 必定为 Table
// String tableName = plainSelect.getFromItem(Table.class).getName();
// // 此处必定不为空,因为在解析 fromItem 时,已经将表名添加到 allTableMap 中
// SelectSqlInfo sqlInfo = this.allTableMap.get(tableName);
// assert sqlInfo != null;
// // 设置为查询全部字段
// sqlInfo.setSelectAll(true);
// sqlInfo.setSelectFields(null);
// sqlInfo.setRealSelectFields(null);
// }
// // 6.2 查询的是带表别名( u.* )的全部字段
// else if (selectItem instanceof AllTableColumns) {
// AllTableColumns allTableColumns = (AllTableColumns) selectItem;
// String aliasName = allTableColumns.getTable().getName();
// // 通过别名获取表名
// String tableName = this.tableAliasMap.get(aliasName);
// if (tableName == null) {
// tableName = aliasName;
// }
// SelectSqlInfo sqlInfo = this.allTableMap.get(tableName);
// // 如果此处为空,则说明该字段是通过子查询获取的,所以可以不处理,只有实际表才需要处理
// if (sqlInfo != null) {
// // 设置为查询全部字段
// sqlInfo.setSelectAll(true);
// sqlInfo.setSelectFields(null);
// sqlInfo.setRealSelectFields(null);
// }
// }
// // 6.3 各种字段表达式处理
// else if (selectItem instanceof SelectExpressionItem) {
// SelectExpressionItem selectExpressionItem = (SelectExpressionItem) selectItem;
// Expression expression = selectExpressionItem.getExpression();
// Alias alias = selectExpressionItem.getAlias();
// this.handleExpression(expression, alias, plainSelect.getFromItem());
// }
// }
// } else {
// log.warn("暂时尚未处理该类型的 SelectBody: {}", selectBody.getClass().getName());
// throw new JeecgBootException("暂时尚未处理该类型的 SelectBody");
// }
// } else {
// // 非 select 查询sql不做处理
// throw new JeecgBootException("非 select 查询sql不做处理");
// }
// return this.allTableMap;
// }
//
// /**
// * 处理子查询
// *
// * @param subSelect
// */
// private void handleSubSelect(SubSelect subSelect) {
// try {
// String subSelectSql = subSelect.getSelectBody().toString();
// // 递归调用解析
// Map<String, SelectSqlInfo> map = JSqlParserUtils.parseAllSelectTable(subSelectSql);
// if (map != null) {
// this.assignMap(map);
// }
// } catch (Exception e) {
// log.error("解析子查询出错", e);
// }
// }
//
// /**
// * 处理查询字段表达式
// *
// * @param expression
// */
// private void handleExpression(Expression expression, Alias alias, FromItem fromItem) {
// // 处理函数式字段 CONCAT(name,'(',age,')')
// if (expression instanceof Function) {
// Function functionExp = (Function) expression;
// List<Expression> expressions = functionExp.getParameters().getExpressions();
// for (Expression expItem : expressions) {
// this.handleExpression(expItem, null, fromItem);
// }
// return;
// }
// // 处理字段上的子查询
// if (expression instanceof SubSelect) {
// this.handleSubSelect((SubSelect) expression);
// return;
// }
// // 不处理字面量
// if (expression instanceof StringValue ||
// expression instanceof NullValue ||
// expression instanceof LongValue ||
// expression instanceof DoubleValue ||
// expression instanceof HexValue ||
// expression instanceof DateValue ||
// expression instanceof TimestampValue ||
// expression instanceof TimeValue
// ) {
// return;
// }
//
// // 处理字段
// if (expression instanceof Column) {
// Column column = (Column) expression;
// // 查询字段名
// String fieldName = column.getColumnName();
// String aliasName = fieldName;
// if (alias != null) {
// aliasName = alias.getName();
// }
// String tableName;
// if (column.getTable() != null) {
// // 通过列的表名获取 sqlInfo
// // 例如 user.name这里的 tableName 就是 user
// tableName = column.getTable().getName();
// // 有可能是别名,需要转换为真实表名
// if (this.tableAliasMap.get(tableName) != null) {
// tableName = this.tableAliasMap.get(tableName);
// }
// } else {
// // 当column的table为空时说明是 fromItem 中的字段
// tableName = ((Table) fromItem).getName();
// }
// SelectSqlInfo $sqlInfo = this.allTableMap.get(tableName);
// if ($sqlInfo != null) {
// $sqlInfo.addSelectField(aliasName, fieldName);
// } else {
// log.warn("发生意外情况,未找到表名为 {} 的 SelectSqlInfo", tableName);
// }
// }
// }
//
// /**
// * 根据表名添加sqlInfo
// *
// * @param table
// */
// private void addSqlInfoByTable(Table table) {
// String tableName = table.getName();
// // 解析 aliasName
// if (table.getAlias() != null) {
// this.tableAliasMap.put(table.getAlias().getName(), tableName);
// }
// SelectSqlInfo sqlInfo = new SelectSqlInfo(this.parsedSql);
// sqlInfo.setFromTableName(table.getName());
// this.allTableMap.put(sqlInfo.getFromTableName(), sqlInfo);
// }
//
// /**
// * 合并map
// *
// * @param source
// */
// private void assignMap(Map<String, SelectSqlInfo> source) {
// for (Map.Entry<String, SelectSqlInfo> entry : source.entrySet()) {
// SelectSqlInfo sqlInfo = this.allTableMap.get(entry.getKey());
// if (sqlInfo == null) {
// this.allTableMap.put(entry.getKey(), entry.getValue());
// } else {
// // 合并
// if (sqlInfo.getSelectFields() == null) {
// sqlInfo.setSelectFields(entry.getValue().getSelectFields());
// } else {
// sqlInfo.getSelectFields().addAll(entry.getValue().getSelectFields());
// }
// if (sqlInfo.getRealSelectFields() == null) {
// sqlInfo.setRealSelectFields(entry.getValue().getRealSelectFields());
// } else {
// sqlInfo.getRealSelectFields().addAll(entry.getValue().getRealSelectFields());
// }
// }
// }
// }
//
//}

380
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/sqlparse/JSqlParserUtils.java
View File

@ -1,190 +1,190 @@
package org.jeecg.common.util.sqlparse;
import lombok.extern.slf4j.Slf4j;
import net.sf.jsqlparser.JSQLParserException;
import net.sf.jsqlparser.expression.*;
import net.sf.jsqlparser.parser.CCJSqlParserManager;
import net.sf.jsqlparser.schema.Column;
import net.sf.jsqlparser.schema.Table;
import net.sf.jsqlparser.statement.Statement;
import net.sf.jsqlparser.statement.select.*;
import org.jeecg.common.exception.JeecgBootException;
import org.jeecg.common.util.oConvertUtils;
import org.jeecg.common.util.sqlparse.vo.SelectSqlInfo;
import java.io.StringReader;
import java.util.List;
import java.util.Map;
@Slf4j
public class JSqlParserUtils {
/**
* selectsql
* map
* key
* value
* <p>
* SELECT a.*,d.age,(SELECT count(1) FROM sys_depart) AS count FROM (SELECT username AS foo, realname FROM sys_user) a, demo d
* {sys_user=[username, realname], demo=[age], sys_depart=[]}
*
* @param selectSql
* @return
*/
public static Map<String, SelectSqlInfo> parseAllSelectTable(String selectSql) throws JSQLParserException {
if (oConvertUtils.isEmpty(selectSql)) {
return null;
}
// log.info("解析查询Sql{}", selectSql);
JSqlParserAllTableManager allTableManager = new JSqlParserAllTableManager(selectSql);
return allTableManager.parse();
}
/**
* selectsql
*
* @param selectSql
* @return
*/
public static SelectSqlInfo parseSelectSqlInfo(String selectSql) throws JSQLParserException {
if (oConvertUtils.isEmpty(selectSql)) {
return null;
}
// log.info("解析查询Sql{}", selectSql);
// 使用 JSqlParer 解析sql
// 1、创建解析器
CCJSqlParserManager mgr = new CCJSqlParserManager();
// 2、使用解析器解析sql生成具有层次结构的java类
Statement stmt = mgr.parse(new StringReader(selectSql));
if (stmt instanceof Select) {
Select selectStatement = (Select) stmt;
// 3、解析select查询sql的信息
return JSqlParserUtils.parseBySelectBody(selectStatement.getSelectBody());
} else {
// 非 select 查询sql不做处理
throw new JeecgBootException("非 select 查询sql不做处理");
}
}
/**
* select sql
*
* @param selectBody
* @return
*/
private static SelectSqlInfo parseBySelectBody(SelectBody selectBody) {
// 判断是否使用了union等操作
if (selectBody instanceof SetOperationList) {
// 如果使用了union等操作则只解析第一个查询
List<SelectBody> selectBodyList = ((SetOperationList) selectBody).getSelects();
return JSqlParserUtils.parseBySelectBody(selectBodyList.get(0));
}
// 简单的select查询
if (selectBody instanceof PlainSelect) {
SelectSqlInfo sqlInfo = new SelectSqlInfo(selectBody);
PlainSelect plainSelect = (PlainSelect) selectBody;
FromItem fromItem = plainSelect.getFromItem();
// 解析 aliasName
if (fromItem.getAlias() != null) {
sqlInfo.setFromTableAliasName(fromItem.getAlias().getName());
}
// 解析 表名
if (fromItem instanceof Table) {
// 通过表名的方式from
Table fromTable = (Table) fromItem;
sqlInfo.setFromTableName(fromTable.getName());
} else if (fromItem instanceof SubSelect) {
// 通过子查询的方式from
SubSelect fromSubSelect = (SubSelect) fromItem;
SelectSqlInfo subSqlInfo = JSqlParserUtils.parseBySelectBody(fromSubSelect.getSelectBody());
sqlInfo.setFromSubSelect(subSqlInfo);
}
// 解析 selectFields
List<SelectItem> selectItems = plainSelect.getSelectItems();
for (SelectItem selectItem : selectItems) {
if (selectItem instanceof AllColumns || selectItem instanceof AllTableColumns) {
// 全部字段
sqlInfo.setSelectAll(true);
sqlInfo.setSelectFields(null);
sqlInfo.setRealSelectFields(null);
break;
} else if (selectItem instanceof SelectExpressionItem) {
// 获取单个查询字段名
SelectExpressionItem selectExpressionItem = (SelectExpressionItem) selectItem;
Expression expression = selectExpressionItem.getExpression();
Alias alias = selectExpressionItem.getAlias();
JSqlParserUtils.handleExpression(sqlInfo, expression, alias);
}
}
return sqlInfo;
} else {
log.warn("暂时尚未处理该类型的 SelectBody: {}", selectBody.getClass().getName());
throw new JeecgBootException("暂时尚未处理该类型的 SelectBody");
}
}
/**
*
*
* @param sqlInfo
* @param expression
* @param alias null
*/
private static void handleExpression(SelectSqlInfo sqlInfo, Expression expression, Alias alias) {
// 处理函数式字段 CONCAT(name,'(',age,')')
if (expression instanceof Function) {
JSqlParserUtils.handleFunctionExpression((Function) expression, sqlInfo);
return;
}
// 处理字段上的子查询
if (expression instanceof SubSelect) {
SubSelect subSelect = (SubSelect) expression;
SelectSqlInfo subSqlInfo = JSqlParserUtils.parseBySelectBody(subSelect.getSelectBody());
// 注:字段上的子查询,必须只查询一个字段,否则会报错,所以可以放心合并
sqlInfo.getSelectFields().addAll(subSqlInfo.getSelectFields());
sqlInfo.getRealSelectFields().addAll(subSqlInfo.getAllRealSelectFields());
return;
}
// 不处理字面量
if (expression instanceof StringValue ||
expression instanceof NullValue ||
expression instanceof LongValue ||
expression instanceof DoubleValue ||
expression instanceof HexValue ||
expression instanceof DateValue ||
expression instanceof TimestampValue ||
expression instanceof TimeValue
) {
return;
}
// 查询字段名
String selectField = expression.toString();
// 实际查询字段名
String realSelectField = selectField;
// 判断是否有别名
if (alias != null) {
selectField = alias.getName();
}
// 获取真实字段名
if (expression instanceof Column) {
Column column = (Column) expression;
realSelectField = column.getColumnName();
}
sqlInfo.addSelectField(selectField, realSelectField);
}
/**
*
*
* @param functionExp
* @param sqlInfo
*/
private static void handleFunctionExpression(Function functionExp, SelectSqlInfo sqlInfo) {
List<Expression> expressions = functionExp.getParameters().getExpressions();
for (Expression expression : expressions) {
JSqlParserUtils.handleExpression(sqlInfo, expression, null);
}
}
}
//package org.jeecg.common.util.sqlparse;
//
//import lombok.extern.slf4j.Slf4j;
//import net.sf.jsqlparser.JSQLParserException;
//import net.sf.jsqlparser.expression.*;
//import net.sf.jsqlparser.parser.CCJSqlParserManager;
//import net.sf.jsqlparser.schema.Column;
//import net.sf.jsqlparser.schema.Table;
//import net.sf.jsqlparser.statement.Statement;
//import net.sf.jsqlparser.statement.select.*;
//import org.jeecg.common.exception.JeecgBootException;
//import org.jeecg.common.util.oConvertUtils;
//import org.jeecg.common.util.sqlparse.vo.SelectSqlInfo;
//
//import java.io.StringReader;
//import java.util.List;
//import java.util.Map;
//
//@Slf4j
//public class JSqlParserUtils {
//
// /**
// * 解析 查询selectsql的信息
// * 此方法会展开所有子查询到一个map里
// * key只存真实的表名如果查询的没有真实的表名则会被忽略。
// * value只存真实的字段名如果查询的没有真实的字段名则会被忽略。
// * <p>
// * 例如SELECT a.*,d.age,(SELECT count(1) FROM sys_depart) AS count FROM (SELECT username AS foo, realname FROM sys_user) a, demo d
// * 解析后的结果为:{sys_user=[username, realname], demo=[age], sys_depart=[]}
// *
// * @param selectSql
// * @return
// */
// public static Map<String, SelectSqlInfo> parseAllSelectTable(String selectSql) throws JSQLParserException {
// if (oConvertUtils.isEmpty(selectSql)) {
// return null;
// }
// // log.info("解析查询Sql{}", selectSql);
// JSqlParserAllTableManager allTableManager = new JSqlParserAllTableManager(selectSql);
// return allTableManager.parse();
// }
//
// /**
// * 解析 查询selectsql的信息子查询嵌套
// *
// * @param selectSql
// * @return
// */
// public static SelectSqlInfo parseSelectSqlInfo(String selectSql) throws JSQLParserException {
// if (oConvertUtils.isEmpty(selectSql)) {
// return null;
// }
// // log.info("解析查询Sql{}", selectSql);
// // 使用 JSqlParer 解析sql
// // 1、创建解析器
// CCJSqlParserManager mgr = new CCJSqlParserManager();
// // 2、使用解析器解析sql生成具有层次结构的java类
// Statement stmt = mgr.parse(new StringReader(selectSql));
// if (stmt instanceof Select) {
// Select selectStatement = (Select) stmt;
// // 3、解析select查询sql的信息
// return JSqlParserUtils.parseBySelectBody(selectStatement.getSelectBody());
// } else {
// // 非 select 查询sql不做处理
// throw new JeecgBootException("非 select 查询sql不做处理");
// }
// }
//
// /**
// * 解析 select 查询sql的信息
// *
// * @param selectBody
// * @return
// */
// private static SelectSqlInfo parseBySelectBody(SelectBody selectBody) {
// // 判断是否使用了union等操作
// if (selectBody instanceof SetOperationList) {
// // 如果使用了union等操作则只解析第一个查询
// List<SelectBody> selectBodyList = ((SetOperationList) selectBody).getSelects();
// return JSqlParserUtils.parseBySelectBody(selectBodyList.get(0));
// }
// // 简单的select查询
// if (selectBody instanceof PlainSelect) {
// SelectSqlInfo sqlInfo = new SelectSqlInfo(selectBody);
// PlainSelect plainSelect = (PlainSelect) selectBody;
// FromItem fromItem = plainSelect.getFromItem();
// // 解析 aliasName
// if (fromItem.getAlias() != null) {
// sqlInfo.setFromTableAliasName(fromItem.getAlias().getName());
// }
// // 解析 表名
// if (fromItem instanceof Table) {
// // 通过表名的方式from
// Table fromTable = (Table) fromItem;
// sqlInfo.setFromTableName(fromTable.getName());
// } else if (fromItem instanceof SubSelect) {
// // 通过子查询的方式from
// SubSelect fromSubSelect = (SubSelect) fromItem;
// SelectSqlInfo subSqlInfo = JSqlParserUtils.parseBySelectBody(fromSubSelect.getSelectBody());
// sqlInfo.setFromSubSelect(subSqlInfo);
// }
// // 解析 selectFields
// List<SelectItem> selectItems = plainSelect.getSelectItems();
// for (SelectItem selectItem : selectItems) {
// if (selectItem instanceof AllColumns || selectItem instanceof AllTableColumns) {
// // 全部字段
// sqlInfo.setSelectAll(true);
// sqlInfo.setSelectFields(null);
// sqlInfo.setRealSelectFields(null);
// break;
// } else if (selectItem instanceof SelectExpressionItem) {
// // 获取单个查询字段名
// SelectExpressionItem selectExpressionItem = (SelectExpressionItem) selectItem;
// Expression expression = selectExpressionItem.getExpression();
// Alias alias = selectExpressionItem.getAlias();
// JSqlParserUtils.handleExpression(sqlInfo, expression, alias);
// }
// }
// return sqlInfo;
// } else {
// log.warn("暂时尚未处理该类型的 SelectBody: {}", selectBody.getClass().getName());
// throw new JeecgBootException("暂时尚未处理该类型的 SelectBody");
// }
// }
//
// /**
// * 处理查询字段表达式
// *
// * @param sqlInfo
// * @param expression
// * @param alias 是否有别名无传null
// */
// private static void handleExpression(SelectSqlInfo sqlInfo, Expression expression, Alias alias) {
// // 处理函数式字段 CONCAT(name,'(',age,')')
// if (expression instanceof Function) {
// JSqlParserUtils.handleFunctionExpression((Function) expression, sqlInfo);
// return;
// }
// // 处理字段上的子查询
// if (expression instanceof SubSelect) {
// SubSelect subSelect = (SubSelect) expression;
// SelectSqlInfo subSqlInfo = JSqlParserUtils.parseBySelectBody(subSelect.getSelectBody());
// // 注:字段上的子查询,必须只查询一个字段,否则会报错,所以可以放心合并
// sqlInfo.getSelectFields().addAll(subSqlInfo.getSelectFields());
// sqlInfo.getRealSelectFields().addAll(subSqlInfo.getAllRealSelectFields());
// return;
// }
// // 不处理字面量
// if (expression instanceof StringValue ||
// expression instanceof NullValue ||
// expression instanceof LongValue ||
// expression instanceof DoubleValue ||
// expression instanceof HexValue ||
// expression instanceof DateValue ||
// expression instanceof TimestampValue ||
// expression instanceof TimeValue
// ) {
// return;
// }
//
// // 查询字段名
// String selectField = expression.toString();
// // 实际查询字段名
// String realSelectField = selectField;
// // 判断是否有别名
// if (alias != null) {
// selectField = alias.getName();
// }
// // 获取真实字段名
// if (expression instanceof Column) {
// Column column = (Column) expression;
// realSelectField = column.getColumnName();
// }
// sqlInfo.addSelectField(selectField, realSelectField);
// }
//
// /**
// * 处理函数式字段
// *
// * @param functionExp
// * @param sqlInfo
// */
// private static void handleFunctionExpression(Function functionExp, SelectSqlInfo sqlInfo) {
// List<Expression> expressions = functionExp.getParameters().getExpressions();
// for (Expression expression : expressions) {
// JSqlParserUtils.handleExpression(sqlInfo, expression, null);
// }
// }
//
//}

202
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/sqlparse/vo/SelectSqlInfo.java
View File

@ -1,101 +1,101 @@
package org.jeecg.common.util.sqlparse.vo;
import lombok.Data;
import net.sf.jsqlparser.statement.select.SelectBody;
import java.util.HashSet;
import java.util.Set;
/**
* select sql
*/
@Data
public class SelectSqlInfo {
/**
* null
*/
private String fromTableName;
/**
*
*/
private String fromTableAliasName;
/**
* select name from (select * from user) u
* null
*/
private SelectSqlInfo fromSubSelect;
/**
* * null
*/
private Set<String> selectFields;
/**
* * null
*/
private Set<String> realSelectFields;
/**
*
*/
private boolean selectAll;
/**
* SQL
*/
private final String parsedSql;
public SelectSqlInfo(String parsedSql) {
this.parsedSql = parsedSql;
}
public SelectSqlInfo(SelectBody selectBody) {
this.parsedSql = selectBody.toString();
}
public void addSelectField(String selectField, String realSelectField) {
if (this.selectFields == null) {
this.selectFields = new HashSet<>();
}
if (this.realSelectFields == null) {
this.realSelectFields = new HashSet<>();
}
this.selectFields.add(selectField);
this.realSelectFields.add(realSelectField);
}
/**
*
*
* @return
*/
public Set<String> getAllRealSelectFields() {
Set<String> fields = new HashSet<>();
// 递归获取所有字段,起个直观的方法名为:
this.recursiveGetAllFields(this, fields);
return fields;
}
/**
*
*/
private void recursiveGetAllFields(SelectSqlInfo sqlInfo, Set<String> fields) {
if (!sqlInfo.isSelectAll() && sqlInfo.getRealSelectFields() != null) {
fields.addAll(sqlInfo.getRealSelectFields());
}
if (sqlInfo.getFromSubSelect() != null) {
recursiveGetAllFields(sqlInfo.getFromSubSelect(), fields);
}
}
@Override
public String toString() {
return "SelectSqlInfo{" +
"fromTableName='" + fromTableName + '\'' +
", fromSubSelect=" + fromSubSelect +
", aliasName='" + fromTableAliasName + '\'' +
", selectFields=" + selectFields +
", realSelectFields=" + realSelectFields +
", selectAll=" + selectAll +
"}";
}
}
//package org.jeecg.common.util.sqlparse.vo;
//
//import lombok.Data;
//import net.sf.jsqlparser.statement.select.SelectBody;
//
//import java.util.HashSet;
//import java.util.Set;
//
///**
// * select 查询 sql 的信息
// */
//@Data
//public class SelectSqlInfo {
//
// /**
// * 查询的表名如果是子查询则此处为null
// */
// private String fromTableName;
// /**
// * 表别名
// */
// private String fromTableAliasName;
// /**
// * 通过子查询获取的表信息例如select name from (select * from user) u
// * 如果不是子查询则为null
// */
// private SelectSqlInfo fromSubSelect;
// /**
// * 查询的字段集合,如果是 * 则为null如果设了别名则为别名
// */
// private Set<String> selectFields;
// /**
// * 真实的查询字段集合,如果是 * 则为null如果设了别名则为原始字段名
// */
// private Set<String> realSelectFields;
// /**
// * 是否是查询所有字段
// */
// private boolean selectAll;
//
// /**
// * 解析之后的 SQL (关键字都是大写)
// */
// private final String parsedSql;
//
// public SelectSqlInfo(String parsedSql) {
// this.parsedSql = parsedSql;
// }
//
// public SelectSqlInfo(SelectBody selectBody) {
// this.parsedSql = selectBody.toString();
// }
//
// public void addSelectField(String selectField, String realSelectField) {
// if (this.selectFields == null) {
// this.selectFields = new HashSet<>();
// }
// if (this.realSelectFields == null) {
// this.realSelectFields = new HashSet<>();
// }
// this.selectFields.add(selectField);
// this.realSelectFields.add(realSelectField);
// }
//
// /**
// * 获取所有字段,包括子查询里的。
// *
// * @return
// */
// public Set<String> getAllRealSelectFields() {
// Set<String> fields = new HashSet<>();
// // 递归获取所有字段,起个直观的方法名为:
// this.recursiveGetAllFields(this, fields);
// return fields;
// }
//
// /**
// * 递归获取所有字段
// */
// private void recursiveGetAllFields(SelectSqlInfo sqlInfo, Set<String> fields) {
// if (!sqlInfo.isSelectAll() && sqlInfo.getRealSelectFields() != null) {
// fields.addAll(sqlInfo.getRealSelectFields());
// }
// if (sqlInfo.getFromSubSelect() != null) {
// recursiveGetAllFields(sqlInfo.getFromSubSelect(), fields);
// }
// }
//
// @Override
// public String toString() {
// return "SelectSqlInfo{" +
// "fromTableName='" + fromTableName + '\'' +
// ", fromSubSelect=" + fromSubSelect +
// ", aliasName='" + fromTableAliasName + '\'' +
// ", selectFields=" + selectFields +
// ", realSelectFields=" + realSelectFields +
// ", selectAll=" + selectAll +
// "}";
// }
//
//}

2
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/WebMvcConfiguration.java
View File

@ -10,7 +10,7 @@ import com.fasterxml.jackson.datatype.jsr310.deser.LocalTimeDeserializer;
import com.fasterxml.jackson.datatype.jsr310.ser.LocalDateSerializer;
import com.fasterxml.jackson.datatype.jsr310.ser.LocalDateTimeSerializer;
import com.fasterxml.jackson.datatype.jsr310.ser.LocalTimeSerializer;
import io.micrometer.prometheus.PrometheusMeterRegistry;
import io.micrometer.prometheusmetrics.PrometheusMeterRegistry;
import jakarta.annotation.Resource;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.ObjectProvider;

6
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/mybatis/MybatisPlusSaasConfig.java
View File

@ -6,6 +6,8 @@ import java.util.List;
import cn.hutool.core.util.ObjectUtil;
import com.baomidou.mybatisplus.extension.plugins.inner.DynamicTableNameInnerInterceptor;
import com.baomidou.mybatisplus.extension.plugins.inner.OptimisticLockerInnerInterceptor;
import net.sf.jsqlparser.expression.Expression;
import net.sf.jsqlparser.expression.LongValue;
import org.jeecg.common.config.TenantContext;
import org.jeecg.common.constant.CommonConstant;
import org.jeecg.common.constant.TenantConstant;
@ -21,8 +23,8 @@ import com.baomidou.mybatisplus.extension.plugins.handler.TenantLineHandler;
import com.baomidou.mybatisplus.extension.plugins.inner.PaginationInnerInterceptor;
import com.baomidou.mybatisplus.extension.plugins.inner.TenantLineInnerInterceptor;
import net.sf.jsqlparser.expression.Expression;
import net.sf.jsqlparser.expression.LongValue;
//import net.sf.jsqlparser.expression.Expression;
//import net.sf.jsqlparser.expression.LongValue;
/**
* jeecg.datasource.open = false

3
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/oss/MinioConfig.java
View File

@ -1,5 +1,6 @@
package org.jeecg.config.oss;
import jakarta.annotation.PostConstruct;
import lombok.extern.slf4j.Slf4j;
import org.jeecg.common.constant.CommonConstant;
import org.jeecg.common.constant.SymbolConstant;
@ -26,7 +27,7 @@ public class MinioConfig {
@Value(value = "${jeecg.minio.bucketName}")
private String bucketName;
@Bean
@PostConstruct
public void initMinio(){
if(!minioUrl.startsWith(CommonConstant.STR_HTTP)){
minioUrl = "http://" + minioUrl;

3
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/oss/OssConfiguration.java
View File

@ -1,5 +1,6 @@
package org.jeecg.config.oss;
import jakarta.annotation.PostConstruct;
import org.jeecg.common.util.oss.OssBootUtil;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
@ -26,7 +27,7 @@ public class OssConfiguration {
private String staticDomain;
@Bean
@PostConstruct
public void initOssBootConfiguration() {
OssBootUtil.setEndPoint(endpoint);
OssBootUtil.setAccessKeyId(accessKeyId);

218
jeecg-boot/jeecg-boot-base-core/src/test/java/org/jeecg/test/sqlparse/JSqlParserUtilsTest.java
View File

@ -1,109 +1,109 @@
package org.jeecg.test.sqlparse;
import net.sf.jsqlparser.JSQLParserException;
import org.jeecg.common.util.oConvertUtils;
import org.jeecg.common.util.sqlparse.JSqlParserUtils;
import org.jeecg.common.util.sqlparse.vo.SelectSqlInfo;
import org.junit.Test;
import java.util.Map;
/**
* JSqlParserUtils
*/
public class JSqlParserUtilsTest {
private static final String[] sqlList = new String[]{
"select * from sys_user",
"select u.* from sys_user u",
"select u.*, c.name from sys_user u, demo c",
"select u.age, c.name from sys_user u, demo c",
"select sex, age, c.name from sys_user, demo c",
// 别名测试
"select username as realname from sys_user",
"select username as realname, u.realname as aaa, u.id bbb from sys_user u",
// 不存在真实地查询字段
"select count(1) from sys_user",
// 函数式字段
"select max(sex), id from sys_user",
// 复杂嵌套函数式字段
"select CONCAT(CONCAT(' _ ', sex), ' - ' , birthday) as info, id from sys_user",
// 更复杂的嵌套函数式字段
"select CONCAT(CONCAT(101,'_',NULL, DATE(create_time),'_',sex),' - ',birthday) as info, id from sys_user",
// 子查询SQL
"select u.name1 as name2 from (select username as name1 from sys_user) u",
// 多层嵌套子查询SQL
"select u2.name2 as name3 from (select u1.name1 as name2 from (select username as name1 from sys_user) u1) u2",
// 字段子查询SQL
"select id, (select username as name1 from sys_user u2 where u1.id = u2.id) as name2 from sys_user u1",
// 带条件的SQL不解析where条件里的字段但不影响解析查询字段
"select username as name1 from sys_user where realname LIKE '%张%'",
// 多重复杂关联表查询解析包含的表为sys_user, sys_depart, sys_dict_item, demo
"" +
"SELECT " +
" u.*, d.age, sd.item_text AS sex, (SELECT count(sd.id) FROM sys_depart sd) AS count " +
"FROM " +
" (SELECT sd.username AS foo, sd.realname FROM sys_user sd) u, " +
" demo d " +
"LEFT JOIN sys_dict_item AS sd ON d.sex = sd.item_value " +
"WHERE sd.dict_id = '3d9a351be3436fbefb1307d4cfb49bf2'",
};
@Test
public void testParseSelectSql() {
System.out.println("-----------------------------------------");
for (String sql : sqlList) {
System.out.println("待测试的sql" + sql);
try {
// 解析所有的表名key=表名value=解析后的sql信息
Map<String, SelectSqlInfo> parsedMap = JSqlParserUtils.parseAllSelectTable(sql);
assert parsedMap != null;
for (Map.Entry<String, SelectSqlInfo> entry : parsedMap.entrySet()) {
System.out.println("表名:" + entry.getKey());
this.printSqlInfo(entry.getValue(), 1);
}
} catch (JSQLParserException e) {
System.out.println("SQL解析出现异常" + e.getMessage());
}
System.out.println("-----------------------------------------");
}
}
private void printSqlInfo(SelectSqlInfo sqlInfo, int level) {
String beforeStr = this.getBeforeStr(level);
if (sqlInfo.getFromTableName() == null) {
// 子查询
System.out.println(beforeStr + "子查询:" + sqlInfo.getFromSubSelect().getParsedSql());
this.printSqlInfo(sqlInfo.getFromSubSelect(), level + 1);
} else {
// 非子查询
System.out.println(beforeStr + "查询的表名:" + sqlInfo.getFromTableName());
}
if (oConvertUtils.isNotEmpty(sqlInfo.getFromTableAliasName())) {
System.out.println(beforeStr + "查询的表别名:" + sqlInfo.getFromTableAliasName());
}
if (sqlInfo.isSelectAll()) {
System.out.println(beforeStr + "查询的字段:*");
} else {
System.out.println(beforeStr + "查询的字段:" + sqlInfo.getSelectFields());
System.out.println(beforeStr + "真实的字段:" + sqlInfo.getRealSelectFields());
if (sqlInfo.getFromTableName() == null) {
System.out.println(beforeStr + "所有的字段(包括子查询):" + sqlInfo.getAllRealSelectFields());
}
}
}
// 打印前缀,根据层级来打印
private String getBeforeStr(int level) {
if (level == 0) {
return "";
}
StringBuilder beforeStr = new StringBuilder();
for (int i = 0; i < level; i++) {
beforeStr.append(" ");
}
beforeStr.append("- ");
return beforeStr.toString();
}
}
//package org.jeecg.test.sqlparse;
//
//import net.sf.jsqlparser.JSQLParserException;
//import org.jeecg.common.util.oConvertUtils;
//import org.jeecg.common.util.sqlparse.JSqlParserUtils;
//import org.jeecg.common.util.sqlparse.vo.SelectSqlInfo;
//import org.junit.Test;
//
//import java.util.Map;
//
///**
// * 针对 JSqlParserUtils 的单元测试
// */
//public class JSqlParserUtilsTest {
//
// private static final String[] sqlList = new String[]{
// "select * from sys_user",
// "select u.* from sys_user u",
// "select u.*, c.name from sys_user u, demo c",
// "select u.age, c.name from sys_user u, demo c",
// "select sex, age, c.name from sys_user, demo c",
// // 别名测试
// "select username as realname from sys_user",
// "select username as realname, u.realname as aaa, u.id bbb from sys_user u",
// // 不存在真实地查询字段
// "select count(1) from sys_user",
// // 函数式字段
// "select max(sex), id from sys_user",
// // 复杂嵌套函数式字段
// "select CONCAT(CONCAT(' _ ', sex), ' - ' , birthday) as info, id from sys_user",
// // 更复杂的嵌套函数式字段
// "select CONCAT(CONCAT(101,'_',NULL, DATE(create_time),'_',sex),' - ',birthday) as info, id from sys_user",
// // 子查询SQL
// "select u.name1 as name2 from (select username as name1 from sys_user) u",
// // 多层嵌套子查询SQL
// "select u2.name2 as name3 from (select u1.name1 as name2 from (select username as name1 from sys_user) u1) u2",
// // 字段子查询SQL
// "select id, (select username as name1 from sys_user u2 where u1.id = u2.id) as name2 from sys_user u1",
// // 带条件的SQL不解析where条件里的字段但不影响解析查询字段
// "select username as name1 from sys_user where realname LIKE '%张%'",
// // 多重复杂关联表查询解析包含的表为sys_user, sys_depart, sys_dict_item, demo
// "" +
// "SELECT " +
// " u.*, d.age, sd.item_text AS sex, (SELECT count(sd.id) FROM sys_depart sd) AS count " +
// "FROM " +
// " (SELECT sd.username AS foo, sd.realname FROM sys_user sd) u, " +
// " demo d " +
// "LEFT JOIN sys_dict_item AS sd ON d.sex = sd.item_value " +
// "WHERE sd.dict_id = '3d9a351be3436fbefb1307d4cfb49bf2'",
// };
//
// @Test
// public void testParseSelectSql() {
// System.out.println("-----------------------------------------");
// for (String sql : sqlList) {
// System.out.println("待测试的sql" + sql);
// try {
// // 解析所有的表名key=表名value=解析后的sql信息
// Map<String, SelectSqlInfo> parsedMap = JSqlParserUtils.parseAllSelectTable(sql);
// assert parsedMap != null;
// for (Map.Entry<String, SelectSqlInfo> entry : parsedMap.entrySet()) {
// System.out.println("表名:" + entry.getKey());
// this.printSqlInfo(entry.getValue(), 1);
// }
// } catch (JSQLParserException e) {
// System.out.println("SQL解析出现异常" + e.getMessage());
// }
// System.out.println("-----------------------------------------");
// }
// }
//
// private void printSqlInfo(SelectSqlInfo sqlInfo, int level) {
// String beforeStr = this.getBeforeStr(level);
// if (sqlInfo.getFromTableName() == null) {
// // 子查询
// System.out.println(beforeStr + "子查询:" + sqlInfo.getFromSubSelect().getParsedSql());
// this.printSqlInfo(sqlInfo.getFromSubSelect(), level + 1);
// } else {
// // 非子查询
// System.out.println(beforeStr + "查询的表名:" + sqlInfo.getFromTableName());
// }
// if (oConvertUtils.isNotEmpty(sqlInfo.getFromTableAliasName())) {
// System.out.println(beforeStr + "查询的表别名:" + sqlInfo.getFromTableAliasName());
// }
// if (sqlInfo.isSelectAll()) {
// System.out.println(beforeStr + "查询的字段:*");
// } else {
// System.out.println(beforeStr + "查询的字段:" + sqlInfo.getSelectFields());
// System.out.println(beforeStr + "真实的字段:" + sqlInfo.getRealSelectFields());
// if (sqlInfo.getFromTableName() == null) {
// System.out.println(beforeStr + "所有的字段(包括子查询):" + sqlInfo.getAllRealSelectFields());
// }
// }
// }
//
// // 打印前缀,根据层级来打印
// private String getBeforeStr(int level) {
// if (level == 0) {
// return "";
// }
// StringBuilder beforeStr = new StringBuilder();
// for (int i = 0; i < level; i++) {
// beforeStr.append(" ");
// }
// beforeStr.append("- ");
// return beforeStr.toString();
// }
//
//}

10
jeecg-boot/jeecg-module-system/jeecg-system-biz/pom.xml
View File

@ -19,10 +19,10 @@
<groupId>org.hibernate</groupId>
<artifactId>hibernate-core</artifactId>
</dependency>
<dependency>
<!--<dependency>
<groupId>org.jeecgframework.boot3</groupId>
<artifactId>hibernate-re</artifactId>
</dependency>
</dependency>-->
<!-- 企业微信/钉钉 api -->
<dependency>
@ -30,7 +30,7 @@
<artifactId>weixin4j</artifactId>
</dependency>
<!-- 积木报表 -->
<dependency>
<!--<dependency>
<groupId>org.jeecgframework.jimureport</groupId>
<artifactId>jimureport-spring-boot3-starter-fastjson2</artifactId>
</dependency>
@ -38,11 +38,11 @@
<groupId>org.jeecgframework.jimureport</groupId>
<artifactId>jimureport-nosql-starter</artifactId>
</dependency>
<!-- 积木BI -->
&lt;!&ndash; 积木BI &ndash;&gt;
<dependency>
<groupId>org.jeecgframework.jimureport</groupId>
<artifactId>jimubi-spring-boot3-starter</artifactId>
</dependency>
</dependency>-->
</dependencies>
</project>

83
jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/config/firewall/SqlInjection/impl/DictTableWhiteListHandlerImpl.java
View File

@ -4,8 +4,8 @@ import lombok.extern.slf4j.Slf4j;
import org.jeecg.common.constant.SymbolConstant;
import org.jeecg.common.exception.JeecgSqlInjectionException;
import org.jeecg.common.util.oConvertUtils;
import org.jeecg.common.util.sqlparse.JSqlParserUtils;
import org.jeecg.common.util.sqlparse.vo.SelectSqlInfo;
//import org.jeecg.common.util.sqlparse.JSqlParserUtils;
//import org.jeecg.common.util.sqlparse.vo.SelectSqlInfo;
import org.jeecg.config.JeecgBaseConfig;
import org.jeecg.config.firewall.SqlInjection.IDictTableWhiteListHandler;
import org.jeecg.config.firewall.interceptor.LowCodeModeInterceptor;
@ -63,31 +63,31 @@ public class DictTableWhiteListHandlerImpl implements IDictTableWhiteListHandler
@Override
public boolean isPassBySql(String sql) {
Map<String, SelectSqlInfo> parsedMap = null;
try {
parsedMap = JSqlParserUtils.parseAllSelectTable(sql);
} catch (Exception e) {
log.warn("校验sql语句解析报错{}", e.getMessage());
}
// 如果sql有问题则肯定执行不了所以直接返回true
if (parsedMap == null) {
return true;
}
log.info("获取select sql信息 {} ", parsedMap);
// 遍历当前sql中的所有表名如果有其中一个表或表的字段不在白名单中则不通过
for (Map.Entry<String, SelectSqlInfo> entry : parsedMap.entrySet()) {
SelectSqlInfo sqlInfo = entry.getValue();
if (sqlInfo.isSelectAll()) {
log.warn("查询语句中包含 * 字段,暂时先通过");
continue;
}
Set<String> queryFields = sqlInfo.getAllRealSelectFields();
// 校验表名和字段是否允许查询
String tableName = entry.getKey();
if (!this.checkWhiteList(tableName, queryFields)) {
return false;
}
}
// Map<String, SelectSqlInfo> parsedMap = null;
// try {
// parsedMap = JSqlParserUtils.parseAllSelectTable(sql);
// } catch (Exception e) {
// log.warn("校验sql语句解析报错{}", e.getMessage());
// }
// // 如果sql有问题则肯定执行不了所以直接返回true
// if (parsedMap == null) {
// return true;
// }
// log.info("获取select sql信息 {} ", parsedMap);
// // 遍历当前sql中的所有表名如果有其中一个表或表的字段不在白名单中则不通过
// for (Map.Entry<String, SelectSqlInfo> entry : parsedMap.entrySet()) {
// SelectSqlInfo sqlInfo = entry.getValue();
// if (sqlInfo.isSelectAll()) {
// log.warn("查询语句中包含 * 字段,暂时先通过");
// continue;
// }
// Set<String> queryFields = sqlInfo.getAllRealSelectFields();
// // 校验表名和字段是否允许查询
// String tableName = entry.getKey();
// if (!this.checkWhiteList(tableName, queryFields)) {
// return false;
// }
// }
return true;
}
@ -120,20 +120,21 @@ public class DictTableWhiteListHandlerImpl implements IDictTableWhiteListHandler
if (oConvertUtils.isEmpty(tableName)) {
return true;
}
if (fields == null || fields.length == 0) {
fields = new String[]{"*"};
}
String sql = "select " + String.join(",", fields) + " from " + tableName;
log.info("字典拼接的查询SQL{}", sql);
try {
// 进行SQL解析
JSqlParserUtils.parseSelectSqlInfo(sql);
} catch (Exception e) {
// 如果SQL解析失败则通过字段名和表名进行校验
return checkWhiteList(tableName, new HashSet<>(Arrays.asList(fields)));
}
// 通过SQL解析进行校验可防止SQL注入
return this.isPassBySql(sql);
// if (fields == null || fields.length == 0) {
// fields = new String[]{"*"};
// }
// String sql = "select " + String.join(",", fields) + " from " + tableName;
// log.info("字典拼接的查询SQL{}", sql);
// try {
// // 进行SQL解析
// JSqlParserUtils.parseSelectSqlInfo(sql);
// } catch (Exception e) {
// // 如果SQL解析失败则通过字段名和表名进行校验
// return checkWhiteList(tableName, new HashSet<>(Arrays.asList(fields)));
// }
// // 通过SQL解析进行校验可防止SQL注入
// return this.isPassBySql(sql);
return true;
}
/**

248
jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/config/jimureport/JimuDragExternalServiceImpl.java
View File

@ -1,124 +1,124 @@
package org.jeecg.config.jimureport;
import com.alibaba.fastjson.JSONObject;
import lombok.extern.slf4j.Slf4j;
import org.jeecg.common.api.dto.LogDTO;
import org.jeecg.common.system.api.ISysBaseAPI;
import org.jeecg.common.system.vo.DictModel;
import org.jeecg.common.util.oConvertUtils;
import org.jeecg.modules.base.service.BaseCommonService;
import org.jeecg.modules.drag.service.IOnlDragExternalService;
import org.jeecg.modules.drag.vo.DragDictModel;
import org.jeecg.modules.drag.vo.DragLogDTO;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;
import org.springframework.stereotype.Service;
import org.springframework.util.CollectionUtils;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
/**
* @Description:
* @Author: lsq
* @Date:2023-01-09
* @Version:V1.0
*/
@Slf4j
@Service("onlDragExternalServiceImpl")
public class JimuDragExternalServiceImpl implements IOnlDragExternalService {
@Autowired
@Lazy
private BaseCommonService baseCommonService;
@Autowired
@Lazy
private ISysBaseAPI sysBaseApi;
/**
* code
* @param codeList
* @return key = dictCode value=
*/
@Override
public Map<String, List<DragDictModel>> getManyDictItems(List<String> codeList, List<JSONObject> tableDictList) {
Map<String, List<DragDictModel>> manyDragDictItems = new HashMap<>();
if(!CollectionUtils.isEmpty(codeList)){
Map<String, List<DictModel>> dictItemsMap = sysBaseApi.getManyDictItems(codeList);
dictItemsMap.forEach((k,v)->{
List<DragDictModel> dictItems = new ArrayList<>();
v.forEach(dictItem->{
DragDictModel dictModel = new DragDictModel();
BeanUtils.copyProperties(dictItem,dictModel);
dictItems.add(dictModel);
});
manyDragDictItems.put(k,dictItems);
});
}
if(!CollectionUtils.isEmpty(tableDictList)){
tableDictList.forEach(item->{
List<DragDictModel> dictItems = new ArrayList<>();
JSONObject object = JSONObject.parseObject(item.toString());
String dictField = object.getString("dictField");
String dictTable = object.getString("dictTable");
String dictText = object.getString("dictText");
String fieldName = object.getString("fieldName");
List<DictModel> dictItemsList = sysBaseApi.queryTableDictItemsByCode(dictTable,dictText,dictField);
dictItemsList.forEach(dictItem->{
DragDictModel dictModel = new DragDictModel();
BeanUtils.copyProperties(dictItem,dictModel);
dictItems.add(dictModel);
});
manyDragDictItems.put(fieldName,dictItems);
});
}
return manyDragDictItems;
}
/**
*
* @param dictCode
* @return
*/
@Override
public List<DragDictModel> getDictItems(String dictCode) {
List<DragDictModel> dictItems = new ArrayList<>();
if(oConvertUtils.isNotEmpty(dictCode)){
List<DictModel> dictItemsList = sysBaseApi.getDictItems(dictCode);
dictItemsList.forEach(dictItem->{
DragDictModel dictModel = new DragDictModel();
BeanUtils.copyProperties(dictItem,dictModel);
dictItems.add(dictModel);
});
}
return dictItems;
}
/**
*
* @param dragLogDTO
*/
@Override
public void addLog(DragLogDTO dragLogDTO) {
if(oConvertUtils.isNotEmpty(dragLogDTO)){
LogDTO dto = new LogDTO();
BeanUtils.copyProperties(dragLogDTO,dto);
baseCommonService.addLog(dto);
}
}
/**
*
* @param logMsg
* @param logType
* @param operateType
*/
@Override
public void addLog(String logMsg, int logType, int operateType) {
baseCommonService.addLog(logMsg,logType,operateType);
}
}
//package org.jeecg.config.jimureport;
//
//import com.alibaba.fastjson.JSONObject;
//import lombok.extern.slf4j.Slf4j;
//import org.jeecg.common.api.dto.LogDTO;
//import org.jeecg.common.system.api.ISysBaseAPI;
//import org.jeecg.common.system.vo.DictModel;
//import org.jeecg.common.util.oConvertUtils;
//import org.jeecg.modules.base.service.BaseCommonService;
//import org.jeecg.modules.drag.service.IOnlDragExternalService;
//import org.jeecg.modules.drag.vo.DragDictModel;
//import org.jeecg.modules.drag.vo.DragLogDTO;
//import org.springframework.beans.BeanUtils;
//import org.springframework.beans.factory.annotation.Autowired;
//import org.springframework.context.annotation.Lazy;
//import org.springframework.stereotype.Service;
//import org.springframework.util.CollectionUtils;
//
//import java.util.ArrayList;
//import java.util.HashMap;
//import java.util.List;
//import java.util.Map;
//
///**
// * @Description: 字典处理
// * @Author: lsq
// * @Date:2023-01-09
// * @Version:V1.0
// */
//@Slf4j
//@Service("onlDragExternalServiceImpl")
//public class JimuDragExternalServiceImpl implements IOnlDragExternalService {
//
// @Autowired
// @Lazy
// private BaseCommonService baseCommonService;
//
// @Autowired
// @Lazy
// private ISysBaseAPI sysBaseApi;
// /**
// * 根据多个字典code查询多个字典项
// * @param codeList
// * @return key = dictCode value=对应的字典项
// */
// @Override
// public Map<String, List<DragDictModel>> getManyDictItems(List<String> codeList, List<JSONObject> tableDictList) {
// Map<String, List<DragDictModel>> manyDragDictItems = new HashMap<>();
// if(!CollectionUtils.isEmpty(codeList)){
// Map<String, List<DictModel>> dictItemsMap = sysBaseApi.getManyDictItems(codeList);
// dictItemsMap.forEach((k,v)->{
// List<DragDictModel> dictItems = new ArrayList<>();
// v.forEach(dictItem->{
// DragDictModel dictModel = new DragDictModel();
// BeanUtils.copyProperties(dictItem,dictModel);
// dictItems.add(dictModel);
// });
// manyDragDictItems.put(k,dictItems);
// });
// }
//
// if(!CollectionUtils.isEmpty(tableDictList)){
// tableDictList.forEach(item->{
// List<DragDictModel> dictItems = new ArrayList<>();
// JSONObject object = JSONObject.parseObject(item.toString());
// String dictField = object.getString("dictField");
// String dictTable = object.getString("dictTable");
// String dictText = object.getString("dictText");
// String fieldName = object.getString("fieldName");
// List<DictModel> dictItemsList = sysBaseApi.queryTableDictItemsByCode(dictTable,dictText,dictField);
// dictItemsList.forEach(dictItem->{
// DragDictModel dictModel = new DragDictModel();
// BeanUtils.copyProperties(dictItem,dictModel);
// dictItems.add(dictModel);
// });
// manyDragDictItems.put(fieldName,dictItems);
// });
// }
// return manyDragDictItems;
// }
//
// /**
// *
// * @param dictCode
// * @return
// */
// @Override
// public List<DragDictModel> getDictItems(String dictCode) {
// List<DragDictModel> dictItems = new ArrayList<>();
// if(oConvertUtils.isNotEmpty(dictCode)){
// List<DictModel> dictItemsList = sysBaseApi.getDictItems(dictCode);
// dictItemsList.forEach(dictItem->{
// DragDictModel dictModel = new DragDictModel();
// BeanUtils.copyProperties(dictItem,dictModel);
// dictItems.add(dictModel);
// });
// }
// return dictItems;
// }
//
// /**
// * 添加日志
// * @param dragLogDTO
// */
// @Override
// public void addLog(DragLogDTO dragLogDTO) {
// if(oConvertUtils.isNotEmpty(dragLogDTO)){
// LogDTO dto = new LogDTO();
// BeanUtils.copyProperties(dragLogDTO,dto);
// baseCommonService.addLog(dto);
// }
// }
//
// /**
// * 保存日志
// * @param logMsg
// * @param logType
// * @param operateType
// */
// @Override
// public void addLog(String logMsg, int logType, int operateType) {
// baseCommonService.addLog(logMsg,logType,operateType);
// }
//}

214
jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/config/jimureport/JimuReportTokenService.java
View File

@ -1,107 +1,107 @@
package org.jeecg.config.jimureport;
import lombok.extern.slf4j.Slf4j;
import org.jeecg.common.system.util.JwtUtil;
import org.jeecg.common.system.vo.SysUserCacheInfo;
import org.jeecg.common.util.RedisUtil;
import org.jeecg.common.util.TokenUtils;
import org.jeecg.modules.jmreport.api.JmReportTokenServiceI;
import org.jeecg.modules.system.service.impl.SysBaseApiImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;
import org.springframework.stereotype.Component;
import org.springframework.util.CollectionUtils;
import jakarta.servlet.http.HttpServletRequest;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
/**
* ()
* * 1.token
* * 2.
* @author: jeecg-boot
*/
@Slf4j
@Component
public class JimuReportTokenService implements JmReportTokenServiceI {
@Autowired
private SysBaseApiImpl sysBaseApi;
@Autowired
@Lazy
private RedisUtil redisUtil;
@Override
public String getToken(HttpServletRequest request) {
return TokenUtils.getTokenByRequest(request);
}
@Override
public String getUsername(String token) {
return JwtUtil.getUsername(token);
}
@Override
public String[] getRoles(String token) {
String username = JwtUtil.getUsername(token);
Set roles = sysBaseApi.getUserRoleSet(username);
if(CollectionUtils.isEmpty(roles)){
return null;
}
return (String[]) roles.toArray(new String[roles.size()]);
}
@Override
public Boolean verifyToken(String token) {
return TokenUtils.verifyToken(token, sysBaseApi, redisUtil);
}
@Override
public Map<String, Object> getUserInfo(String token) {
Map<String, Object> map = new HashMap(5);
String username = JwtUtil.getUsername(token);
//此处通过token只能拿到一个信息 用户账号 后面的就是根据账号获取其他信息 查询数据或是走redis 用户根据自身业务可自定义
SysUserCacheInfo userInfo = null;
try {
userInfo = sysBaseApi.getCacheUser(username);
} catch (Exception e) {
log.error("获取用户信息异常:"+ e.getMessage());
return map;
}
//设置账号名
map.put(SYS_USER_CODE, userInfo.getSysUserCode());
//设置部门编码
map.put(SYS_ORG_CODE, userInfo.getSysOrgCode());
// 将所有信息存放至map 解析sql/api会根据map的键值解析
return map;
}
/**
* jeecgboot
* @param token
* @return
*/
@Override
public String[] getPermissions(String token) {
// 获取用户信息
String username = JwtUtil.getUsername(token);
SysUserCacheInfo userInfo = null;
try {
userInfo = sysBaseApi.getCacheUser(username);
} catch (Exception e) {
log.error("获取用户信息异常:"+ e.getMessage());
}
if(userInfo == null){
return null;
}
// 查询权限
Set<String> userPermissions = sysBaseApi.getUserPermissionSet(userInfo.getSysUserId());
if(CollectionUtils.isEmpty(userPermissions)){
return null;
}
return userPermissions.toArray(new String[0]);
}
}
//package org.jeecg.config.jimureport;
//
//import lombok.extern.slf4j.Slf4j;
//import org.jeecg.common.system.util.JwtUtil;
//import org.jeecg.common.system.vo.SysUserCacheInfo;
//import org.jeecg.common.util.RedisUtil;
//import org.jeecg.common.util.TokenUtils;
//import org.jeecg.modules.jmreport.api.JmReportTokenServiceI;
//import org.jeecg.modules.system.service.impl.SysBaseApiImpl;
//import org.springframework.beans.factory.annotation.Autowired;
//import org.springframework.context.annotation.Lazy;
//import org.springframework.stereotype.Component;
//import org.springframework.util.CollectionUtils;
//
//import jakarta.servlet.http.HttpServletRequest;
//import java.util.HashMap;
//import java.util.Map;
//import java.util.Set;
//
///**
// * 自定义积木报表鉴权(如果不进行自定义,则所有请求不做权限控制)
// * * 1.自定义获取登录token
// * * 2.自定义获取登录用户
// * @author: jeecg-boot
// */
//
//
//@Slf4j
//@Component
//public class JimuReportTokenService implements JmReportTokenServiceI {
// @Autowired
// private SysBaseApiImpl sysBaseApi;
// @Autowired
// @Lazy
// private RedisUtil redisUtil;
//
// @Override
// public String getToken(HttpServletRequest request) {
// return TokenUtils.getTokenByRequest(request);
// }
//
// @Override
// public String getUsername(String token) {
// return JwtUtil.getUsername(token);
// }
//
// @Override
// public String[] getRoles(String token) {
// String username = JwtUtil.getUsername(token);
// Set roles = sysBaseApi.getUserRoleSet(username);
// if(CollectionUtils.isEmpty(roles)){
// return null;
// }
// return (String[]) roles.toArray(new String[roles.size()]);
// }
//
// @Override
// public Boolean verifyToken(String token) {
// return TokenUtils.verifyToken(token, sysBaseApi, redisUtil);
// }
//
// @Override
// public Map<String, Object> getUserInfo(String token) {
// Map<String, Object> map = new HashMap(5);
// String username = JwtUtil.getUsername(token);
// //此处通过token只能拿到一个信息 用户账号 后面的就是根据账号获取其他信息 查询数据或是走redis 用户根据自身业务可自定义
// SysUserCacheInfo userInfo = null;
// try {
// userInfo = sysBaseApi.getCacheUser(username);
// } catch (Exception e) {
// log.error("获取用户信息异常:"+ e.getMessage());
// return map;
// }
// //设置账号名
// map.put(SYS_USER_CODE, userInfo.getSysUserCode());
// //设置部门编码
// map.put(SYS_ORG_CODE, userInfo.getSysOrgCode());
// // 将所有信息存放至map 解析sql/api会根据map的键值解析
// return map;
// }
//
// /**
// * 将jeecgboot平台的权限传递给积木报表
// * @param token
// * @return
// */
// @Override
// public String[] getPermissions(String token) {
// // 获取用户信息
// String username = JwtUtil.getUsername(token);
// SysUserCacheInfo userInfo = null;
// try {
// userInfo = sysBaseApi.getCacheUser(username);
// } catch (Exception e) {
// log.error("获取用户信息异常:"+ e.getMessage());
// }
// if(userInfo == null){
// return null;
// }
// // 查询权限
// Set<String> userPermissions = sysBaseApi.getUserPermissionSet(userInfo.getSysUserId());
// if(CollectionUtils.isEmpty(userPermissions)){
// return null;
// }
// return userPermissions.toArray(new String[0]);
// }
//}

116
jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/springframework/boot/autoconfigure/mongo/MongoAutoConfiguration.java
View File

@ -1,64 +1,56 @@
////
//// Source code recreated from a .class file by IntelliJ IDEA
//// (powered by Fernflower decompiler)
////
//
// Source code recreated from a .class file by IntelliJ IDEA
// (powered by Fernflower decompiler)
//package org.springframework.boot.autoconfigure.mongo;
//
package org.springframework.boot.autoconfigure.mongo;
import com.mongodb.MongoClientSettings;
import com.mongodb.client.MongoClient;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.autoconfigure.mongo.MongoClientFactory;
import org.springframework.boot.autoconfigure.mongo.MongoClientSettingsBuilderCustomizer;
import org.springframework.boot.autoconfigure.mongo.MongoProperties;
import org.springframework.boot.autoconfigure.mongo.MongoPropertiesClientSettingsBuilderCustomizer;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.core.env.Environment;
import java.util.List;
import java.util.stream.Collectors;
@Primary
@AutoConfiguration
@ConditionalOnClass({MongoClient.class})
@ConditionalOnProperty(name = "spring.data.mongodb.uri", havingValue = "", matchIfMissing = false)
@EnableConfigurationProperties({MongoProperties.class})
@ConditionalOnMissingBean(
type = {"org.springframework.data.mongodb.MongoDatabaseFactory"}
)
public class MongoAutoConfiguration {
public MongoAutoConfiguration() {
}
@Bean
@ConditionalOnMissingBean({MongoClient.class})
public MongoClient mongo(ObjectProvider<MongoClientSettingsBuilderCustomizer> builderCustomizers, MongoClientSettings settings) {
return (MongoClient)(new MongoClientFactory((List)builderCustomizers.orderedStream().collect(Collectors.toList()))).createMongoClient(settings);
}
@Configuration(
proxyBeanMethods = false
)
@ConditionalOnMissingBean({MongoClientSettings.class})
static class MongoClientSettingsConfiguration {
MongoClientSettingsConfiguration() {
}
@Bean
MongoClientSettings mongoClientSettings() {
return MongoClientSettings.builder().build();
}
@Bean
MongoPropertiesClientSettingsBuilderCustomizer mongoPropertiesCustomizer(MongoProperties properties, Environment environment) {
return new MongoPropertiesClientSettingsBuilderCustomizer(properties);
}
}
}
//import com.mongodb.MongoClientSettings;
//import com.mongodb.client.MongoClient;
//import org.springframework.beans.factory.ObjectProvider;
//import org.springframework.boot.autoconfigure.AutoConfiguration;
//import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
//import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
//import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
//import org.springframework.boot.context.properties.EnableConfigurationProperties;
//import org.springframework.context.annotation.Bean;
//import org.springframework.context.annotation.Configuration;
//import org.springframework.context.annotation.Primary;
//import org.springframework.core.env.Environment;
//
//import java.util.List;
//import java.util.stream.Collectors;
//
//@Primary
//@AutoConfiguration
//@ConditionalOnClass({MongoClient.class})
//@ConditionalOnProperty(name = "spring.data.mongodb.uri", havingValue = "", matchIfMissing = false)
//@EnableConfigurationProperties({MongoProperties.class})
//@ConditionalOnMissingBean(
// type = {"org.springframework.data.mongodb.MongoDatabaseFactory"}
//)
//public class MongoAutoConfiguration {
// public MongoAutoConfiguration() {
// }
//
// @Bean
// @ConditionalOnMissingBean({MongoClient.class})
// public MongoClient mongo(ObjectProvider<MongoClientSettingsBuilderCustomizer> builderCustomizers, MongoClientSettings settings) {
// return (MongoClient)(new MongoClientFactory((List)builderCustomizers.orderedStream().collect(Collectors.toList()))).createMongoClient(settings);
// }
//
// @Configuration(
// proxyBeanMethods = false
// )
// @ConditionalOnMissingBean({MongoClientSettings.class})
// static class MongoClientSettingsConfiguration {
// MongoClientSettingsConfiguration() {
// }
//
// @Bean
// MongoClientSettings mongoClientSettings() {
// return MongoClientSettings.builder().build();
// }
//
// }
//}

10
jeecg-boot/pom.xml
View File

@ -23,7 +23,7 @@
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>3.1.5</version>
<version>3.4.4</version>
<relativePath/>
</parent>
@ -33,8 +33,8 @@
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<!-- 微服务 -->
<spring-cloud.version>2022.0.4</spring-cloud.version>
<spring-cloud-alibaba.version>2022.0.0.0</spring-cloud-alibaba.version>
<spring-cloud.version>2024.0.1</spring-cloud.version>
<spring-cloud-alibaba.version>2023.0.3.2</spring-cloud-alibaba.version>
<alibaba.nacos.version>2.0.4</alibaba.nacos.version>
<xxl-job-core.version>2.4.1</xxl-job-core.version>
@ -56,7 +56,7 @@
<!-- 积木报表-->
<jimureport-spring-boot-starter.version>1.9.4</jimureport-spring-boot-starter.version>
<!-- 持久层 -->
<mybatis-plus.version>3.5.3.2</mybatis-plus.version>
<mybatis-plus.version>3.5.11</mybatis-plus.version>
<dynamic-datasource-spring-boot-starter.version>4.1.3</dynamic-datasource-spring-boot-starter.version>
<druid.version>1.2.24</druid.version>
@ -79,7 +79,7 @@
<!-- Log4j2爆雷漏洞 -->
<!-- spring boot 3 不支持下列两个版本-->
<!--<log4j2.version>2.17.0</log4j2.version>-->
<logback.version>1.4.12</logback.version>
<!--<logback.version>1.4.12</logback.version>-->
</properties>
<modules>