修改ip spoofing配置逻辑,删除spoofing ip pool配置菜单功能,在ip spoofing策略配置功能中,自动创建ip
pool配置,ip spoofing策略审核下发与取消审核时,同时审核下发或取消ip pool配置
This commit is contained in:
zhangwei
@@ -52,6 +52,9 @@ public class PxyObjSpoofingIpPool extends BaseIpCfg{
|
||||
this.ipAddress = ipAddress;
|
||||
}
|
||||
public Integer getGroupId() {
|
||||
if(groupId==null || groupId==0){
|
||||
groupId=cfgId.intValue();
|
||||
}
|
||||
return groupId;
|
||||
}
|
||||
public void setGroupId(Integer groupId) {
|
||||
|
||||
@@ -26,6 +26,7 @@ import com.nis.domain.configuration.HttpUrlCfg;
|
||||
import com.nis.domain.configuration.InterceptPktBin;
|
||||
import com.nis.domain.configuration.IpPortCfg;
|
||||
import com.nis.domain.configuration.PxyObjKeyring;
|
||||
import com.nis.domain.configuration.PxyObjSpoofingIpPool;
|
||||
import com.nis.exceptions.MaatConvertException;
|
||||
import com.nis.util.Constants;
|
||||
import com.nis.util.DictUtils;
|
||||
@@ -60,9 +61,18 @@ public class InterceptController extends CommonController {
|
||||
certificateList = pxyObjKeyringService.findPxyObjKeyrings(null, 1, 1, "domain");
|
||||
}
|
||||
model.addAttribute("certificateList", certificateList);
|
||||
// IP地址仿冒策略使用策略组
|
||||
List<PolicyGroupInfo> policyGroups = policyGroupInfoService.findPolicyGroupInfosByType(6);
|
||||
model.addAttribute("policyGroups", policyGroups);
|
||||
/*if(cfg.getFunctionId().equals(214)){
|
||||
// IP地址仿冒策略使用策略组
|
||||
//List<PolicyGroupInfo> policyGroups = policyGroupInfoService.findPolicyGroupInfosByType(6);
|
||||
List<CfgIndexInfo> list = page.getList();
|
||||
for(CfgIndexInfo c:list){
|
||||
Long cfgId = Long.parseLong(c.getUserRegion2());//user_region2字段存储的为IP仿冒池的ID信息(策略组ID)
|
||||
PxyObjSpoofingIpPool pool = pxyObjSpoofingIpPoolService.getPxyObjSpoofingIpPool(cfgId);
|
||||
c.setUserRegion2(pool.getGroupName());//将IP仿冒池的策略组名重新赋给user_region2
|
||||
}
|
||||
|
||||
// model.addAttribute("policyGroups", policyGroups);
|
||||
}*/
|
||||
return "/cfg/intercept/interceptList";
|
||||
}
|
||||
|
||||
@@ -86,8 +96,9 @@ public class InterceptController extends CommonController {
|
||||
|
||||
model.addAttribute("_cfg", entity);
|
||||
// IP地址仿冒策略使用策略组
|
||||
List<PolicyGroupInfo> policyGroups = policyGroupInfoService.findPolicyGroupInfosByType(6);
|
||||
model.addAttribute("policyGroups", policyGroups);
|
||||
// List<PolicyGroupInfo> policyGroups = policyGroupInfoService.findPolicyGroupInfosByType(6);
|
||||
// List<PxyObjSpoofingIpPool> pools = pxyObjSpoofingIpPoolService.findPxyObjSpoofingIpPools(new PxyObjSpoofingIpPool());
|
||||
// model.addAttribute("policyGroups", pools);
|
||||
|
||||
return "/cfg/intercept/interceptForm";
|
||||
}
|
||||
|
||||
@@ -89,7 +89,7 @@ public class PxyObjSpoofingIpPoolController extends BaseController {
|
||||
model.addAttribute("isAdd", true);
|
||||
}
|
||||
|
||||
List<PolicyGroupInfo> groups=policyGroupInfoService.findPolicyGroupInfosByType(6);
|
||||
/*List<PolicyGroupInfo> groups=policyGroupInfoService.findPolicyGroupInfosByType(6);
|
||||
List<PolicyGroupInfo> policyGroups = new ArrayList();
|
||||
//解决目前一个分组只能有一个生效IP
|
||||
for(PolicyGroupInfo group:groups){
|
||||
@@ -101,7 +101,7 @@ public class PxyObjSpoofingIpPoolController extends BaseController {
|
||||
policyGroups.add(group);
|
||||
}
|
||||
}
|
||||
model.addAttribute("policyGroups", policyGroups);
|
||||
model.addAttribute("policyGroups", policyGroups);*/
|
||||
model.addAttribute("_cfg", cfg);
|
||||
return "/cfg/proxy/spoofingIpPool/form";
|
||||
}
|
||||
|
||||
@@ -138,7 +138,7 @@
|
||||
<select id="findList" resultMap="PxyObjSpoofingPoolMap" parameterType="com.nis.domain.configuration.PxyObjSpoofingIpPool">
|
||||
SELECT
|
||||
<include refid="PxyObjSpoofingIpPoolColumns"/>
|
||||
FROM pxy_obj_spoofing_ip_pool r where (r.is_valid!=-1 and r.is_audit!=3) AND r.group_id =#{groupId,jdbcType=INTEGER}
|
||||
FROM pxy_obj_spoofing_ip_pool r where r.is_valid=1 and r.is_audit=1
|
||||
<if test="cfgId != null">
|
||||
AND r.CFG_ID!=#{cfgId,jdbcType=BIGINT}
|
||||
</if>
|
||||
@@ -146,7 +146,9 @@
|
||||
|
||||
<insert id="insert" parameterType="com.nis.domain.configuration.PxyObjSpoofingIpPool" >
|
||||
insert into pxy_obj_spoofing_ip_pool (
|
||||
CFG_ID,
|
||||
<selectKey resultType="java.lang.Long" order="AFTER" keyProperty="cfgId">
|
||||
SELECT LAST_INSERT_ID()
|
||||
</selectKey>
|
||||
CFG_DESC,
|
||||
ACTION,
|
||||
IS_VALID,
|
||||
@@ -176,7 +178,6 @@
|
||||
user_region,
|
||||
port
|
||||
)values (
|
||||
#{cfgId,jdbcType=VARCHAR},
|
||||
#{cfgDesc,jdbcType=VARCHAR},
|
||||
#{action,jdbcType=INTEGER},
|
||||
0,
|
||||
|
||||
@@ -18,6 +18,7 @@ import com.nis.domain.configuration.CfgIndexInfo;
|
||||
import com.nis.domain.configuration.HttpUrlCfg;
|
||||
import com.nis.domain.configuration.InterceptPktBin;
|
||||
import com.nis.domain.configuration.IpPortCfg;
|
||||
import com.nis.domain.configuration.PxyObjSpoofingIpPool;
|
||||
import com.nis.domain.maat.MaatCfg;
|
||||
import com.nis.domain.maat.MaatCfg.NumBoundaryCfg;
|
||||
import com.nis.domain.maat.ToMaatBean;
|
||||
@@ -33,6 +34,7 @@ import com.nis.util.Constants;
|
||||
import com.nis.util.StringUtil;
|
||||
import com.nis.web.dao.configuration.AreaIpCfgDao;
|
||||
import com.nis.web.dao.configuration.InterceptCfgDao;
|
||||
import com.nis.web.dao.configuration.PxyObjSpoofingIpPoolDao;
|
||||
import com.nis.web.dao.configuration.WebsiteCfgDao;
|
||||
import com.nis.web.security.UserUtils;
|
||||
import com.nis.web.service.BaseService;
|
||||
@@ -51,6 +53,8 @@ public class InterceptCfgService extends CrudService<WebsiteCfgDao,CfgIndexInfo>
|
||||
protected InterceptCfgDao interceptCfgDao;
|
||||
@Autowired
|
||||
protected AreaIpCfgDao areaIpCfgDao;
|
||||
@Autowired
|
||||
protected PxyObjSpoofingIpPoolDao pxyObjSpoofingIpPoolDao;
|
||||
|
||||
public CfgIndexInfo getInterceptCfg(Long cfgId,Integer compileId){
|
||||
CfgIndexInfo entity = websiteCfgDao.getCfgIndexInfo(cfgId,compileId);
|
||||
@@ -107,20 +111,57 @@ public class InterceptCfgService extends CrudService<WebsiteCfgDao,CfgIndexInfo>
|
||||
setAreaEffectiveIds(entity);
|
||||
if(entity.getCfgId()==null){
|
||||
Integer compileId = 0;
|
||||
Integer spoofingPoolId = 0 ;
|
||||
try {
|
||||
List<Integer> idList = ConfigServiceUtil.getId(1, 1);
|
||||
if(idList!=null && idList.size()>0){
|
||||
List<Integer> idList = new ArrayList();
|
||||
if(entity.getServiceId().equals(518)){//ip仿冒策略
|
||||
idList= ConfigServiceUtil.getId(1, 2);
|
||||
compileId = idList.get(0);
|
||||
}
|
||||
spoofingPoolId = idList.get(1);
|
||||
}else{
|
||||
idList= ConfigServiceUtil.getId(1, 1);
|
||||
compileId = idList.get(0);
|
||||
}
|
||||
} catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
logger.info("获取编译ID出错");
|
||||
throw new MaatConvertException("<spring:message code=\"request_service_failed\"/>:"+e.getMessage());
|
||||
}
|
||||
if(entity.getServiceId().equals(518)){//ip仿冒策略
|
||||
//保存IP仿冒池
|
||||
PxyObjSpoofingIpPool spoofingPool = new PxyObjSpoofingIpPool();
|
||||
spoofingPool.setIpType(4);//ipv4
|
||||
spoofingPool.setIpAddress(entity.getUserRegion2());//仿冒IP
|
||||
spoofingPool.setProtocol(0);
|
||||
if("dnat".equals(entity.getUserRegion1().toLowerCase())){//spoofing server ip->dnat
|
||||
spoofingPool.setDirection(1);
|
||||
}else{
|
||||
spoofingPool.setDirection(2);//spoofing client ip->snat
|
||||
}
|
||||
|
||||
spoofingPool.setPort("0");
|
||||
spoofingPool.setUserRegion("0");
|
||||
spoofingPool.setLocation(0);
|
||||
spoofingPool.setServiceId(642);
|
||||
spoofingPool.setAreaEffectiveIds("0");
|
||||
spoofingPool.setIsAreaEffective(0);
|
||||
spoofingPool.setCreateTime(new Date());
|
||||
spoofingPool.setCreatorId(UserUtils.getUser().getId());
|
||||
spoofingPool.setCompileId(spoofingPoolId);
|
||||
spoofingPool.setAction(1);
|
||||
spoofingPool.setFunctionId(666);
|
||||
spoofingPool.setRequestId(0);
|
||||
pxyObjSpoofingIpPoolDao.insert(spoofingPool);//保存仿冒IP池配置
|
||||
|
||||
entity.setUserRegion3(String.valueOf(spoofingPool.getCfgId()));//将仿冒IP池配置ID作为策略组ID
|
||||
|
||||
}
|
||||
|
||||
entity.setCompileId(compileId);
|
||||
entity.setCreateTime(new Date());
|
||||
entity.setCreatorId(entity.getCurrentUser().getId());
|
||||
websiteCfgDao.saveCfgIndex(entity);
|
||||
|
||||
if(entity.getIpPortList()!=null){
|
||||
for(IpPortCfg cfg:entity.getIpPortList()){
|
||||
BeanUtils.copyProperties(entity, cfg,new String[]{"cfgRegionCode","cfgType"});
|
||||
@@ -155,6 +196,30 @@ public class InterceptCfgService extends CrudService<WebsiteCfgDao,CfgIndexInfo>
|
||||
|
||||
|
||||
}else{
|
||||
if(entity.getServiceId().equals(518)){//ip仿冒策略
|
||||
//保存IP仿冒池
|
||||
Long cfgId = Long.parseLong(entity.getUserRegion3());
|
||||
PxyObjSpoofingIpPool spoofingPool = pxyObjSpoofingIpPoolDao.getPxyObjSpoofingIpPool(cfgId);
|
||||
spoofingPool.setIpType(4);//ipv4
|
||||
spoofingPool.setIpAddress(entity.getUserRegion2());//仿冒IP
|
||||
spoofingPool.setProtocol(0);
|
||||
if("dnat".equals(entity.getUserRegion1())){//spoofing server ip->dnat
|
||||
spoofingPool.setDirection(1);
|
||||
}else{
|
||||
spoofingPool.setDirection(2);//spoofing client ip->snat
|
||||
}
|
||||
|
||||
spoofingPool.setPort("0");
|
||||
spoofingPool.setUserRegion("0");
|
||||
spoofingPool.setLocation(0);
|
||||
spoofingPool.setServiceId(642);
|
||||
spoofingPool.setAreaEffectiveIds("0");
|
||||
spoofingPool.setIsAreaEffective(0);
|
||||
spoofingPool.setEditTime(new Date());
|
||||
spoofingPool.setEditorId(UserUtils.getUser().getId());
|
||||
pxyObjSpoofingIpPoolDao.update(spoofingPool);//保存仿冒IP池配置
|
||||
|
||||
}
|
||||
entity.setEditTime(new Date());
|
||||
entity.setEditorId(entity.getCurrentUser().getId());
|
||||
|
||||
@@ -220,6 +285,20 @@ public class InterceptCfgService extends CrudService<WebsiteCfgDao,CfgIndexInfo>
|
||||
websiteCfgDao.updateCfgValid(entity);
|
||||
//查询子配置
|
||||
entity = this.getInterceptCfg(Long.parseLong(id),entity.getCompileId());
|
||||
|
||||
//IP仿冒策略下的仿冒IP池也失效
|
||||
if(entity.getServiceId().equals(518)){
|
||||
PxyObjSpoofingIpPool pool = new PxyObjSpoofingIpPool();
|
||||
if(StringUtils.isNotEmpty(entity.getUserRegion3())){
|
||||
pool.setCfgId(Long.parseLong(entity.getUserRegion3()));
|
||||
pool.setIsValid(isValid);
|
||||
pool.setIsAudit(entity.getIsAudit());
|
||||
pool.setEditTime(new Date());
|
||||
pool.setEditorId(UserUtils.getUser().getId());
|
||||
pxyObjSpoofingIpPoolDao.update(pool);
|
||||
}
|
||||
}
|
||||
|
||||
if(entity.getIpPortList()!=null && entity.getIpPortList().size()>0){
|
||||
IpPortCfg cfg = new IpPortCfg();
|
||||
BeanUtils.copyProperties(entity, cfg, new String[]{"cfgId"});
|
||||
@@ -274,6 +353,56 @@ public class InterceptCfgService extends CrudService<WebsiteCfgDao,CfgIndexInfo>
|
||||
|
||||
//查询子配置并修改审核状态
|
||||
entity = this.getInterceptCfg(entity.getCfgId(),entity.getCompileId());
|
||||
if(entity.getServiceId().equals(518)){//IP仿冒策略
|
||||
//仿冒IP池配置匹配下发或者取消
|
||||
PxyObjSpoofingIpPool pool=new PxyObjSpoofingIpPool();
|
||||
pool.setCfgId(Long.valueOf(entity.getUserRegion3()));
|
||||
pool.setIsValid(entity.getIsValid());
|
||||
pool.setIsAudit(isAudit);
|
||||
pool.setAuditorId(UserUtils.getUser().getId());
|
||||
pool.setAuditTime(new Date());
|
||||
pxyObjSpoofingIpPoolDao.update(pool);
|
||||
pool = pxyObjSpoofingIpPoolDao.getPxyObjSpoofingIpPool(pool.getCfgId());
|
||||
List<PxyObjSpoofingIpPool> list = new ArrayList<PxyObjSpoofingIpPool>();
|
||||
String json="";
|
||||
String areaEffectiveIds="0";
|
||||
if(entity.getIsAudit()==1){
|
||||
pool.setAreaEffectiveIds(areaEffectiveIds);
|
||||
pool.setGroupId(pool.getCfgId().intValue());//界面端的配置ID作为策略分组ID
|
||||
list.add(pool);
|
||||
//调用服务接口下发配置数据
|
||||
json=gsonToJson(list);
|
||||
logger.info("欺骗IP池配置下发配置参数:"+json);
|
||||
//调用服务接口下发配置
|
||||
try {
|
||||
ToMaatResult result = ConfigServiceUtil.postCallbackCfg(json);
|
||||
if(result!=null){
|
||||
logger.info("欺骗IP池配置下发响应信息:"+result.getMsg());
|
||||
}
|
||||
} catch (Exception e) {
|
||||
logger.error("欺骗IP池配置配置下发失败",e);
|
||||
throw e;
|
||||
}
|
||||
}else if(entity.getIsAudit()==3){
|
||||
PxyObjSpoofingIpPool cfg = new PxyObjSpoofingIpPool();
|
||||
cfg.setIsValid(0);
|
||||
cfg.setCompileId(pool.getCompileId());
|
||||
cfg.setServiceId(pool.getServiceId());
|
||||
list.add(cfg);
|
||||
//调用服务接口取消配置
|
||||
json=gsonToJson(list);
|
||||
logger.info("欺骗IP池配置配置参数:"+json);
|
||||
//调用服务接口取消配置
|
||||
try {
|
||||
ToMaatResult result = ConfigServiceUtil.put(json, 2);
|
||||
logger.info("欺骗IP池配置响应信息:"+result.getMsg());
|
||||
} catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
logger.info("欺骗IP池配置配置失败");
|
||||
throw e;
|
||||
}
|
||||
}
|
||||
}
|
||||
if(entity.getIpPortList()!=null && entity.getIpPortList().size()>0){
|
||||
IpPortCfg cfg = new IpPortCfg();
|
||||
BeanUtils.copyProperties(entity, cfg, new String[]{"cfgId"});
|
||||
@@ -398,7 +527,7 @@ public class InterceptCfgService extends CrudService<WebsiteCfgDao,CfgIndexInfo>
|
||||
if(entity.getAction().equals(48)){
|
||||
//HTTP replace: replace type is not null ;find is not null;replace with is not null(userRegion is not null)
|
||||
userRegion="nat_type="+entity.getUserRegion1();
|
||||
userRegion+=";spoofing_ip_pool="+entity.getUserRegion2();
|
||||
userRegion+=";spoofing_ip_pool="+entity.getUserRegion3();
|
||||
maatCfg.setUserRegion(userRegion);
|
||||
}
|
||||
|
||||
|
||||
@@ -165,6 +165,7 @@ public class PxyObjSpoofingIpPoolService extends BaseService{
|
||||
areaEffectiveIds = this.setEffectiveRange(entity.getAreaEffectiveIds());
|
||||
}
|
||||
entity.setAreaEffectiveIds(areaEffectiveIds);
|
||||
entity.setGroupId(entity.getCfgId().intValue());//界面的配置ID作为策略分组ID
|
||||
list.add(entity);
|
||||
//调用服务接口下发配置数据
|
||||
json=gsonToJson(list);
|
||||
|
||||
@@ -696,7 +696,7 @@
|
||||
<div class="col-md-6">
|
||||
<div class="form-group">
|
||||
<label class="control-label col-md-3"><font color="red">*</font>
|
||||
<spring:message code="Spoofing" />
|
||||
<spring:message code="spoofing" />
|
||||
</label>
|
||||
<div class="col-md-6">
|
||||
<select name="userRegion1"
|
||||
@@ -714,12 +714,14 @@
|
||||
<label class="control-label col-md-3"><font color="red">*</font>
|
||||
<spring:message code="With" /></label>
|
||||
<div class="col-md-6">
|
||||
<select name="userRegion2" class="selectpicker show-tick form-control required">
|
||||
<input class="form-control required ip" type="text" name="userRegion2" value="${_cfg.userRegion2}">
|
||||
<input class="form-control" type="hidden" name="userRegion3" value="${_cfg.userRegion3}">
|
||||
<%-- <select name="userRegion2" class="selectpicker show-tick form-control required">
|
||||
<option value="" ><spring:message code="select"/></option>
|
||||
<c:forEach items="${policyGroups }" var="policyGroup">
|
||||
<option value="${policyGroup.groupId}" <c:if test="${_cfg.userRegion2==policyGroup.groupId }">selected</c:if>><spring:message code="${policyGroup.groupName}"/></option>
|
||||
<option value="${policyGroup.cfgId}" <c:if test="${_cfg.userRegion2==policyGroup.cfgId }">selected</c:if>><spring:message code="${policyGroup.groupName}"/></option>
|
||||
</c:forEach>
|
||||
</select>
|
||||
</select> --%>
|
||||
</div>
|
||||
<div for="userRegion2"></div>
|
||||
</div>
|
||||
|
||||
@@ -397,7 +397,7 @@
|
||||
<th column="userregion3" ><spring:message code="replace_content"/></th>
|
||||
</c:if>
|
||||
<c:if test="${cfg.functionId eq 214 }">
|
||||
<th column="userregion1" ><spring:message code="Spoofing"/></th>
|
||||
<th column="userregion1" ><spring:message code="spoofing"/></th>
|
||||
<th column="userregion2" ><spring:message code="With"/></th>
|
||||
</c:if>
|
||||
<c:if test="${cfg.functionId eq 201 }">
|
||||
@@ -437,7 +437,7 @@
|
||||
<spring:message code="bypass"/>
|
||||
</c:if>
|
||||
<c:if test="${indexCfg.action eq 48}">
|
||||
<spring:message code="Spoofing"/>
|
||||
<spring:message code="spoofing"/>
|
||||
</c:if>
|
||||
<c:if test="${(indexCfg.action ne 1) && (indexCfg.action ne 128) && (indexCfg.action ne 48)}">
|
||||
<c:forEach items="${fns:getDictList('SERVICE_ACTION') }" var="dict">
|
||||
@@ -511,11 +511,12 @@
|
||||
</c:forEach>
|
||||
</td>
|
||||
<td>
|
||||
<c:forEach items="${policyGroups}" var="policyGroup">
|
||||
${indexCfg.userRegion2 }
|
||||
<%-- <c:forEach items="${policyGroups}" var="policyGroup">
|
||||
<c:if test="${indexCfg.userRegion2==policyGroup.groupId}">
|
||||
${policyGroup.groupName }
|
||||
</c:if>
|
||||
</c:forEach>
|
||||
</c:forEach> --%>
|
||||
</td>
|
||||
</c:if>
|
||||
<c:if test="${cfg.functionId eq 201 }">
|
||||
|
||||
@@ -89,11 +89,12 @@ $(function(){
|
||||
<div class="form-group">
|
||||
<label class="control-label col-md-3"><font color="red">*</font><spring:message code="group"/></label>
|
||||
<div class="col-md-6">
|
||||
<select name="groupId" id="group" class="selectpicker show-tick form-control required">
|
||||
<input class="form-control required" type="text" name="groupName" value="${_cfg.groupName}">
|
||||
<%-- <select name="groupId" id="group" class="selectpicker show-tick form-control required">
|
||||
<c:forEach items="${policyGroups }" var="policyGroup">
|
||||
<option value="${policyGroup.groupId}" groupType="${policyGroup.asnNo }" <c:if test="${_cfg.groupId==policyGroup.groupId }">selected</c:if>><spring:message code="${policyGroup.groupName}"/></option>
|
||||
</c:forEach>
|
||||
</select>
|
||||
</select> --%>
|
||||
</div>
|
||||
<div for="groupId"></div>
|
||||
</div>
|
||||
|
||||
Reference in New Issue
Block a user