wallFilter对sql有着严格的校验,会对有风险的sql过滤,抛出异常信息;
org.springframework.jdbc.UncategorizedSQLException:
### Error querying database. Cause: java.sql.SQLException: sql injection violation, syntax error: syntax error, expect RPAREN, actual IDENTIFIER ) : select nvl(sum(decode(fpztbz, '0',1, 0)),0) zcpfs, nvl(sum(decode(fpztbz, '1', 1, 0)),0) tpfs,
nvl(sum(decode(fpztbz, '0', 0, '1', 0, 1)),0) fpfs,
nvl(sum(decode(fpztbz,'0', je ,0)),0) zcpje, nvl(sum(decode(fpztbz,'0', se ,0)),0) zcpse,
nvl(sum(decode(fpztbz,'1', je,0)),0) tpje , nvl(sum(decode(fpztbz,'1', se,0)),0) tpse,
nvl(sum(decode(fpztbz,'0', bzsje,0)),0) bzsje, nvl(sum(decode(fpztbz,'1', bzsje, 0)),0) hpbzsje,
nvl(sum(decode(tspz,'02',decode(fpztbz, '0', je, 0), 0)),0) sgfpje,
nvl(sum(decode(tspz,'02',decode(fpztbz, '1', je, 0), 0)),0) hpsgje
from
cb_fp_zzspp_jb
...
解决办法,关闭语法检测-----StrictSyntaxCheck(false)
wallConfig.setStrictSyntaxCheck(false);//是否进行严格的语法检测,Druid SQL Parser在某些场景不能覆盖所有的SQL语法,出现解析SQL出错,可以临时把这个选项设置为false,同时把SQL反馈给Druid的开发者。
配置示例:
import com.alibaba.druid.filter.Filter;
import com.alibaba.druid.pool.DruidDataSource;
import com.alibaba.druid.support.http.StatViewServlet;
import com.alibaba.druid.support.http.WebStatFilter;
import com.alibaba.druid.wall.WallConfig;
import com.alibaba.druid.wall.WallFilter;
import com.baomidou.mybatisplus.spring.MybatisSqlSessionFactoryBean;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.List;
import javax.sql.DataSource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.boot.web.servlet.ServletRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.DependsOn;
import org.springframework.core.io.support.PathMatchingResourcePatternResolver;
/**
* ClassName: DruidConfig <br>
* Function: Druid连接池初始化 <br>
* @version
* @since JDK 1.8
*/
@Configuration
public class DruidConfig {
private Logger logger = LoggerFactory.getLogger(DruidConfig.class);
@Value("${spring.datasource.url}")
private String dbUrl;
@Value("${spring.datasource.username}")
private String username;
@Value("${spring.datasource.password}")
private String password;
@Value("${spring.datasource.driverClassName}")
private String driverClassName;
@Value("${spring.datasource.initialSize}")
private int initialSize;
@Value("${spring.datasource.minIdle}")
private int minIdle;
@Value("${spring.datasource.maxActive}")
private int maxActive;
@Value("${spring.datasource.maxWait}")
private int maxWait;
@Value("${spring.datasource.timeBetweenEvictionRunsMillis}")
private int timeBetweenEvictionRunsMillis;
@Value("${spring.datasource.minEvictableIdleTimeMillis}")
private int minEvictableIdleTimeMillis;
@Value("${spring.datasource.validationQuery}")
private String validationQuery;
@Value("${spring.datasource.testWhileIdle}")
private boolean testWhileIdle;
@Value("${spring.datasource.testOnBorrow}")
private boolean testOnBorrow;
@Value("${spring.datasource.testOnReturn}")
private boolean testOnReturn;
@Value("${spring.datasource.filters}")
private String filters;
@Value("${mybatis-plus.mapper-locations}")
private String mapperLocations;
@Autowired
WallFilter wallFilter;
@Bean
public ServletRegistrationBean druidServlet() {
ServletRegistrationBean reg = new ServletRegistrationBean();
reg.setServlet(new StatViewServlet());
reg.addUrlMappings("/druid/*");
reg.addInitParameter("loginUsername", username);
reg.addInitParameter("loginPassword", password);
return reg;
}
@Bean
public FilterRegistrationBean filterRegistrationBean() {
FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
filterRegistrationBean.setFilter(new WebStatFilter());
filterRegistrationBean.addUrlPatterns("/*");
filterRegistrationBean
.addInitParameter("exclusions", "*.js,*.gif,*.jpg,*.png,*.css,*.ico,/druid/*");
filterRegistrationBean.addInitParameter("profileEnable", "true");
return filterRegistrationBean;
}
@Bean
public DataSource druidDataSource() {
DruidDataSource datasource = new DruidDataSource();
datasource.setUrl(dbUrl);
datasource.setUsername(username);
datasource.setPassword(password);
datasource.setDriverClassName(driverClassName);
datasource.setInitialSize(initialSize);
datasource.setMinIdle(minIdle);
datasource.setMaxActive(maxActive);
datasource.setMaxWait(maxWait);
datasource.setTimeBetweenEvictionRunsMillis(timeBetweenEvictionRunsMillis);
datasource.setMinEvictableIdleTimeMillis(minEvictableIdleTimeMillis);
datasource.setValidationQuery(validationQuery);
datasource.setTestWhileIdle(testWhileIdle);
datasource.setTestOnBorrow(testOnBorrow);
datasource.setTestOnReturn(testOnReturn);
// filter
List<Filter> filterArrayList = new ArrayList<>();
filterArrayList.add(wallFilter);
datasource.setProxyFilters(filterArrayList);
try {
datasource.setFilters(filters);
} catch (SQLException e) {
logger.error("druid configuration initialization filter", e);
}
return datasource;
}
@Bean(name = "wallFilter")
@DependsOn("wallConfig")
public WallFilter wallFilter(WallConfig wallConfig) {
WallFilter wallFilter = new WallFilter();
wallFilter.setConfig(wallConfig);
return wallFilter;
}
@Bean(name = "wallConfig")
public WallConfig wallConfig() {
WallConfig wallConfig = new WallConfig();
wallConfig.setMultiStatementAllow(true);//允许一次执行多条语句
wallConfig.setNoneBaseStatementAllow(true);//允许一次执行多条语句
wallConfig.setStrictSyntaxCheck(false);//是否进行严格的语法检测,Druid SQL Parser在某些场景不能覆盖所有的SQL语法,出现解析SQL出错,可以临时把这个选项设置为false,同时把SQL反馈给Druid的开发者。
return wallConfig;
}
}
