mybatis-plus 全局拦截器

问题

  在项目中遇到一个问题,前端输入一些html标签时,传到后台会被转义掉。导致回显的时候数据错误  

原因和思路

  debug时看到后台接收到的数据就已经是被转义掉的。存入到数据库时数据也就错误了。我把原数据存入到数据库时,显示是正常的。所以我就想着在存入数据库时对数据进行下解码

代码

package com.sgcc.sgcip.biz.economy.util;

import com.baomidou.mybatisplus.core.toolkit.PluginUtils;
import com.baomidou.mybatisplus.extension.handlers.AbstractSqlParserHandler;
import org.apache.commons.lang3.StringEscapeUtils;
import org.apache.ibatis.executor.statement.StatementHandler;
import org.apache.ibatis.mapping.BoundSql;
import org.apache.ibatis.mapping.MappedStatement;
import org.apache.ibatis.mapping.ParameterMapping;
import org.apache.ibatis.mapping.SqlCommandType;
import org.apache.ibatis.plugin.*;
import org.apache.ibatis.reflection.DefaultReflectorFactory;
import org.apache.ibatis.reflection.MetaObject;
import org.apache.ibatis.reflection.SystemMetaObject;
import org.apache.ibatis.reflection.factory.DefaultObjectFactory;
import org.apache.ibatis.reflection.factory.ObjectFactory;
import org.apache.ibatis.reflection.wrapper.DefaultObjectWrapperFactory;
import org.apache.ibatis.reflection.wrapper.ObjectWrapperFactory;
import org.springframework.stereotype.Component;

import java.sql.Connection;
import java.util.List;
import java.util.Properties;

@Intercepts({
        @Signature(type = StatementHandler.class, method = "prepare", args = { Connection.class, Integer.class }) })
@Component
public class DataScopeInterceptor extends AbstractSqlParserHandler implements Interceptor
{

    private static final ObjectFactory DEFAULT_OBJECT_FACTORY = new DefaultObjectFactory();
    private static final ObjectWrapperFactory DEFAULT_OBJECT_WRAPPER_FACTORY = new DefaultObjectWrapperFactory();


    @Override
    public Object intercept(Invocation invocation) throws Throwable
    {
        StatementHandler statementHandler = PluginUtils.realTarget(invocation.getTarget());
        MetaObject metaObject = SystemMetaObject.forObject(statementHandler);
        this.sqlParser(metaObject);
        // 先判断是不是update 和 insert操作 不是直接过滤
        MappedStatement mappedStatement = (MappedStatement) metaObject.getValue("delegate.mappedStatement");
        if (!SqlCommandType.UPDATE.equals(mappedStatement.getSqlCommandType()) && !SqlCommandType.INSERT
                .equals(mappedStatement.getSqlCommandType()))
        {
            return invocation.proceed();
        }
        BoundSql boundSql = (BoundSql) metaObject.getValue("delegate.boundSql");
        //入参
        Object parameterObject = boundSql.getParameterObject();

        List<ParameterMapping> parameterMappings = boundSql.getParameterMappings();
        modifyLikeSql(parameterObject,parameterMappings);
        return invocation.proceed();
    }

    public static void modifyLikeSql(Object parameterObject,List<ParameterMapping> parameterMappings)
    {
        for(ParameterMapping parameterMapping:parameterMappings)
        {
            String property = parameterMapping.getProperty();
            MetaObject metaObject = MetaObject.forObject(parameterObject, DEFAULT_OBJECT_FACTORY,
                    DEFAULT_OBJECT_WRAPPER_FACTORY, new DefaultReflectorFactory());
                Object val = metaObject.getValue(property);
                if (val != null && val instanceof String)
                {
                    val = StringEscapeUtils.unescapeXml(val.toString());
                    metaObject.setValue(property, val);
                }
        }
    }

    /**
     * 生成拦截对象的代理
     *
     * @param target 目标对象
     * @return 代理对象
     */
    @Override
    public Object plugin(Object target)
    {
        if (target instanceof StatementHandler)
        {
            return Plugin.wrap(target, this);
        }
        return target;
    }

    /**
     * mybatis配置的属性
     *
     * @param properties mybatis配置的属性
     */
    @Override
    public void setProperties(Properties properties)
    {

    }


}

这里只对添加和修改的语句进行修改

posted @ 2021-10-09 11:43  closeIt  阅读(2339)  评论(0编辑  收藏  举报