防全表更新与删除插件
-
配置类
@Configuration
public class MybatisPlusConfig {
@Bean
public MybatisPlusInterceptor mybatisPlusInterceptor() {
MybatisPlusInterceptor interceptor = new MybatisPlusInterceptor();
interceptor.addInnerInterceptor(new BlockAttackInnerInterceptor());
return interceptor;
}
}
- 测试
@RestController
@RequestMapping("/test")
public class TestController {
@Autowired
private UserService userService;
/**
* 全表更新
* @return
*
* # 未使用插件时,可全表更新
* UPDATE user SET username=?, password=?
* custom_name(String), xxx@mail.com(String)
*
* # 使用插件后,全表更新则报错
*/
@RequestMapping("/test1")
@ResponseBody
public String test1(){
User user = new User();
user.setId("999");
user.setUsername("custom_name");
user.setPassword("xxx@mail.com");
// com.baomidou.mybatisplus.core.exceptions.MybatisPlusException: Prohibition of table update operation
userService.saveOrUpdate(user, null);
return "success";
}
/**
* 部分更新
*
* # 使用插件后,也可部分表更新
* UPDATE user SET username=?, password=? WHERE (id = ?)
* custom_name(String), xxx@mail.com(String), 1(Integer)
*/
@RequestMapping("/test2")
@ResponseBody
public String test2(){
LambdaUpdateWrapper<User> wrapper = new LambdaUpdateWrapper<>();
wrapper.eq(User::getId, 1);
User user = new User();
user.setId("10");
user.setUsername("custom_name");
user.setPassword("xxx@mail.com");
userService.saveOrUpdate(user, wrapper);
return "success";
}
}
