mybatis拦截器数据权限过滤

mybatis拦截器数据权限过滤

    • 1.项目结构
    • 2.pom.xml
    • 3.基础配置
      • spring.xml
      • mybatis-config.xml
    • 4.测试代码
      • User实体类 数据库字段随便建几个吧
      • UserMapper
      • UserMapper.xml
      • mybatis拦截器
      • 解析类
    • 5.测试类
      • 最终打印日志sql

1.项目结构

mybatis拦截器数据权限过滤_第1张图片

2.pom.xml

<groupId>org.example</groupId>
    <artifactId>spring-mybatis-source</artifactId>
    <version>1.0-SNAPSHOT</version>

    <properties>
        <maven.compiler.source>8</maven.compiler.source>
        <maven.compiler.target>8</maven.compiler.target>
    </properties>

    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.5.5</version>
    </parent>

    <dependencies>

        <dependency>
            <groupId>junit</groupId>
            <artifactId>junit</artifactId>
            <version>4.12</version>
            <scope>test</scope>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>

        <dependency>
            <groupId>org.mybatis</groupId>
            <artifactId>mybatis</artifactId>
            <version>3.5.3</version>
        </dependency>

        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
            <version>5.1.38</version>
        </dependency>

        <dependency>
            <groupId>org.slf4j</groupId>
            <artifactId>slf4j-api</artifactId>
            <version>1.7.12</version>
        </dependency>

        <dependency>
            <groupId>org.slf4j</groupId>
            <artifactId>slf4j-log4j12</artifactId>
            <version>1.7.12</version>
        </dependency>

        <dependency>
            <groupId>log4j</groupId>
            <artifactId>log4j</artifactId>
            <version>1.2.17</version>
        </dependency>

        <dependency>
            <groupId>org.apache.maven.plugins</groupId>
            <artifactId>maven-surefire-plugin</artifactId>
            <version>2.4.2</version>
        </dependency>

        <dependency>
            <groupId>cn.hutool</groupId>
            <artifactId>hutool-core</artifactId>
            <version>4.4.5</version>
        </dependency>

        <dependency>
            <groupId>cn.hutool</groupId>
            <artifactId>hutool-cache</artifactId>
            <version>4.4.5</version>
        </dependency>

        <dependency>
            <groupId>org.mybatis</groupId>
            <artifactId>mybatis-spring</artifactId>
            <version>2.0.3</version>
        </dependency>

        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-jdbc</artifactId>
            <version>5.3.9</version>
        </dependency>

        <dependency>
            <groupId>commons-dbcp</groupId>
            <artifactId>commons-dbcp</artifactId>
            <version>1.4</version>
        </dependency>

        <dependency>
            <groupId>commons-pool</groupId>
            <artifactId>commons-pool</artifactId>
            <version>1.6</version>
        </dependency>
    </dependencies>

3.基础配置

spring.xml

  <?xml version="1.0" encoding="UTF-8"?>
	<beans xmlns="http://www.springframework.org/schema/beans"
	       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
    <bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource">
        <property name="driverClassName" value="com.mysql.jdbc.Driver"/>
        <property name="url" value="jdbc:mysql://localhost:3306/mybatis"/>
        <property name="username" value="root"/>
        <property name="password" value="123456"/>
        <property name="maxActive" value="100"/>
        <property name="maxIdle" value="30"/>
        <property name="maxWait" value="500"/>
        <property name="defaultAutoCommit" value="true"/>
    </bean>

    <bean id="sqlSessionFactory" class="org.mybatis.spring.SqlSessionFactoryBean">
        <property name="configLocation" value="classpath:mybatis-config.xml"/>
        <property name="dataSource" ref="dataSource"/>
    </bean>

    <bean id="userMapper" class="org.mybatis.spring.mapper.MapperFactoryBean">
        <property name="mapperInterface" value="com.lmh.dao.UserMapper"/>
        <property name="sqlSessionFactory" ref="sqlSessionFactory"/>
    </bean>
</beans>

mybatis-config.xml

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE configuration
        PUBLIC "-//mybatis.org//DTD Config 3.0//EN"
        "http://mybatis.org/dtd/mybatis-3-config.dtd">
<configuration>
    <typeAliases>
        <typeAlias alias="User" type="com.lmh.entity.User"/>
    </typeAliases>
    
    <plugins>
        <plugin interceptor="com.lmh.interceptor.PrivilegeExecutorInterceptor"/>
    </plugins>

    <mappers>
        <mapper resource="dao/UserMapper.xml"/>
    </mappers>
</configuration>

4.测试代码

User实体类 数据库字段随便建几个吧

package com.lmh.entity;

private Long id;

    private String username;

    private String password;

    private String email;

    private String headImage;

    private String countryName;

	// ...get set 

UserMapper

import com.lmh.entity.User;

public interface UserMapper {

   User findUserById(@Param("password") String password);
}

UserMapper.xml

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper
        PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
        "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.lmh.dao.UserMapper">

    <select id="findUserById" resultType="User">
        select
            id id,
            user_name username,
            user_password password,
            user_email email,
            head_image headImage,
            country_name countryName
        from sys_user where user_password = #{password}
        <![CDATA[
            <addAuth joiner = 'and' columnName = 'country_name' symbol = 'in' privilegeDimension='country'/>
        ]]>
    </select>
</mapper>

mybatis拦截器

@Intercepts(
        @Signature(
                type = Executor.class,
                method = "query",
                args = {MappedStatement.class, Object.class, RowBounds.class, ResultHandler.class}
        )
)
public class PrivilegeExecutorInterceptor implements Interceptor {
    @Override
    public Object intercept(Invocation invocation) throws Throwable {
        //获取executor对象
        Executor executor = (Executor)invocation.getTarget();
        //获取到mappedStatement
        MappedStatement ms = (MappedStatement)invocation.getArgs()[0];
        //查询参数
        Object parameterObject = invocation.getArgs()[1];
        //获取boundSql
        BoundSql boundSql = ms.getBoundSql(parameterObject);
        String sql = boundSql.getSql();
        if (sql.contains(")) {
            sql = AddAuthParser.parse(sql);
        }
        BoundSql newBoundSql = new BoundSql(ms.getConfiguration(), sql, boundSql.getParameterMappings(), parameterObject);
        //这里没有使用缓存
        return executor.query(ms, parameterObject,  RowBounds.DEFAULT, Executor.NO_RESULT_HANDLER, null, newBoundSql);
    }

    /**
     * 注册拦截器
     */
    @Override
    public Object plugin(Object target) {
        return Plugin.wrap(target, this);
    }

    @Override
    public void setProperties(Properties properties) {

    }
}
public class CountryPrivilegeInfo {

    /**
     * and、or
     */
    private String joiner = "and";

    /**
     * in、not in、 = 、<>等等
     * 这里案例只用 in
     */
    private String symbol = "in";

    /**
     * 数据库列名
     */
    private String columnName;

    /**
     * 权限维度。案例用的是country维度
     */
    private String privilegeDimension;

    /**
     * 用户上下文的值。实际工作中从登陆上下文中获取
     */
    private List<String> rolePrivileges = getCountryFromContext();

    public CountryPrivilegeInfo(String joiner, String symbol, String columnName, String privilegeDimension) {
        this.joiner = joiner;
        this.symbol = symbol;
        this.columnName = columnName;
        this.privilegeDimension = privilegeDimension;
    }

    /**
     * 获取用户所管理的国家信息
     */
    private List<String> getCountryFromContext() {
        List<String> list = new ArrayList<>();
        list.add("cn");
        list.add("us");
        return list;
    }
}

//省略 get set

解析类

public class AddAuthParser {

    /**
     * 暂时不考虑有多个标签的情况
     */
    public static String parse(String sql) {
        StringBuilder finalSql = new StringBuilder();
        String[] preSplit = sql.split(");
        String preSql = preSplit[1];
        String addAuthSql = preSql.substring(0, preSql.indexOf("/>"));
        String suffixSql = preSql.substring(preSql.indexOf("/>") + "/>".length());
        return finalSql.append(preSplit[0]).
                append(doParseAddAuthSql(addAuthSql)).
                append(suffixSql).toString();
    }

    /**
     * 解析标签里面的内容
     */
    private static String doParseAddAuthSql(String sql) {
        //数据权限维度。实例工作中为地区、数据角色等维度
        String privilegeDimension = getValueByProperty("privilegeDimension", sql);
        String columnName = getValueByProperty("columnName", sql);
        String symbol = getValueByProperty("symbol", sql);
        String joiner = getValueByProperty("joiner", sql);
        CountryPrivilegeInfo countryPrivilegeInfo = new CountryPrivilegeInfo(joiner, symbol, columnName, privilegeDimension);
        StringBuilder privilegeStr = new StringBuilder(" ( ");
        List<String> rolePrivileges = countryPrivilegeInfo.getRolePrivileges();
        for (int i = 0; i < rolePrivileges.size(); i++) {
            privilegeStr.append("'").append(rolePrivileges.get(i)).append("'");
            if (i < rolePrivileges.size() - 1) {
                privilegeStr.append(", ");
            }
        }
        privilegeStr.append(" ) ");
        return " " + joiner + " "+ columnName + " "+ symbol + " " +privilegeStr;
    }

    private static String getValueByProperty(String property, String sql) {
        sql = sql.replace(" ", "");
        String open = property + "='";
        String close = "'";
        String[] split = sql.split(open);
        String value = split[1].substring(0, split[1].indexOf(close));
        return value.trim();
    }
}

5.测试类

public static void main(String[] args) {

        ClassPathXmlApplicationContext context = new ClassPathXmlApplicationContext("spring.xml");
        
  
        UserMapper userMapper = (UserMapper)context.getBean("userMapper");
        User userById = userMapper.findUserById("123456");
        System.out.println("userById = " + userById);

        
    }

最终打印日志sql

UserMapper.findUserById - ==>  Preparing: select id id, user_name username, user_password password, user_email email, head_image headImage, country_name countryName from sys_user where user_password = ? and country_name in ( 'cn', 'us' ) 

UserMapper.findUserById - ==> Parameters: 123456(String)

这样就实现了加上一个标签,就对登陆用户的数据权限进行了过滤

<![CDATA[
   <addAuth joiner = 'and' columnName = 'country_name' symbol = 'in' privilegeDimension='country'/>
]]>

你可能感兴趣的:(java,spring)