wallFilter对sql有着严格的校验,会对有风险的sql过滤,抛出异常信息;
org.springframework.jdbc.UncategorizedSQLException:
### Error querying database. Cause: java.sql.SQLException: sql injection violation, syntax error: syntax error, expect RPAREN, actual IDENTIFIER ) : select nvl(sum(decode(fpztbz, '0',1, 0)),0) zcpfs, nvl(sum(decode(fpztbz, '1', 1, 0)),0) tpfs, nvl(sum(decode(fpztbz, '0', 0, '1', 0, 1)),0) fpfs, nvl(sum(decode(fpztbz,'0', je ,0)),0) zcpje, nvl(sum(decode(fpztbz,'0', se ,0)),0) zcpse, nvl(sum(decode(fpztbz,'1', je,0)),0) tpje , nvl(sum(decode(fpztbz,'1', se,0)),0) tpse, nvl(sum(decode(fpztbz,'0', bzsje,0)),0) bzsje, nvl(sum(decode(fpztbz,'1', bzsje, 0)),0) hpbzsje, nvl(sum(decode(tspz,'02',decode(fpztbz, '0', je, 0), 0)),0) sgfpje, nvl(sum(decode(tspz,'02',decode(fpztbz, '1', je, 0), 0)),0) hpsgje fromcb_fp_zzspp_jb...
解决办法,关闭语法检测-----StrictSyntaxCheck(false)
wallConfig.setStrictSyntaxCheck(false);//是否进行严格的语法检测,Druid SQL Parser在某些场景不能覆盖所有的SQL语法,出现解析SQL出错,可以临时把这个选项设置为false,同时把SQL反馈给Druid的开发者。
配置示例:
import com.alibaba.druid.filter.Filter;import com.alibaba.druid.pool.DruidDataSource;import com.alibaba.druid.support.http.StatViewServlet;import com.alibaba.druid.support.http.WebStatFilter;import com.alibaba.druid.wall.WallConfig;import com.alibaba.druid.wall.WallFilter;import com.baomidou.mybatisplus.spring.MybatisSqlSessionFactoryBean;import java.sql.SQLException;import java.util.ArrayList;import java.util.List;import javax.sql.DataSource;import org.slf4j.Logger;import org.slf4j.LoggerFactory;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.beans.factory.annotation.Value;import org.springframework.boot.web.servlet.FilterRegistrationBean;import org.springframework.boot.web.servlet.ServletRegistrationBean;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.context.annotation.DependsOn;import org.springframework.core.io.support.PathMatchingResourcePatternResolver;/** * ClassName: DruidConfig * Function: Druid连接池初始化 * @version * @since JDK 1.8 */@Configurationpublic class DruidConfig { private Logger logger = LoggerFactory.getLogger(DruidConfig.class); @Value("${spring.datasource.url}") private String dbUrl; @Value("${spring.datasource.username}") private String username; @Value("${spring.datasource.password}") private String password; @Value("${spring.datasource.driverClassName}") private String driverClassName; @Value("${spring.datasource.initialSize}") private int initialSize; @Value("${spring.datasource.minIdle}") private int minIdle; @Value("${spring.datasource.maxActive}") private int maxActive; @Value("${spring.datasource.maxWait}") private int maxWait; @Value("${spring.datasource.timeBetweenEvictionRunsMillis}") private int timeBetweenEvictionRunsMillis; @Value("${spring.datasource.minEvictableIdleTimeMillis}") private int minEvictableIdleTimeMillis; @Value("${spring.datasource.validationQuery}") private String validationQuery; @Value("${spring.datasource.testWhileIdle}") private boolean testWhileIdle; @Value("${spring.datasource.testOnBorrow}") private boolean testOnBorrow; @Value("${spring.datasource.testOnReturn}") private boolean testOnReturn; @Value("${spring.datasource.filters}") private String filters; @Value("${mybatis-plus.mapper-locations}") private String mapperLocations; @Autowired WallFilter wallFilter; @Bean public ServletRegistrationBean druidServlet() { ServletRegistrationBean reg = new ServletRegistrationBean(); reg.setServlet(new StatViewServlet()); reg.addUrlMappings("/druid/*"); reg.addInitParameter("loginUsername", username); reg.addInitParameter("loginPassword", password); return reg; } @Bean public FilterRegistrationBean filterRegistrationBean() { FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean(); filterRegistrationBean.setFilter(new WebStatFilter()); filterRegistrationBean.addUrlPatterns("/*"); filterRegistrationBean .addInitParameter("exclusions", "*.js,*.gif,*.jpg,*.png,*.css,*.ico,/druid/*"); filterRegistrationBean.addInitParameter("profileEnable", "true"); return filterRegistrationBean; } @Bean public DataSource druidDataSource() { DruidDataSource datasource = new DruidDataSource(); datasource.setUrl(dbUrl); datasource.setUsername(username); datasource.setPassword(password); datasource.setDriverClassName(driverClassName); datasource.setInitialSize(initialSize); datasource.setMinIdle(minIdle); datasource.setMaxActive(maxActive); datasource.setMaxWait(maxWait); datasource.setTimeBetweenEvictionRunsMillis(timeBetweenEvictionRunsMillis); datasource.setMinEvictableIdleTimeMillis(minEvictableIdleTimeMillis); datasource.setValidationQuery(validationQuery); datasource.setTestWhileIdle(testWhileIdle); datasource.setTestOnBorrow(testOnBorrow); datasource.setTestOnReturn(testOnReturn); // filter List filterArrayList = new ArrayList<>(); filterArrayList.add(wallFilter); datasource.setProxyFilters(filterArrayList); try { datasource.setFilters(filters); } catch (SQLException e) { logger.error("druid configuration initialization filter", e); } return datasource; } @Bean(name = "wallFilter") @DependsOn("wallConfig") public WallFilter wallFilter(WallConfig wallConfig) { WallFilter wallFilter = new WallFilter(); wallFilter.setConfig(wallConfig); return wallFilter; } @Bean(name = "wallConfig") public WallConfig wallConfig() { WallConfig wallConfig = new WallConfig(); wallConfig.setMultiStatementAllow(true);//允许一次执行多条语句 wallConfig.setNoneBaseStatementAllow(true);//允许一次执行多条语句 wallConfig.setStrictSyntaxCheck(false);//是否进行严格的语法检测,Druid SQL Parser在某些场景不能覆盖所有的SQL语法,出现解析SQL出错,可以临时把这个选项设置为false,同时把SQL反馈给Druid的开发者。 return wallConfig; }}
posted @ 2018-11-19 16:09 阅读( ...) 评论( ...)