使用mybatis拦截器对like后面的参数进行转义

在sql中,like后面参数里面会有’’,’%‘等通配符,项目中的很多搜索功能就无法根据’‘或者’%'来搜索,可以在搜索接口手动进行sql参数的转义.下面的是另外一种方式,通过mybatis拦截器来修改like后面的参数.

import org.apache.ibatis.executor.Executor;
import org.apache.ibatis.mapping.BoundSql;
import org.apache.ibatis.mapping.MappedStatement;
import org.apache.ibatis.plugin.*;
import org.apache.ibatis.reflection.DefaultReflectorFactory;
import org.apache.ibatis.reflection.MetaObject;
import org.apache.ibatis.reflection.ReflectorFactory;
import org.apache.ibatis.reflection.factory.DefaultObjectFactory;
import org.apache.ibatis.reflection.factory.ObjectFactory;
import org.apache.ibatis.reflection.wrapper.DefaultObjectWrapperFactory;
import org.apache.ibatis.reflection.wrapper.ObjectWrapperFactory;
import org.apache.ibatis.scripting.xmltags.DynamicContext;
import org.apache.ibatis.scripting.xmltags.SqlNode;
import org.apache.ibatis.session.Configuration;
import org.apache.ibatis.session.ResultHandler;
import org.apache.ibatis.session.RowBounds;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;

import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

@Intercepts(
        value = {
     
                @Signature(
                        type = Executor.class,
                        method = "query",
                        args = {
     MappedStatement.class, Object.class, RowBounds.class, ResultHandler.class}
                )
        }
)
@Component
public class QueryExecutorInterceptor implements Interceptor {
     

    private static final ObjectFactory DEFAULT_OBJECT_FACTORY = new DefaultObjectFactory();
    private static final ObjectWrapperFactory DEFAULT_OBJECT_WRAPPER_FACTORY = new DefaultObjectWrapperFactory();
    private static final ReflectorFactory DEFAULT_OBJECT_REFLECTOR_FACTORY = new DefaultReflectorFactory();
    private static final String ROOT_SQL_NODE = "sqlSource.rootSqlNode";
    private static final String KEYWORD_LIKE = "like";
    private static final String ESCAPE_SYMBOL = "\\";
    private static final String REGEX_LIKE = "\\bLIKE\\b.*#\\{\\b.*}";

	// 可从配置文件中获取,没有的话取默认值
    @Value("#{'${mybatis.escape.symbols:\\,_,%}'.split(',')}")
    private String[] symbols;


    @Value("${mybatis.escape.enabled:true}")
    private boolean enableEscape;


    @Override
    public Object intercept(Invocation invocation) throws Throwable {
     
        if (!enableEscape) {
     
            return invocation.proceed();
        }
        Object parameter = invocation.getArgs()[1];
        MappedStatement statement = (MappedStatement) invocation.getArgs()[0];
        MetaObject metaMappedStatement = MetaObject.forObject(statement, DEFAULT_OBJECT_FACTORY, DEFAULT_OBJECT_WRAPPER_FACTORY, DEFAULT_OBJECT_REFLECTOR_FACTORY);
        BoundSql boundSql = statement.getBoundSql(parameter);
        if (metaMappedStatement.hasGetter(ROOT_SQL_NODE)) {
     
            //修改参数值
            SqlNode sqlNode = (SqlNode) metaMappedStatement.getValue(ROOT_SQL_NODE);
            modifyBoundSql(statement.getConfiguration(), boundSql.getParameterObject(), sqlNode);
        }
        return invocation.proceed();
    }


    private void modifyBoundSql(Configuration configuration, Object parameterObject, SqlNode sqlNode) {
     
        DynamicContext context = new DynamicContext(configuration, parameterObject);
        sqlNode.apply(context);
        String contextSql = context.getSql();
        modifyLikeSql(contextSql, parameterObject);
    }

    private void modifyLikeSql(String sql, Object parameterObject) {
     
        if (!(parameterObject instanceof Map)) {
     
            return;
        }
        if (!sql.toLowerCase().contains(KEYWORD_LIKE)) {
     
            return;
        }
        Pattern pattern = Pattern.compile(REGEX_LIKE, Pattern.CASE_INSENSITIVE);
        Matcher matcher = pattern.matcher(sql);
        List<String> replaceFiled = new ArrayList<>();

        while (matcher.find()) {
     
            for (int i = 0; i <= matcher.groupCount(); i++) {
     
                String output = matcher.group(i);
                if (null == output) {
     
                    continue;
                }
                String key = getParameterKey(output);
                if (replaceFiled.indexOf(key) < 0) {
     
                    replaceFiled.add(key);
                }
            }
        }
        //修改参数
        Map<String, Object> paramMab = (Map) parameterObject;
        for (String key : replaceFiled) {
     
            Object val = paramMab.get(key);
            if (val instanceof String) {
     
                String parameter = val.toString();
                for (String symbol : symbols) {
     
                    parameter = parameter.replace(symbol, ESCAPE_SYMBOL + symbol);
                }

                paramMab.replace(key, parameter);
            }
        }
    }

    private String getParameterKey(String input) {
     
        String key = "";
        String[] temp = input.split("#");
        if (temp.length > 1) {
     
            key = temp[1];
            key = key.replace("{", "").replace("}", "").split(",")[0];
        }
        return key.trim();
    }
}