最后定位
spring.datasource.druid.filters=stat,log4j2
这个配置是没有问题的,都可以执行,也能监控SQL
但是加上wall后,其他SQL没有问题,
spring.datasource.druid.filters=stat,wall,log4j2
但是执行存储过程会报错
SQL service数据库,存储过程没问题
2020-09-24 10:36:49 [http-nio-8090-exec-5] ERROR com.example.springboot.common.GlobalExceptionHandler[exceptionHandle] - 系统日志:{}
org.springframework.jdbc.UncategorizedSQLException:
### Error querying database. Cause: java.sql.SQLException: sql injection violation, syntax error: syntax error, error in :' @re output
SELECT @re', expect IDENTIFIER, actual IDENTIFIER pos 86, line 4, column 36, token IDENTIFIER output : DECLARE @no INT = ?
DECLARE @re INT
exec
sp_GetSubPersonNum @no , 0 , @re output
SELECT @re
### The error occurred while executing a query
### SQL: DECLARE @no INT = ? DECLARE @re INT exec sp_GetSubPersonNum @no , 0 , @re output SELECT @re
### Cause: java.sql.SQLException: sql injection violation, syntax error: syntax error, error in :' @re output
SELECT @re', expect IDENTIFIER, actual IDENTIFIER pos 86, line 4, column 36, token IDENTIFIER output : DECLARE @no INT = ?
DECLARE @re INT
exec
sp_GetSubPersonNum @no , 0 , @re output
SELECT @re
; uncategorized SQLException; SQL state [null]; error code [0]; sql injection violation, syntax error: syntax error, error in :' @re output
SELECT @re', expect IDENTIFIER, actual IDENTIFIER pos 86, line 4, column 36, token IDENTIFIER output : DECLARE @no INT = ?
DECLARE @re INT
exec
sp_GetSubPersonNum @no , 0 , @re output
SELECT @re; nested exception is java.sql.SQLException: sql injection violation, syntax error: syntax error, error in :' @re output
SELECT @re', expect IDENTIFIER, actual IDENTIFIER pos 86, line 4, column 36, token IDENTIFIER output : DECLARE @no INT = ?
DECLARE @re INT
exec
sp_GetSubPersonNum @no , 0 , @re output
SELECT @re
at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:89)
at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:81)
at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:81)
at org.mybatis.spring.MyBatisExceptionTranslator.translateExceptionIfPossible(MyBatisExceptionTranslator.java:88)
at org.mybatis.spring.SqlSessionTemplate$SqlSessionInterceptor.invoke(SqlSessionTemplate.java:440)
at com.sun.proxy.$Proxy80.selectOne(Unknown Source)
at org.mybatis.spring.SqlSessionTemplate.selectOne(SqlSessionTemplate.java:159)
at org.apache.ibatis.binding.MapperMethod.execute(MapperMethod.java:87)
at org.apache.ibatis.binding.MapperProxy$PlainMethodInvoker.invoke(MapperProxy.java:152)
at org.apache.ibatis.binding.MapperProxy.invoke(MapperProxy.java:85)
at com.sun.proxy.$Proxy371.findChildrenNum1(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:343)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:197)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at com.alibaba.druid.support.spring.stat.DruidStatInterceptor.invoke(DruidStatInterceptor.java:73)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:185)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212)
at com.sun.proxy.$Proxy372.findChildrenNum1(Unknown Source)
at com.example.springboot.service.impl.JiaPuServiceImpl.findChildrenNum1(JiaPuServiceImpl.java:305)
at com.example.springboot.service.impl.JiaPuServiceImpl$$FastClassBySpringCGLIB$$4a69b0a5.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:746)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:294)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:98)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:185)
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:688)
at com.example.springboot.service.impl.JiaPuServiceImpl$$EnhancerBySpringCGLIB$$98f20cc3.findChildrenNum1(<generated>)
at com.example.springboot.controllerJiaPu.JiaPuController.findChildrenNum(JiaPuController.java:109)
at com.example.springboot.controllerJiaPu.JiaPuController$$FastClassBySpringCGLIB$$b23da722.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:684)
at com.example.springboot.controllerJiaPu.JiaPuController$$EnhancerBySpringCGLIB$$a982929.findChildrenNum(<generated>)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:209)
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:136)
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:102)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:877)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:783)
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:991)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:925)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:974)
at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:877)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:661)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:851)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at com.alibaba.druid.support.http.WebStatFilter.doFilter(WebStatFilter.java:124)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:800)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:800)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1471)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.sql.SQLException: sql injection violation, syntax error: syntax error, error in :' @re output
SELECT @re', expect IDENTIFIER, actual IDENTIFIER pos 86, line 4, column 36, token IDENTIFIER output : DECLARE @no INT = ?
DECLARE @re INT
exec
sp_GetSubPersonNum @no , 0 , @re output
SELECT @re
at com.alibaba.druid.wall.WallFilter.checkInternal(WallFilter.java:805)
at com.alibaba.druid.wall.WallFilter.connection_prepareCall(WallFilter.java:364)
at com.alibaba.druid.filter.FilterChainImpl.connection_prepareCall(FilterChainImpl.java:497)
at com.alibaba.druid.filter.FilterAdapter.connection_prepareCall(FilterAdapter.java:910)
at com.alibaba.druid.filter.FilterEventAdapter.connection_prepareCall(FilterEventAdapter.java:88)
at com.alibaba.druid.filter.FilterChainImpl.connection_prepareCall(FilterChainImpl.java:497)
at com.alibaba.druid.proxy.jdbc.ConnectionProxyImpl.prepareCall(ConnectionProxyImpl.java:315)
at com.alibaba.druid.pool.DruidPooledConnection.prepareCall(DruidPooledConnection.java:550)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.ibatis.logging.jdbc.ConnectionLogger.invoke(ConnectionLogger.java:55)
at com.sun.proxy.$Proxy310.prepareCall(Unknown Source)
at org.apache.ibatis.executor.statement.CallableStatementHandler.instantiateStatement(CallableStatementHandler.java:87)
at org.apache.ibatis.executor.statement.BaseStatementHandler.prepare(BaseStatementHandler.java:88)
at org.apache.ibatis.executor.statement.RoutingStatementHandler.prepare(RoutingStatementHandler.java:59)
at org.apache.ibatis.executor.SimpleExecutor.prepareStatement(SimpleExecutor.java:87)
at org.apache.ibatis.executor.SimpleExecutor.doQuery(SimpleExecutor.java:62)
at org.apache.ibatis.executor.BaseExecutor.queryFromDatabase(BaseExecutor.java:325)
at org.apache.ibatis.executor.BaseExecutor.query(BaseExecutor.java:156)
at org.apache.ibatis.executor.CachingExecutor.query(CachingExecutor.java:109)
at org.apache.ibatis.executor.CachingExecutor.query(CachingExecutor.java:89)
at org.apache.ibatis.session.defaults.DefaultSqlSession.selectList(DefaultSqlSession.java:147)
at org.apache.ibatis.session.defaults.DefaultSqlSession.selectList(DefaultSqlSession.java:140)
at org.apache.ibatis.session.defaults.DefaultSqlSession.selectOne(DefaultSqlSession.java:76)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.mybatis.spring.SqlSessionTemplate$SqlSessionInterceptor.invoke(SqlSessionTemplate.java:426)
... 89 common frames omitted
Caused by: com.alibaba.druid.sql.parser.ParserException: syntax error, error in :' @re output
SELECT @re', expect IDENTIFIER, actual IDENTIFIER pos 86, line 4, column 36, token IDENTIFIER output
at com.alibaba.druid.sql.parser.SQLParser.printError(SQLParser.java:344)
at com.alibaba.druid.sql.parser.SQLStatementParser.parseStatementList(SQLStatementParser.java:532)
at com.alibaba.druid.sql.parser.SQLStatementParser.parseStatementList(SQLStatementParser.java:182)
at com.alibaba.druid.wall.WallProvider.checkInternal(WallProvider.java:624)
at com.alibaba.druid.wall.WallProvider.check(WallProvider.java:578)
at com.alibaba.druid.wall.WallFilter.checkInternal(WallFilter.java:792)
... 119 common frames omitted
2020-09-24 10:36:49 [http-nio-8090-exec-5] WARN org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver[logException] - Resolved exception caused by Handler execution: org.springframework.jdbc.UncategorizedSQLException:
### Error querying database. Cause: java.sql.SQLException: sql injection violation, syntax error: syntax error, error in :' @re output
SELECT @re', expect IDENTIFIER, actual IDENTIFIER pos 86, line 4, column 36, token IDENTIFIER output : DECLARE @no INT = ?
DECLARE @re INT
exec
sp_GetSubPersonNum @no , 0 , @re output
SELECT @re
### The error occurred while executing a query
### SQL: DECLARE @no INT = ? DECLARE @re INT exec sp_GetSubPersonNum @no , 0 , @re output SELECT @re
### Cause: java.sql.SQLException: sql injection violation, syntax error: syntax error, error in :' @re output
SELECT @re', expect IDENTIFIER, actual IDENTIFIER pos 86, line 4, column 36, token IDENTIFIER output : DECLARE @no INT = ?
DECLARE @re INT
exec
sp_GetSubPersonNum @no , 0 , @re output
SELECT @re
; uncategorized SQLException; SQL state [null]; error code [0]; sql injection violation, syntax error: syntax error, error in :' @re output
SELECT @re', expect IDENTIFIER, actual IDENTIFIER pos 86, line 4, column 36, token IDENTIFIER output : DECLARE @no INT = ?
DECLARE @re INT
exec
sp_GetSubPersonNum @no , 0 , @re output
SELECT @re; nested exception is java.sql.SQLException: sql injection violation, syntax error: syntax error, error in :' @re output
SELECT @re', expect IDENTIFIER, actual IDENTIFIER pos 86, line 4, column 36, token IDENTIFIER output : DECLARE @no INT = ?
DECLARE @re INT
exec
sp_GetSubPersonNum @no , 0 , @re output
SELECT @re
https://blog.csdn.net/catoop/article/details/50925337/
wall下根据报错原因单独配置,有选择性的降低安全性