当我们在项目中使用了druid连接池进行数据源的管理,并且配置了如下监控
spring.datasource.filters: stat,wall,log4j
在执行程序拼接的SQL时,xml中使用的是${sql}进行执行的,这种方式会报如下错误:
2018-07-08 15:09:04.826 [http-nio-7073-exec-1] ERROR o.a.c.c.C.[.[localhost].[/].[dispatcherServlet] - Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is org.springframework.jdbc.UncategorizedSQLException:
### Error updating database. Cause: java.sql.SQLException: sql injection violation, class com.alibaba.druid.sql.ast.statement.SQLCommentStatement not allow : COMMENT ON TABLE RULE_EXECUTE_PLAN IS '规则执行'
### SQL: COMMENT ON TABLE RULE_EXECUTE_PLAN IS '规则执行'
### Cause: java.sql.SQLException: sql injection violation, class com.alibaba.druid.sql.ast.statement.SQLCommentStatement not allow : COMMENT ON TABLE RULE_EXECUTE_PLAN IS '规则执行'
; uncategorized SQLException for SQL []; SQL state [null]; error code [0]; sql injection violation, class com.alibaba.druid.sql.ast.statement.SQLCommentStatement not allow : COMMENT ON TABLE RULE_EXECUTE_PLAN IS '规则执行'; nested exception is java.sql.SQLException: sql injection violation, class com.alibaba.druid.sql.ast.statement.SQLCommentStatement not allow : COMMENT ON TABLE RULE_EXECUTE_PLAN_201808 IS '规则执行计划'] with root cause
这个错误告诉你,这种方式会造成SQL注入,当你又不得不用这种方式时,最简单粗暴的方式就是将配置的wall去掉。
![SpringBoot2.1.2 整合 Druid[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)