话不多说上干货
最近用到一个应用场景,(对执行的sql的方法追加注解,如过存在注解则进行sql追加处理)根据不同的用户权限,需要实现查询不同的数据,采用mybatis的Interceptor拦截器来实现。
首先引入需要的依赖
<!-- https://mvnrepository.com/artifact/com.baomidou/mybatis-plus-boot-starter -->
<dependency>
<groupId>com.baomidou</groupId>
<artifactId>mybatis-plus-boot-starter</artifactId>
<version>3.4.3.4</version>
</dependency>
然后开始定义自定义注解(目的是为了通过注解来标识执行sql是否需要追加条件)
import java.lang.annotation.*;
@Inherited
@Target({ElementType.TYPE, ElementType.METHOD, ElementType.PARAMETER, ElementType.LOCAL_VARIABLE})
@Retention(RetentionPolicy.RUNTIME)
public @interface DataScope {
boolean flag() default true;
}
然后定义一个切面
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.apache.ibatis.executor.statement.StatementHandler;
import org.apache.ibatis.mapping.BoundSql;
import org.apache.ibatis.mapping.MappedStatement;
import org.apache.ibatis.plugin.*;
import org.apache.ibatis.reflection.DefaultReflectorFactory;
import org.apache.ibatis.reflection.MetaObject;
import org.apache.ibatis.reflection.SystemMetaObject;
import org.springframework.stereotype.Component;
import java.sql.Connection;
import java.util.List;
import java.util.Properties;
import java.util.stream.Collectors;
//拦截服务中的每一个执行sql
@Slf4j
@Component
@Intercepts({ @Signature(type = StatementHandler.class, method = "prepare", args = { Connection.class,Integer.class })})
public class DataScopeAspect implements Interceptor {
//通过拦截器获取当前执行sql的方法内容
StatementHandler statementHandler = (StatementHandler) invocation.getTarget();
MetaObject metaStatementHandler =
MetaObject.forObject(statementHandler, SystemMetaObject.DEFAULT_OBJECT_FACTORY,
SystemMetaObject.DEFAULT_OBJECT_WRAPPER_FACTORY, new DefaultReflectorFactory());
//获取当前方法中执行的sql语句
BoundSql boundSql = (BoundSql) metaStatementHandler.getValue("delegate.boundSql");
//获取当前方法
MappedStatement mappedStatement = (MappedStatement) statementHandler.getValue("delegate.mappedStatement");
String sqlId = mappedStatement.getId();
String className = sqlId.substring(0, sqlId.lastIndexOf("."));
Class<?> classObj = Class.forName(className);
//获取类上方法
DataScope controllerDataScope = classObj.getAnnotation(DataScope.class);
//获取方法上是否存在注解
Method[] methods = classObj.getDeclaredMethods();
String methodName = sqlId.replace(className+".", "");
Method methodAnnotate = null;
for(Method method : methods) {
if(method.getName().equals(methodName)) {
methodAnnotate = method;
break;
}
}
DataScope methodDataScope = methodAnnotate != null? methodAnnotate.getAnnotation(DataScope.class):null;
//判断是否存在注解
if(null == controllerDataScope && null == methodDataScope){
//不需要进行追加
return invocation.proceed();
}
// 暂时只拦截查询的sql
if (boundSql.getSql().startsWith("select") || boundSql.getSql().startsWith("SELECT")) {
//对当前的执行sql进行条件追加
dataScopeFilter(boundSql, metaStatementHandler);
} else {
return invocation.proceed();
}
}
// 传递给下一个拦截器处理
return invocation.proceed();
}
@Override
public Object plugin(Object target) {
// 当目标类是StatementHandler类型时,才包装目标类,否者直接返回目标本身,减少目标被代理的次数
if (target instanceof StatementHandler) {
return Plugin.wrap(target, this);
} else {
return target;
}
}
@Override
public void setProperties(Properties properties) {
}
//sql追加的核心代码
public void dataScopeFilter(BoundSql boundSql, MetaObject metaStatementHandler){
//根据当前用户权限配置追加sql条件
String newSql = boundSql.getSql();
newSql = + newSql + "追加你需要添加的sql条件"
metaStatementHandler.setValue("delegate.boundSql.sql", newSql);
}
}
拦截器编写好后,将刚才定义的注解,放到你需要执行的mapper的方法或者mapper类型,执行服务,打印你的执行sql日志,就可以看到你的追加的条件已经set进去了。
//需要的接口上追加刚才定义的注解,方法上也可以
@DataScope()
public interface SysUserMapper extends BaseMapper<SysUser> {
}
yml文件配置
yml文件配置
mybatis.configuration.log-impl=org.apache.ibatis.logging.stdout.StdOutImpl
或
logging.level.com.xxx.xxx.dao=DEBUG
大功告成。