druid配置spring.datasource.filters导致mybatis批量更新报错sql injection violation, multi-statement not allow

最新推荐文章于 2025-03-21 15:27:41 发布
最新推荐文章于 2025-03-21 15:27:41 发布
阅读量6.3k 收藏 2
点赞数 2
分类专栏: druid mybaits springBoot
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.youkuaiyun.com/cmw1085215666/article/details/101380207
版权

这个错是druid配置开启了数据监控导致的。
修改前:
在这里插入图片描述
修改filters:
在这里插入图片描述

import com.alibaba.druid.pool.DruidDataSource;
import com.alibaba.druid.support.http.StatViewServlet;
import com.alibaba.druid.support.http.WebStatFilter;
import com.alibaba.druid.wall.WallConfig;
import com.alibaba.druid.wall.WallFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.boot.web.servlet.ServletRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.DependsOn;
import org.springframework.context.annotation.Primary;

import javax.sql.DataSource;
import java.sql.SQLException;
 
@Configuration
public class DruidConfig {
 
    private static final Logger logger = LoggerFactory.getLogger(DruidConfig.class);
 
    private static final String DB_PREFIX = "spring.datasource";
 
    @Bean
    public ServletRegistrationBean druidServlet() {
        logger.info("init Druid Servlet Configuration ");
        ServletRegistrationBean servletRegistrationBean = new ServletRegistrationBean(new StatViewServlet(), "/druid/*");
        // IP白名单
        servletRegistrationBean.addInitParameter("allow", "*");
        // IP黑名单(共同存在时,deny优先于allow)
        servletRegistrationBean.addInitParameter("deny", "192.168.1.100");
        //控制台管理用户
        servletRegistrationBean.addInitParameter("loginUsername", "admin");
        servletRegistrationBean.addInitParameter("loginPassword", "admin123*");
        //是否能够重置数据 禁用HTML页面上的“Reset All”功能
        servletRegistrationBean.addInitParameter("resetEnable", "false");
        return servletRegistrationBean;
    }
 
    @Bean
    public FilterRegistrationBean filterRegistrationBean() {
        FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean(new WebStatFilter());
        filterRegistrationBean.addUrlPatterns("/*");
        filterRegistrationBean.addInitParameter("exclusions", "*.js,*.gif,*.jpg,*.png,*.css,*.ico,/druid/*");
        return filterRegistrationBean;
    }
    //  --------------------------- 配置相关的监控过滤器----  
    @Autowired
    WallFilter wallFilter;
    
    @Bean(name = "wallConfig")
    WallConfig wallFilterConfig() {
        WallConfig wc = new WallConfig();
        wc.setMultiStatementAllow(true);
        return wc;
    }
    
    @Bean(name = "wallFilter")
    @DependsOn("wallConfig")
    WallFilter wallFilter(WallConfig wallConfig) {
        WallFilter wfilter = new WallFilter();
        wfilter.setConfig(wallConfig);
        return wfilter;
    }
 //  --------------------------- 配置相关的监控过滤器----结束-------------------
    //解决 spring.datasource.filters=stat,wall,log4j 无法正常注册进去
    @ConfigurationProperties(prefix = DB_PREFIX)
    class IDataSourceProperties {
        private String url;
        private String username;
        private String password;
        private String driverClassName;
        private int initialSize;
        private int minIdle;
        private int maxActive;
        private int maxWait;
        private int timeBetweenEvictionRunsMillis;
        private int minEvictableIdleTimeMillis;
        private String validationQuery;
        private boolean testWhileIdle;
        private boolean testOnBorrow;
        private boolean testOnReturn;
        private boolean poolPreparedStatements;
        private int maxPoolPreparedStatementPerConnectionSize;
        private String filters;
        private String connectionProperties;
 
        @Bean     //声明其为Bean实例
        @Primary  //在同样的DataSource中,首先使用被标注的DataSource
        public DataSource dataSource() {
            DruidDataSource datasource = new DruidDataSource();
            datasource.setUrl(url);
            datasource.setUsername(username);
            datasource.setPassword(password);
            datasource.setDriverClassName(driverClassName);
 
            //configuration
            datasource.setInitialSize(initialSize);
            datasource.setMinIdle(minIdle);
            datasource.setMaxActive(maxActive);
            datasource.setMaxWait(maxWait);
            datasource.setTimeBetweenEvictionRunsMillis(timeBetweenEvictionRunsMillis);
            datasource.setMinEvictableIdleTimeMillis(minEvictableIdleTimeMillis);
            datasource.setValidationQuery(validationQuery);
            datasource.setTestWhileIdle(testWhileIdle);
            datasource.setTestOnBorrow(testOnBorrow);
            datasource.setTestOnReturn(testOnReturn);
            datasource.setPoolPreparedStatements(poolPreparedStatements);
            datasource.setMaxPoolPreparedStatementPerConnectionSize(maxPoolPreparedStatementPerConnectionSize);
            try {
            	//这里添加代理过滤器
            	List<Filter> proxyFilters = new ArrayList<>();
                proxyFilters.add(wallFilter);
                datasource.setProxyFilters(proxyFilters);
                datasource.setFilters(filters);
            } catch (SQLException e) {
                System.err.println("druid configuration initialization filter: " + e);
            }
            datasource.setConnectionProperties(connectionProperties);
            return datasource;
        }
 
        public String getUrl() {
            return url;
        }
 
        public void setUrl(String url) {
            this.url = url;
        }
 
        public String getUsername() {
            return username;
        }
 
        public void setUsername(String username) {
            this.username = username;
        }
 
        public String getPassword() {
            return password;
        }
 
        public void setPassword(String password) {
            this.password = password;
        }
 
        public String getDriverClassName() {
            return driverClassName;
        }
 
        public void setDriverClassName(String driverClassName) {
            this.driverClassName = driverClassName;
        }
 
        public int getInitialSize() {
            return initialSize;
        }
 
        public void setInitialSize(int initialSize) {
            this.initialSize = initialSize;
        }
 
        public int getMinIdle() {
            return minIdle;
        }
 
        public void setMinIdle(int minIdle) {
            this.minIdle = minIdle;
        }
 
        public int getMaxActive() {
            return maxActive;
        }
 
        public void setMaxActive(int maxActive) {
            this.maxActive = maxActive;
        }
 
        public int getMaxWait() {
            return maxWait;
        }
 
        public void setMaxWait(int maxWait) {
            this.maxWait = maxWait;
        }
 
        public int getTimeBetweenEvictionRunsMillis() {
            return timeBetweenEvictionRunsMillis;
        }
 
        public void setTimeBetweenEvictionRunsMillis(int timeBetweenEvictionRunsMillis) {
            this.timeBetweenEvictionRunsMillis = timeBetweenEvictionRunsMillis;
        }
 
        public int getMinEvictableIdleTimeMillis() {
            return minEvictableIdleTimeMillis;
        }
 
        public void setMinEvictableIdleTimeMillis(int minEvictableIdleTimeMillis) {
            this.minEvictableIdleTimeMillis = minEvictableIdleTimeMillis;
        }
 
        public String getValidationQuery() {
            return validationQuery;
        }
 
        public void setValidationQuery(String validationQuery) {
            this.validationQuery = validationQuery;
        }
 
        public boolean isTestWhileIdle() {
            return testWhileIdle;
        }
 
        public void setTestWhileIdle(boolean testWhileIdle) {
            this.testWhileIdle = testWhileIdle;
        }
 
        public boolean isTestOnBorrow() {
            return testOnBorrow;
        }
 
        public void setTestOnBorrow(boolean testOnBorrow) {
            this.testOnBorrow = testOnBorrow;
        }
 
        public boolean isTestOnReturn() {
            return testOnReturn;
        }
 
        public void setTestOnReturn(boolean testOnReturn) {
            this.testOnReturn = testOnReturn;
        }
 
        public boolean isPoolPreparedStatements() {
            return poolPreparedStatements;
        }
 
        public void setPoolPreparedStatements(boolean poolPreparedStatements) {
            this.poolPreparedStatements = poolPreparedStatements;
        }
 
        public int getMaxPoolPreparedStatementPerConnectionSize() {
            return maxPoolPreparedStatementPerConnectionSize;
        }
 
        public void setMaxPoolPreparedStatementPerConnectionSize(int maxPoolPreparedStatementPerConnectionSize) {
            this.maxPoolPreparedStatementPerConnectionSize = maxPoolPreparedStatementPerConnectionSize;
        }
 
        public String getFilters() {
            return filters;
        }
 
        public void setFilters(String filters) {
            this.filters = filters;
        }
 
        public String getConnectionProperties() {
            return connectionProperties;
        }
 
        public void setConnectionProperties(String connectionProperties) {
            this.connectionProperties = connectionProperties;
        }
    }
 
}
解决Cause: java.sql.SQLException: sql injection violation, dbType mysql ... token IDENTIFIER deleted错误
念兮为美
03-21 1万+
Cause: java.sql.SQLException: sql injection violation, dbType mysql, , druid-version 1.2.11, syntax error: not supported.pos 86, line 1, column 79, token IDENTIFIER deleted : xxx详细的解决方法以及建表的命名规范。
SpringBoot中利用nacos对数据源进行动态刷新
weixin_48777366的博客
10-12 2619
一、重写DruidAbstractDataSource类 这里为什么要重写这个类:因为DruidDataSource数据源在初始化后,就不允许再重新设置数据库的url和userName 注意:类所在的包名必须为 com.alibaba.druid.pool public void setUrl(String jdbcUrl) { if (StringUtils.equals(this.jdbcUrl, jdbcUrl)) { return; } // 重写的时候,需要将这个判断注释掉,.
Springboot使用Druid数据源发生报错Property: spring.datasource.filters
建设美丽祖国
12-07 6893
前言: Springboot(版本2.1.1)使用Druid(版本1.18)数据源时filters: stat,wall,log4j,发生异常错误。 错误如下: 错误原因: 异常错误中显示log4j的原因,尝试在filters属性去掉log4j,发现不报错了, 原因是新版本的Druid配置改变了 解决方法: filters如下配置即可: filters: commons-log.co...
spring.datasource.filters = stat,wall配置解释
最新发布
还在活水泥的未来包工头
03-21 919
是在 Spring 框架里配置数据源相关过滤器的一项配置,通常用于阿里的 Druid 数据库连接池。下面分别解释stat和wall。
Spring Boot 使用Druid出现Property: spring.datasource.filters 的错误
热门推荐
08-12 2万+
使用的是1.1.10版本,使用时出现Property: spring.datasource.filters错误去掉log4j后还可以使用,发现时新版本的Druid配置改变了 Property: spring.datasource.filters Value: stat,wall,log4j Origin: class path resource [application.yml]...
mybatis 批量更新sql injection violation, multi-statement not allow 报错解决方法
sinat_23893027的博客
09-19 4631
新增一个配置文件 MybatisConfig import com.alibaba.druid.pool.DruidDataSource; import com.alibaba.druid.wall.WallConfig; import com.alibaba.druid.wall.WallFilter; import org.slf4j.Logger; import org.slf4...
mybatis 批量更新sql injection violation, multi-statement not allow 报错解决方法
骑大马挎大刀
01-19 1409
一: JDBC配置中添加 &allowMultiQueries=true 二: Druid的防火墙配置(Wall)中变量multiStatementAllow默认为false,导致被拦截解决: @Configuration public class DruidConfig { /** * 配置允许批量SQL */ @Bean public WallFilter wallFilter() { WallFilter wallFilter .
sql injection violation, multi-statement not allow解决方案
sinat_28071119的博客
04-01 2832
原理就不在此赘述了,网上已有众多讲解,此处只发解决方案 为了更直观的表现 直接贴全文代码,若有不理解不能解决的,邮件1633827032@qq.com 项目架构是springboot+mybatis+mysql DruidConfig的配置: package com.vehicle.config; import com.alibaba.druid.pool.DruidDataSourc...
MybatisPlus 批量更新 异常 java.sql.SQLException: sql injection violation, multi-statement
weixin_43864927的博客
05-15 2386
前言: 使用MybatisPlus批量更新数据库时抛异常:java.sql.SQLException: sql injection violation, multi-statement 找到报错sql: <select id="batchUpdateCategory"> <foreach collection="list" item="bean" index="index" open="" close="" separator=";"> .
2500-使用MyBatis操作MySQL进行批量更新的踩坑点‘multi-statement not allow
zzxx1994617的博客
12-14 2727
原则上一条SQL更新一条数据库操作,但有时需要批量操作数据,特别是一些DML语句,在操作数据库时,数据库会报出异常,不允许混合语句,此时需要额外配置进行兼容。 例如: Caused by: com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server versio.
MyBatis使用Druid数据源批量更新失败
12-14
错误信息中指出"sql injection violation, syntax error",表明Druid的Wall过滤器检测到了可能的SQL注入尝试,并因为语法错误导致更新失败。 批量更新失败的另一个原因可能是SQL语句的构造问题。在提供的部分代码中...
批量更新 sql injection violation, multi-statement not allow
不吃鱼的cat
06-30 450
今天做了个批量更新 执行报错 后来网上查 在数据源后面加上批量更新的操作 allowMultiQueries=true 主要是在数据源里面加上一些配置 public DataSource masterDataSource() { DruidDataSource dataSource = new DruidDataSource(); dataSource.setDriverClassName(driverClass); dataSourc..
sql injection violation, multi-statement not allow
a785975139的博客
11-21 1062
druid数据源开启防火墙后默认不允许批量更新,从中WallConfig这个类来看,是由druid.wall.multiStatementAllow这个属性来控制的 那这个Properties又是从哪传过来的呢?因经一番跟踪,找到了WallFilter这个类,它依赖WallConfig,而且在它实例化时调用了WallConfig的configFromProperties方法,关键是......
MyBatisDruid数据库连接池集成监控统计后WallFilterSQL注入异常问题处理方案
纸上得来终觉浅,绝知此事要躬行
04-18 1万+
数据库连接池使用的是阿里巴巴的Druid(德鲁伊)。项目中启用了Druid的统计管理,在执行批量修改时提示;Caused by: java.sql.SQLException: sql injection violation, multi-statement not allow 。可以通过对WallConfig设置multiStatementAllow=true解决此问题,重新设置WallFilter实现。官方配置参考:https://github.com/alibaba/druid/wiki/%E9%85%
解决通过dataSource.filter(filters)过滤后分页信息以及聚合列不刷新问题
风轻云断的博客
11-30 4177
查看了Kendo源码解决这个问题,欢迎大家留言更好的解决办法 var Grid = $("div[data-role=grid]");//获取grid对象 var Table = Grid.data("kendoGrid");//当前数据 var Data = Table.dataSource.data(); var fiData = new kendo.data.Query(Data).fil
现在你是一名Java程序员,在springboot项目中如何使用编程式控制事务
05-29
Spring Boot项目中,可以使用编程式控制事务的方式来保证数据库操作的一致性和完整性。具体实现方式如下: 1.Spring Boot项目中引入Spring事务的依赖: ```xml <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-jdbc</artifactId> </dependency> ``` 2.配置文件中配置数据源和事务管理器: ```properties spring.datasource.url=jdbc:mysql://localhost:3306/test?useUnicode=true&characterEncoding=utf-8&useSSL=false spring.datasource.username=root spring.datasource.password=root spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver # 配置事务管理器 spring.datasource.type=com.alibaba.druid.pool.DruidDataSource spring.datasource.druid.initial-size=5 spring.datasource.druid.min-idle=5 spring.datasource.druid.max-active=20 spring.datasource.druid.max-wait=60000 spring.datasource.druid.time-between-eviction-runs-millis=60000 spring.datasource.druid.min-evictable-idle-time-millis=300000 spring.datasource.druid.validation-query=SELECT 1 FROM DUAL spring.datasource.druid.test-while-idle=true spring.datasource.druid.test-on-borrow=false spring.datasource.druid.test-on-return=false # 配置事务管理器 spring.datasource.druid.filters=stat,wall spring.datasource.druid.use-global-data-source-stat=true # 配置事务管理器 spring.datasource.druid.filter.stat.log-slow-sql=true spring.datasource.druid.filter.stat.slow-sql-millis=2000 # 配置事务管理器 spring.datasource.druid.filter.wall.log-violation=true spring.datasource.druid.filter.wall.throw-error=false spring.datasource.druid.filter.wall.update-allow=true spring.datasource.druid.filter.wall.delete-allow=true spring.datasource.druid.filter.wall.insert-allow=true spring.datasource.druid.filter.wall.select-allow=true spring.datasource.druid.filter.wall.multi-statement-allow=true # 配置事务管理器 spring.datasource.druid.connection-properties=druid.stat.mergeSql=true;druid.stat.slowSqlMillis=5000 # 配置事务管理器 spring.datasource.druid.connection-init-sqls=SET NAMES utf8mb4 COLLATE utf8mb4_general_ci # 配置事务管理器 spring.datasource.druid.use-global-data-source-stat=true # 配置事务管理器 spring.datasource.druid.time-between-eviction-runs-millis=60000 spring.datasource.druid.min-evictable-idle-time-millis=300000 # 配置事务管理器 spring.datasource.druid.pool-prepared-statements=true spring.datasource.druid.max-pool-prepared-statement-per-connection-size=20 # 配置事务管理器 mybatis.configuration.map-underscore-to-camel-case=true mybatis.mapper-locations=classpath*:mapper/*.xml # 配置事务管理器 spring.datasource.druid.stat-view-servlet.allow=true spring.datasource.druid.web-stat-filter.enabled=true spring.datasource.druid.stat-view-servlet.url-pattern=/druid/* spring.datasource.druid.stat-view-servlet.login-username=admin spring.datasource.druid.stat-view-servlet.login-password=admin ``` 3. 在需要实现事务的方法上添加`@Transactional`注解: ```java @Service public class UserServiceImpl implements UserService { @Autowired private UserMapper userMapper; @Override @Transactional(rollbackFor = Exception.class) public void save(User user) { userMapper.save(user); //抛出异常 throw new RuntimeException("test transactional"); } } ``` 4. 在需要调用事务的地方调用上述方法即可: ```java @RestController public class UserController { @Autowired private UserService userService; @PostMapping("/user") public void save(@RequestBody User user) { userService.save(user); } } ``` 以上就是在Spring Boot项目中使用编程式控制事务的步骤和示例代码。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值