Merge remote-tracking branch 'origin/master' into haskafka
This commit is contained in:
Hao Miao
@@ -0,0 +1,22 @@
|
|||||||
|
package com.realtime.protection.configuration.auth;
|
||||||
|
|
||||||
|
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||||
|
import org.springframework.cache.annotation.EnableCaching;
|
||||||
|
import org.springframework.web.servlet.config.annotation.InterceptorRegistration;
|
||||||
|
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
|
||||||
|
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author Yixiang Zhao (@seriouszyx)
|
||||||
|
**/
|
||||||
|
@SpringBootApplication
|
||||||
|
@EnableCaching
|
||||||
|
public class Application implements WebMvcConfigurer {
|
||||||
|
@Override
|
||||||
|
public void addInterceptors(InterceptorRegistry registry) {
|
||||||
|
// InterceptorRegistration ir = registry.addInterceptor(new LoginInterceptor());
|
||||||
|
// ir.addPathPatterns("/**");
|
||||||
|
// ir.excludePathPatterns("/js/**", "/html/**", "/image/**", "/css/**", "/api/**");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
@@ -0,0 +1,31 @@
|
|||||||
|
package com.realtime.protection.configuration.auth;
|
||||||
|
|
||||||
|
import jakarta.servlet.http.HttpServletRequest;
|
||||||
|
import jakarta.servlet.http.HttpServletResponse;
|
||||||
|
import jakarta.servlet.http.HttpSession;
|
||||||
|
|
||||||
|
import org.springframework.stereotype.Component;
|
||||||
|
import org.springframework.web.context.request.WebRequestInterceptor;
|
||||||
|
import org.springframework.web.servlet.HandlerInterceptor;
|
||||||
|
import org.springframework.web.servlet.handler.WebRequestHandlerInterceptorAdapter;
|
||||||
|
|
||||||
|
import com.realtime.protection.configuration.entity.user.User;
|
||||||
|
import com.realtime.protection.configuration.response.ResponseResult;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author Yixiang Zhao
|
||||||
|
**/
|
||||||
|
@Component
|
||||||
|
public class LoginInterceptor implements HandlerInterceptor {
|
||||||
|
@Override
|
||||||
|
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
|
||||||
|
HttpSession session = request.getSession();
|
||||||
|
User user = (User) session.getAttribute("user");
|
||||||
|
if (user != null) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
// 未登录
|
||||||
|
throw new Exception("not login");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
@@ -22,7 +22,6 @@ public class Template {
|
|||||||
private String sourceSystem;
|
private String sourceSystem;
|
||||||
|
|
||||||
@JsonProperty("description")
|
@JsonProperty("description")
|
||||||
@NotNull(message = "source_system字段不能为空。")
|
|
||||||
@Schema(description = "对策略模板的文字描述。方便用户使用", example = "zd防护对象的全流量")
|
@Schema(description = "对策略模板的文字描述。方便用户使用", example = "zd防护对象的全流量")
|
||||||
private String description;
|
private String description;
|
||||||
|
|
||||||
|
|||||||
@@ -97,7 +97,7 @@ public class TaskCommandInfo {
|
|||||||
@Schema(description = "防御策略模板ID", accessMode = Schema.AccessMode.READ_ONLY)
|
@Schema(description = "防御策略模板ID", accessMode = Schema.AccessMode.READ_ONLY)
|
||||||
private Integer templateId;
|
private Integer templateId;
|
||||||
|
|
||||||
@Schema(description = "防护等级", accessMode = Schema.AccessMode.READ_ONLY)
|
@Schema(description = "防护等级,1代表low、2代表medium、3代表high", accessMode = Schema.AccessMode.READ_ONLY)
|
||||||
private Integer protectLevel;
|
private Integer protectLevel;
|
||||||
|
|
||||||
@Schema(description = "指令所属任务的运行状态", accessMode = Schema.AccessMode.READ_ONLY)
|
@Schema(description = "指令所属任务的运行状态", accessMode = Schema.AccessMode.READ_ONLY)
|
||||||
|
|||||||
@@ -158,6 +158,7 @@ public class AlertMessageService {
|
|||||||
}
|
}
|
||||||
CommunicateObject protectObject;
|
CommunicateObject protectObject;
|
||||||
CommunicateObject peer;
|
CommunicateObject peer;
|
||||||
|
//0代表命中防护对象在告警信息的源ip
|
||||||
if (protectIsSrcOrDst == 0) {
|
if (protectIsSrcOrDst == 0) {
|
||||||
protectObject = new CommunicateObject(
|
protectObject = new CommunicateObject(
|
||||||
fiveTupleWithMask.getSourceIP(),
|
fiveTupleWithMask.getSourceIP(),
|
||||||
@@ -211,8 +212,8 @@ public class AlertMessageService {
|
|||||||
command1.setMaskSourcePort(peer.getMaskPort());
|
command1.setMaskSourcePort(peer.getMaskPort());
|
||||||
command1.setDestinationIP(protectObject.getIP());
|
command1.setDestinationIP(protectObject.getIP());
|
||||||
command1.setMaskDestinationIP(protectObject.getMaskIP());
|
command1.setMaskDestinationIP(protectObject.getMaskIP());
|
||||||
command1.setSourcePort(protectObject.getPort());
|
command1.setDestinationPort(protectObject.getPort());
|
||||||
command1.setMaskSourcePort(protectObject.getMaskPort());
|
command1.setMaskDestinationPort(protectObject.getMaskPort());
|
||||||
if (templateProtectLevel.getHasProtocol()){
|
if (templateProtectLevel.getHasProtocol()){
|
||||||
command1.setProtocol(fiveTupleWithMask.getProtocol());
|
command1.setProtocol(fiveTupleWithMask.getProtocol());
|
||||||
command1.setProtocol(fiveTupleWithMask.getMaskProtocol());
|
command1.setProtocol(fiveTupleWithMask.getMaskProtocol());
|
||||||
@@ -229,8 +230,8 @@ public class AlertMessageService {
|
|||||||
|
|
||||||
command2.setDestinationIP(peer.getIP());
|
command2.setDestinationIP(peer.getIP());
|
||||||
command2.setMaskDestinationIP(peer.getMaskIP());
|
command2.setMaskDestinationIP(peer.getMaskIP());
|
||||||
command2.setSourcePort(peer.getPort());
|
command2.setDestinationPort(peer.getPort());
|
||||||
command2.setMaskSourcePort(peer.getMaskPort());
|
command2.setMaskDestinationPort(peer.getMaskPort());
|
||||||
if (templateProtectLevel.getHasProtocol()){
|
if (templateProtectLevel.getHasProtocol()){
|
||||||
command2.setProtocol(fiveTupleWithMask.getProtocol());
|
command2.setProtocol(fiveTupleWithMask.getProtocol());
|
||||||
command2.setProtocol(fiveTupleWithMask.getMaskProtocol());
|
command2.setProtocol(fiveTupleWithMask.getMaskProtocol());
|
||||||
|
|||||||
@@ -2,10 +2,7 @@ package com.realtime.protection.server.user.login;
|
|||||||
|
|
||||||
import com.realtime.protection.configuration.entity.user.User;
|
import com.realtime.protection.configuration.entity.user.User;
|
||||||
import com.realtime.protection.configuration.response.ResponseResult;
|
import com.realtime.protection.configuration.response.ResponseResult;
|
||||||
import org.springframework.web.bind.annotation.PostMapping;
|
import org.springframework.web.bind.annotation.*;
|
||||||
import org.springframework.web.bind.annotation.RequestBody;
|
|
||||||
import org.springframework.web.bind.annotation.RequestMapping;
|
|
||||||
import org.springframework.web.bind.annotation.RestController;
|
|
||||||
|
|
||||||
import javax.security.auth.login.LoginException;
|
import javax.security.auth.login.LoginException;
|
||||||
|
|
||||||
@@ -36,4 +33,13 @@ public class LoginController {
|
|||||||
.setData("userId", userId)
|
.setData("userId", userId)
|
||||||
.setData("success", true);
|
.setData("success", true);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@PostMapping("/auth")
|
||||||
|
public ResponseResult auth(@RequestParam("sessionData") String sessionData,
|
||||||
|
@RequestParam("accessToken") String accessToken,
|
||||||
|
@RequestParam(value = "scopes", required = false) String scopes) {
|
||||||
|
return ResponseResult.ok().setMessage("success")
|
||||||
|
.setData("success", true);
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -32,6 +32,7 @@
|
|||||||
<result column="has_protocol" property="hasProtocol"/>
|
<result column="has_protocol" property="hasProtocol"/>
|
||||||
<result column="has_url" property="hasURL"/>
|
<result column="has_url" property="hasURL"/>
|
||||||
<result column="has_dns" property="hasDNS"/>
|
<result column="has_dns" property="hasDNS"/>
|
||||||
|
<result column="is_full_flow" property="isFullFlow"/>
|
||||||
</resultMap>
|
</resultMap>
|
||||||
|
|
||||||
<resultMap id="alertMessageMap" type="com.realtime.protection.configuration.entity.alert.AlertMessage">
|
<resultMap id="alertMessageMap" type="com.realtime.protection.configuration.entity.alert.AlertMessage">
|
||||||
@@ -113,7 +114,8 @@
|
|||||||
t_protect_level.has_peer_port,
|
t_protect_level.has_peer_port,
|
||||||
t_protect_level.has_protocol,
|
t_protect_level.has_protocol,
|
||||||
t_protect_level.has_url,
|
t_protect_level.has_url,
|
||||||
t_protect_level.has_dns
|
t_protect_level.has_dns,
|
||||||
|
t_protect_level.is_full_flow
|
||||||
FROM t_strategy_template
|
FROM t_strategy_template
|
||||||
<if test="protectLevel == 1">
|
<if test="protectLevel == 1">
|
||||||
left join t_protect_level on t_strategy_template.strategy_template_low_level_id = t_protect_level.protect_level_id
|
left join t_protect_level on t_strategy_template.strategy_template_low_level_id = t_protect_level.protect_level_id
|
||||||
|
|||||||
@@ -56,7 +56,7 @@ public class AlertMessageTest {
|
|||||||
object.setDynamicRuleFrequency(1);
|
object.setDynamicRuleFrequency(1);
|
||||||
object.setDynamicRulePriority(1);
|
object.setDynamicRulePriority(1);
|
||||||
object.setDynamicRuleRange("北京");
|
object.setDynamicRuleRange("北京");
|
||||||
object.setDynamicRuleProtectLevel(2);
|
object.setDynamicRuleProtectLevel(1);
|
||||||
object.setTemplateId(templates.get(0).getTemplateId());
|
object.setTemplateId(templates.get(0).getTemplateId());
|
||||||
object.setProtectObjectIds(List.of(new Integer[]{protectObject.get(0).getProtectObjectId()}));
|
object.setProtectObjectIds(List.of(new Integer[]{protectObject.get(0).getProtectObjectId()}));
|
||||||
Integer dynamicRuleId = dynamicRuleService.newDynamicRuleObject(object);
|
Integer dynamicRuleId = dynamicRuleService.newDynamicRuleObject(object);
|
||||||
@@ -75,6 +75,7 @@ public class AlertMessageTest {
|
|||||||
task.setTaskCreateDepart("xxx");
|
task.setTaskCreateDepart("xxx");
|
||||||
task.setDynamicRuleIds(List.of(new Integer[]{dynamicRuleId}));
|
task.setDynamicRuleIds(List.of(new Integer[]{dynamicRuleId}));
|
||||||
Long taskId = taskService.newTask(task);
|
Long taskId = taskService.newTask(task);
|
||||||
|
System.out.println(taskId);
|
||||||
//审核状态
|
//审核状态
|
||||||
taskService.changeTaskAuditStatus(taskId, 2);
|
taskService.changeTaskAuditStatus(taskId, 2);
|
||||||
//启动任务
|
//启动任务
|
||||||
@@ -83,16 +84,17 @@ public class AlertMessageTest {
|
|||||||
for (int i = 0 ; i< 10; i++) {
|
for (int i = 0 ; i< 10; i++) {
|
||||||
AlertMessage alert = new AlertMessage();
|
AlertMessage alert = new AlertMessage();
|
||||||
FiveTupleWithMask fiveTupleWithMask = new FiveTupleWithMask();
|
FiveTupleWithMask fiveTupleWithMask = new FiveTupleWithMask();
|
||||||
fiveTupleWithMask.setSourceIP("1.1.1." + i);
|
fiveTupleWithMask.setSourceIP("111.1.1." + i);
|
||||||
fiveTupleWithMask.setDestinationIP("2.2.2." + i);
|
fiveTupleWithMask.setDestinationIP("222.22.2." + i);
|
||||||
fiveTupleWithMask.setSourcePort("80");
|
fiveTupleWithMask.setSourcePort("111");
|
||||||
fiveTupleWithMask.setDestinationPort("80");
|
fiveTupleWithMask.setDestinationPort("222");
|
||||||
fiveTupleWithMask.setProtocol("tcp");
|
fiveTupleWithMask.setProtocol("tcp");
|
||||||
|
|
||||||
alert.setDynamicRuleId(dynamicRuleId);
|
alert.setDynamicRuleId(dynamicRuleId);
|
||||||
alert.setTaskId(taskId);
|
alert.setTaskId(taskId);
|
||||||
alert.setFiveTupleWithMask(fiveTupleWithMask);
|
alert.setFiveTupleWithMask(fiveTupleWithMask);
|
||||||
alert.setContent("testcontent");
|
alert.setContent("testcontent");
|
||||||
|
alert.setProtectIsSrcOrDst(1);
|
||||||
alertMessageService.processAlertMessage(alert);
|
alertMessageService.processAlertMessage(alert);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user