All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.gitee.fufu669.aspect.CheckOrderByAop Maven / Gradle / Ivy

Go to download

cache-fetch-later

There is a newer version: 6.666.66021
Show newest version
package com.gitee.fufu669.aspect;

import com.gitee.fufu669.common.CacheKeyCommon;
import com.gitee.fufu669.config.exception.CacheServerErrorCode;
import com.gitee.fufu669.config.exception.CacheServerException;
import com.gitee.fufu669.service.CacheService;
import com.gitee.fufu669.utils.CacheAopUtil;
import com.gitee.fufu669.utils.CacheNetworkUtil;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;

import javax.servlet.http.HttpServletRequest;
import java.lang.reflect.Method;

/**
 * @author wangfupeng on 2017-5-6.
 */
@Aspect
@Component
@Order(-67)
@SuppressWarnings({"rawtypes"})
public class CheckOrderByAop {

    public static final Logger logger = LoggerFactory.getLogger(CheckOrderByAop.class);

    @Autowired
    private HttpServletRequest request;

    @Before("@annotation(com.gitee.fufu669.aspect.CheckOrderBy)")
    public void beforeMethod(JoinPoint joinPoint) {
        String description = "";
        String methodName = "";
        try {
            String targetName = joinPoint.getTarget().getClass().getName();
            methodName = joinPoint.getSignature().getName();
            Object[] arguments = joinPoint.getArgs();
            Class targetClass = Class.forName(targetName);
            Method[] methods = targetClass.getMethods();
            for (Method method : methods) {
                if (method.getName().equals(methodName)) {
                    description = method.getAnnotation(CheckOrderBy.class).description();
                    break;
                }
            }
        } catch (Exception e) {
            logger.info(e.toString());
        }
        judgeOrderBy(request,description);
    }

    public static void judgeOrderBy(HttpServletRequest request, String description){
        String orderBy = request.getParameter("orderBy");
        if(!StringUtils.isEmpty(orderBy)){
            String[] orderBys = orderBy.split(" ");
            if(orderBys.length!=2 || !( "asc".equals(orderBys[1].toLowerCase()) || "desc".equals(orderBys[1].toLowerCase())) ){
                throw new CacheServerException(CacheServerErrorCode.CHECKORDERBYAOP_ORDERBY_ILLEGAL);
            }
            if(orderBy.indexOf("insert ")>0  || orderBy.indexOf("use ")>0 || orderBy.indexOf("alter ")>0 || orderBy.indexOf("create ")>0 || orderBy.indexOf("drop ")>0 || orderBy.indexOf("select ")>0 || orderBy.indexOf("truncate ")>0 || orderBy.indexOf("delete ")>0 || orderBy.indexOf("update ")>0){
                throw new CacheServerException(CacheServerErrorCode.CHECKORDERBYAOP_ORDERBY_ILLEGAL);
            }
            logger.info("CheckOrderByAop:验证:orderBy:"+orderBy+":通过:description:"+description);
        }
    }

}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy