diff --git a/src/main/java/com/baiyee/adcallback/api/filter/ExceptionController.java b/src/main/java/com/baiyee/adcallback/api/filter/ExceptionController.java new file mode 100644 index 0000000..b14e7db --- /dev/null +++ b/src/main/java/com/baiyee/adcallback/api/filter/ExceptionController.java @@ -0,0 +1,25 @@ +package com.baiyee.adcallback.api.filter; + +import com.baiyee.adcallback.api.handler.RequestIllegalArgumentException; +import org.omg.CORBA.UserException; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; + +import javax.servlet.http.HttpServletRequest; + +@RestController +public class ExceptionController { + + @RequestMapping(CommonConstant.ERROR_CONTROLLER_PATH) + public void handleException(HttpServletRequest request){ + throw new RequestIllegalArgumentException((String) request.getAttribute("filterError")); + } + + public class CommonConstant { + + /** + * 异常处理 controller request url + */ + public static final String ERROR_CONTROLLER_PATH = "/error/throw"; + } +} diff --git a/src/main/java/com/baiyee/adcallback/api/filter/SqlFilter.java b/src/main/java/com/baiyee/adcallback/api/filter/SqlFilter.java index 13f81eb..84773b1 100644 --- a/src/main/java/com/baiyee/adcallback/api/filter/SqlFilter.java +++ b/src/main/java/com/baiyee/adcallback/api/filter/SqlFilter.java @@ -1,6 +1,7 @@ package com.baiyee.adcallback.api.filter; import cn.hutool.core.util.StrUtil; +import com.baiyee.adcallback.api.handler.RequestIllegalArgumentException; import org.springframework.context.annotation.Configuration; import javax.servlet.*; import javax.servlet.annotation.WebFilter; @@ -32,8 +33,11 @@ public class SqlFilter implements Filter{ } } if (sqlValidate(sql)) { - //TODO 这里直接抛异常处理,前后端交互项目中,请把错误信息按前后端"数据返回的VO"对象进行封装 - throw new IOException("您发送请求中的参数中含有非法字符"); + // 传递异常信息 + servletRequest.setAttribute("filterError", "您发送请求中的参数中含有非法字符"); + // 指定处理该请求的处理器 + servletRequest.getRequestDispatcher(ExceptionController.CommonConstant.ERROR_CONTROLLER_PATH).forward(servletRequest, servletResponse); +// throw new RequestIllegalArgumentException("您发送请求中的参数中含有非法字符"); } else { filterChain.doFilter(servletRequest, servletResponse); } diff --git a/src/main/java/com/baiyee/adcallback/api/handler/GlobalExceptionHandler.java b/src/main/java/com/baiyee/adcallback/api/handler/GlobalExceptionHandler.java new file mode 100644 index 0000000..451989a --- /dev/null +++ b/src/main/java/com/baiyee/adcallback/api/handler/GlobalExceptionHandler.java @@ -0,0 +1,25 @@ +package com.baiyee.adcallback.api.handler; + +import com.baiyee.adcallback.api.common.CommonResponse; +import lombok.extern.slf4j.Slf4j; +import org.springframework.web.bind.annotation.ControllerAdvice; +import org.springframework.web.bind.annotation.ExceptionHandler; +import org.springframework.web.bind.annotation.ResponseBody; + +@Slf4j +@ControllerAdvice +public class GlobalExceptionHandler { + + + /** + * 检查出有 SQL 注入风险的异常 + * @param requestIllegalArgumentException SQL 注入异常 + * @return 返回异常给前端 + */ + @ResponseBody + @ExceptionHandler(RequestIllegalArgumentException.class) //该类为自定义异常类 + public CommonResponse checkSQLInjectionException(RequestIllegalArgumentException requestIllegalArgumentException){ + log.error("发生异常:{}",requestIllegalArgumentException.getMessage()); + return CommonResponse.createByErrorMessage(requestIllegalArgumentException.getMessage()); + } +} diff --git a/src/main/java/com/baiyee/adcallback/api/handler/RequestIllegalArgumentException.java b/src/main/java/com/baiyee/adcallback/api/handler/RequestIllegalArgumentException.java new file mode 100644 index 0000000..d41831c --- /dev/null +++ b/src/main/java/com/baiyee/adcallback/api/handler/RequestIllegalArgumentException.java @@ -0,0 +1,11 @@ +package com.baiyee.adcallback.api.handler; + +/** + * 检查请求中是否存在不合法 SQL注入 参数的异常 + */ +public class RequestIllegalArgumentException extends RuntimeException{ + + public RequestIllegalArgumentException(String message){ + super(message); + } +}