Author Archives: dan zen

About dan zen

Hehe

Java zip and unzip with password

Jdk have the default zip and unzip class to implement this requirement, but When we need to encrypt and decrypt our zip files, the task become a little troublesome, so in this article, I’d like to provide you a simple way with the help of Zip4j, it’s a convenient and powerful component
All the belowing code is self-explained, :)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
import java.io.File;

import net.lingala.zip4j.core.ZipFile;
import net.lingala.zip4j.exception.ZipException;
import net.lingala.zip4j.model.ZipParameters;
import net.lingala.zip4j.util.Zip4jConstants;

/**
 * <p>
 * we depend on the <code>zip4j</code> to implement the zip and unzip with specific password.
 * <pre>http://www.lingala.net/zip4j/download.php</pre>
 * </p>
 * @author dan
 * @version 1.0
 */

public class Zip4jTest {
    private static final String passwd = "123456";
    /**
     * <p>
     * encrypt the folder to zip file
     * </p>
     *
     * @param zipFileName
     *        the target zip file name.
     * @param folderName
     *        the folder name.
     * @param password
     *        the password.
     */

    public static void ZipFolder(String zipFileName,String folderName,String password) {       
        try {
            // Initiate ZipFile object with the path/name of the zip file.
            File ff = new File(zipFileName);
            if(ff.exists()) {
                ff.deleteOnExit();
            }
            ZipFile zipFile = new ZipFile(zipFileName);
           
            // Initiate Zip Parameters which define various properties such
            // as compression method, etc.
            ZipParameters parameters = new ZipParameters();
           
            // set compression method to store compression
            parameters.setCompressionMethod(Zip4jConstants.COMP_DEFLATE);
           
            // Set the compression level
            parameters.setCompressionLevel(Zip4jConstants.DEFLATE_LEVEL_NORMAL);
           
            if (password!=null) {  
                parameters.setEncryptFiles(true);  
                parameters.setEncryptionMethod(Zip4jConstants.ENC_METHOD_STANDARD);
                parameters.setPassword(password);  
            }
            /**
             * whether the root folder need to zip
             */

            parameters.setIncludeRootFolder(false);
            // Add folder to the zip file
            zipFile.addFolder(new File(folderName), parameters);
           
        } catch (ZipException e) {
            e.printStackTrace();
        }
    }
   
    /**
     * <p>
     * extract the zip file.
     * </p>
     * @param zipFile
     *         the zip file to extract
     * @param dest
     *         the destination folder where the zip file extract to.
     * @param passwd
     *         the password
     * @throws ZipException
     */

    public static void unzipToFolder(String zipFile,String dest,String passwd) throws ZipException {
        ZipFile zFile = new ZipFile(zipFile);
        if (!zFile.isValidZipFile()) {  
            throw new ZipException("this is an broken zip file.");  
        }  
        File destDir = new File(dest);  
        if (destDir.isDirectory() && !destDir.exists()) {  
            destDir.mkdir();  
        }  
        if (zFile.isEncrypted()) {  
            zFile.setPassword(passwd);
        }  
        zFile.extractAll(dest);  
    }
   
    public static void main(String[] args) throws Exception{
        ZipFolder("c:/out1/out2","c:/test.zip",passwd);
        unzipToFolder("c:/test.zip","c:/test",passwd);
    }
   
}

myibatis order by solution

This blog is used to find an easy and simple solution to the myibatis order by problem

As we all know, no matter ibatis2 or myibatis3 will cause the SQL Injection if we want to make the order by effective

for example:

Let’s assume there is a table named “User” with columns [id,password,user_name,age,sex,phone], if we want to sort any of them by user input, the traditional way is

SELECT * FROM User
<if test="sort!=null and sort!=''">
    ORDER BY ${sort}
    <if test="order != null and order == 'desc' ">
        DESC
    </if>
</if>

Oops, this may be cause the SQL Injection, because we use ${sort} to replace the plain text in sql, just think of the following sort value
sort => user_name; delete from User;, now the tragedy happens our User table data are all lost

now, let’s promote this method a bit

SELECT * FROM User
<if test="sort!=null and sort=='user_name'">
    ORDER BY user_name 
    <if test="order != null and order == 'desc' ">
        DESC
    </if>
</if>
<if test="sort!=null and sort=='age'">
    ORDER BY age   
    <if test="order != null and order == 'desc' ">
        DESC
    </if>
</if>
<if test="sort!=null and sort=='sex'">
    ORDER BY sex
    <if test="order != null and order == 'desc' ">
        DESC
    </if>
</if>
<if test="sort!=null and sort=='phone'">
    ORDER BY phone
    <if test="order != null and order == 'desc' ">
        DESC
    </if>
</if>

now, all the user input value is predictable, the SQL Injection is gone away, but the code is too tedious, I can’t bear it anymore, so let me give the final solution:

it’s OGNL with sort check

SELECT * FROM User
<if test="@QueryUtil@isInside(sort,'user_name,age,sex,phone')">
    ORDER BY ${sort}
    <if test="order != null and order == 'desc' ">
        DESC
    </if>
</if>
import org.apache.commons.lang.StringUtils;

public class QueryUtil {
    public static boolean isInside(String element,String prototypes) {
        if(StringUtils.isNotBlank(element)
            && StringUtils.isNotBlank(prototypes)) {
            return StringUtils.indexOfAny(element, prototypes.split(","))>=0;
        }
        return false;
    }
}

if there are more sort by elements, just add in the ‘user_name,age,sex,phone…..’ at once, the code is clear and compact, I like it!!