修改ip spoofing配置逻辑，删除spoofing ip pool配置菜单功能，在ip spoofing策略配置功能中，自动创建ip

pool配置，ip spoofing策略审核下发与取消审核时，同时审核下发或取消ip pool配置

src/main/java/com/nis/domain/configuration/PxyObjSpoofingIpPool.java

@@ -52,6 +52,9 @@ public class PxyObjSpoofingIpPool extends BaseIpCfg{
 		this.ipAddress = ipAddress;
 	}
 	public Integer getGroupId() {
+		if(groupId==null || groupId==0){
+			groupId=cfgId.intValue();
+		}
 		return groupId;
 	}
 	public void setGroupId(Integer groupId) {

src/main/java/com/nis/web/controller/configuration/proxy/InterceptController.java

@@ -26,6 +26,7 @@ import com.nis.domain.configuration.HttpUrlCfg;
 import com.nis.domain.configuration.InterceptPktBin;
 import com.nis.domain.configuration.IpPortCfg;
 import com.nis.domain.configuration.PxyObjKeyring;
+import com.nis.domain.configuration.PxyObjSpoofingIpPool;
 import com.nis.exceptions.MaatConvertException;
 import com.nis.util.Constants;
 import com.nis.util.DictUtils;
@@ -60,9 +61,18 @@ public class InterceptController extends CommonController {
 			certificateList = pxyObjKeyringService.findPxyObjKeyrings(null, 1, 1, "domain");
 		}
 		model.addAttribute("certificateList", certificateList);
-		// IP地址仿冒策略使用策略组
+		/*if(cfg.getFunctionId().equals(214)){
-		List<PolicyGroupInfo> policyGroups = policyGroupInfoService.findPolicyGroupInfosByType(6);
+			// IP地址仿冒策略使用策略组
-		model.addAttribute("policyGroups", policyGroups);
+			//List<PolicyGroupInfo> policyGroups = policyGroupInfoService.findPolicyGroupInfosByType(6);
+			List<CfgIndexInfo> list = page.getList();
+			for(CfgIndexInfo c:list){
+				Long cfgId = Long.parseLong(c.getUserRegion2());//user_region2字段存储的为IP仿冒池的ID信息(策略组ID）
+				PxyObjSpoofingIpPool pool = pxyObjSpoofingIpPoolService.getPxyObjSpoofingIpPool(cfgId);
+				c.setUserRegion2(pool.getGroupName());//将IP仿冒池的策略组名重新赋给user_region2
+			}
+					
+//			model.addAttribute("policyGroups", policyGroups);
+		}*/
 		return "/cfg/intercept/interceptList";
 	}
 
@@ -86,8 +96,9 @@ public class InterceptController extends CommonController {
 
 		model.addAttribute("_cfg", entity);
 		// IP地址仿冒策略使用策略组
-		List<PolicyGroupInfo> policyGroups = policyGroupInfoService.findPolicyGroupInfosByType(6);
+//		List<PolicyGroupInfo> policyGroups = policyGroupInfoService.findPolicyGroupInfosByType(6);
-		model.addAttribute("policyGroups", policyGroups);
+//		List<PxyObjSpoofingIpPool> pools = pxyObjSpoofingIpPoolService.findPxyObjSpoofingIpPools(new PxyObjSpoofingIpPool());
+//		model.addAttribute("policyGroups", pools);
 
 		return "/cfg/intercept/interceptForm";
 	}

src/main/java/com/nis/web/controller/configuration/proxy/PxyObjSpoofingIpPoolController.java

@@ -89,7 +89,7 @@ public class PxyObjSpoofingIpPoolController extends BaseController  {
 			model.addAttribute("isAdd", true);
 		}
 		
-		List<PolicyGroupInfo> groups=policyGroupInfoService.findPolicyGroupInfosByType(6);
+		/*List<PolicyGroupInfo> groups=policyGroupInfoService.findPolicyGroupInfosByType(6);
 		List<PolicyGroupInfo> policyGroups = new ArrayList();
 		//解决目前一个分组只能有一个生效IP
 		for(PolicyGroupInfo group:groups){
@@ -101,7 +101,7 @@ public class PxyObjSpoofingIpPoolController extends BaseController  {
 				policyGroups.add(group);
 			}
 		}
-		model.addAttribute("policyGroups", policyGroups);
+		model.addAttribute("policyGroups", policyGroups);*/
 		model.addAttribute("_cfg", cfg);
 		return "/cfg/proxy/spoofingIpPool/form";
 	}

src/main/java/com/nis/web/dao/configuration/PxyObjSpoofingIpPoolDao.xml

@@ -138,7 +138,7 @@
    <select id="findList" resultMap="PxyObjSpoofingPoolMap" parameterType="com.nis.domain.configuration.PxyObjSpoofingIpPool">
 		SELECT
 			<include refid="PxyObjSpoofingIpPoolColumns"/>
-	    FROM pxy_obj_spoofing_ip_pool r where (r.is_valid!=-1 and r.is_audit!=3) AND r.group_id =#{groupId,jdbcType=INTEGER}
+	    FROM pxy_obj_spoofing_ip_pool r where r.is_valid=1 and r.is_audit=1
 	   	 <if test="cfgId != null">
    			AND r.CFG_ID!=#{cfgId,jdbcType=BIGINT}
    		</if>
@@ -146,7 +146,9 @@
 
 	<insert id="insert" parameterType="com.nis.domain.configuration.PxyObjSpoofingIpPool" >
     insert into pxy_obj_spoofing_ip_pool (
-     CFG_ID,
+    <selectKey resultType="java.lang.Long" order="AFTER" keyProperty="cfgId">
+    	SELECT LAST_INSERT_ID()
+    </selectKey>
      CFG_DESC,
      ACTION,
      IS_VALID,
@@ -176,7 +178,6 @@
     user_region,
     port
     )values (
-   		#{cfgId,jdbcType=VARCHAR},
    		#{cfgDesc,jdbcType=VARCHAR},
    		#{action,jdbcType=INTEGER}, 
     	0,

src/main/java/com/nis/web/service/configuration/InterceptCfgService.java

@@ -18,6 +18,7 @@ import com.nis.domain.configuration.CfgIndexInfo;
 import com.nis.domain.configuration.HttpUrlCfg;
 import com.nis.domain.configuration.InterceptPktBin;
 import com.nis.domain.configuration.IpPortCfg;
+import com.nis.domain.configuration.PxyObjSpoofingIpPool;
 import com.nis.domain.maat.MaatCfg;
 import com.nis.domain.maat.MaatCfg.NumBoundaryCfg;
 import com.nis.domain.maat.ToMaatBean;
@@ -33,6 +34,7 @@ import com.nis.util.Constants;
 import com.nis.util.StringUtil;
 import com.nis.web.dao.configuration.AreaIpCfgDao;
 import com.nis.web.dao.configuration.InterceptCfgDao;
+import com.nis.web.dao.configuration.PxyObjSpoofingIpPoolDao;
 import com.nis.web.dao.configuration.WebsiteCfgDao;
 import com.nis.web.security.UserUtils;
 import com.nis.web.service.BaseService;
@@ -51,6 +53,8 @@ public class InterceptCfgService extends CrudService<WebsiteCfgDao,CfgIndexInfo>
 	protected InterceptCfgDao interceptCfgDao;
 	@Autowired
 	protected AreaIpCfgDao areaIpCfgDao;
+	@Autowired
+	protected PxyObjSpoofingIpPoolDao pxyObjSpoofingIpPoolDao;
 	
 	public CfgIndexInfo getInterceptCfg(Long cfgId,Integer compileId){
 		CfgIndexInfo entity = websiteCfgDao.getCfgIndexInfo(cfgId,compileId);
@@ -107,20 +111,57 @@ public class InterceptCfgService extends CrudService<WebsiteCfgDao,CfgIndexInfo>
 		setAreaEffectiveIds(entity);
 		if(entity.getCfgId()==null){
 			Integer compileId = 0;
+			Integer spoofingPoolId = 0 ;
 			try {
-				List<Integer> idList = ConfigServiceUtil.getId(1, 1);
+				List<Integer> idList = new ArrayList();
-				if(idList!=null && idList.size()>0){
+				if(entity.getServiceId().equals(518)){//ip仿冒策略
+					idList= ConfigServiceUtil.getId(1, 2);
 					compileId = idList.get(0);
-			}
+					spoofingPoolId = idList.get(1);
+				}else{
+					idList= ConfigServiceUtil.getId(1, 1);
+					compileId = idList.get(0);
+				}
 			} catch (Exception e) {
 				e.printStackTrace();
 				logger.info("获取编译ID出错");
 				throw new MaatConvertException("<spring:message code=\"request_service_failed\"/>:"+e.getMessage());
 			}
+			if(entity.getServiceId().equals(518)){//ip仿冒策略
+				//保存IP仿冒池
+				PxyObjSpoofingIpPool spoofingPool = new PxyObjSpoofingIpPool();
+				spoofingPool.setIpType(4);//ipv4
+				spoofingPool.setIpAddress(entity.getUserRegion2());//仿冒IP
+				spoofingPool.setProtocol(0);
+				if("dnat".equals(entity.getUserRegion1().toLowerCase())){//spoofing server ip->dnat
+					spoofingPool.setDirection(1);
+				}else{
+					spoofingPool.setDirection(2);//spoofing client ip->snat
+				}
+				
+				spoofingPool.setPort("0");
+				spoofingPool.setUserRegion("0");
+				spoofingPool.setLocation(0);
+				spoofingPool.setServiceId(642);
+				spoofingPool.setAreaEffectiveIds("0");
+				spoofingPool.setIsAreaEffective(0);
+				spoofingPool.setCreateTime(new Date());
+				spoofingPool.setCreatorId(UserUtils.getUser().getId());
+				spoofingPool.setCompileId(spoofingPoolId);
+				spoofingPool.setAction(1);
+				spoofingPool.setFunctionId(666);
+				spoofingPool.setRequestId(0);
+				pxyObjSpoofingIpPoolDao.insert(spoofingPool);//保存仿冒IP池配置
+				
+				entity.setUserRegion3(String.valueOf(spoofingPool.getCfgId()));//将仿冒IP池配置ID作为策略组ID
+				
+			}
+			
 			entity.setCompileId(compileId);
 			entity.setCreateTime(new Date());
 			entity.setCreatorId(entity.getCurrentUser().getId());
 			websiteCfgDao.saveCfgIndex(entity);
+			
 			if(entity.getIpPortList()!=null){
 				for(IpPortCfg cfg:entity.getIpPortList()){
 					BeanUtils.copyProperties(entity, cfg,new String[]{"cfgRegionCode","cfgType"});
@@ -155,6 +196,30 @@ public class InterceptCfgService extends CrudService<WebsiteCfgDao,CfgIndexInfo>
 			
 			
 		}else{
+			if(entity.getServiceId().equals(518)){//ip仿冒策略
+				//保存IP仿冒池
+				Long cfgId = Long.parseLong(entity.getUserRegion3());
+				PxyObjSpoofingIpPool spoofingPool = pxyObjSpoofingIpPoolDao.getPxyObjSpoofingIpPool(cfgId);
+				spoofingPool.setIpType(4);//ipv4
+				spoofingPool.setIpAddress(entity.getUserRegion2());//仿冒IP
+				spoofingPool.setProtocol(0);
+				if("dnat".equals(entity.getUserRegion1())){//spoofing server ip->dnat
+					spoofingPool.setDirection(1);
+				}else{
+					spoofingPool.setDirection(2);//spoofing client ip->snat
+				}
+				
+				spoofingPool.setPort("0");
+				spoofingPool.setUserRegion("0");
+				spoofingPool.setLocation(0);
+				spoofingPool.setServiceId(642);
+				spoofingPool.setAreaEffectiveIds("0");
+				spoofingPool.setIsAreaEffective(0);
+				spoofingPool.setEditTime(new Date());
+				spoofingPool.setEditorId(UserUtils.getUser().getId());
+				pxyObjSpoofingIpPoolDao.update(spoofingPool);//保存仿冒IP池配置
+				
+			}
 			entity.setEditTime(new Date());
 			entity.setEditorId(entity.getCurrentUser().getId());
 			
@@ -220,6 +285,20 @@ public class InterceptCfgService extends CrudService<WebsiteCfgDao,CfgIndexInfo>
 			websiteCfgDao.updateCfgValid(entity);
 			//查询子配置
 			entity = this.getInterceptCfg(Long.parseLong(id),entity.getCompileId());
+			
+			//IP仿冒策略下的仿冒IP池也失效
+			if(entity.getServiceId().equals(518)){
+				PxyObjSpoofingIpPool pool = new PxyObjSpoofingIpPool();
+				if(StringUtils.isNotEmpty(entity.getUserRegion3())){
+					pool.setCfgId(Long.parseLong(entity.getUserRegion3()));
+					pool.setIsValid(isValid);
+					pool.setIsAudit(entity.getIsAudit());
+					pool.setEditTime(new Date());
+					pool.setEditorId(UserUtils.getUser().getId());
+					pxyObjSpoofingIpPoolDao.update(pool);
+				}
+			}
+			
 			if(entity.getIpPortList()!=null && entity.getIpPortList().size()>0){
 				IpPortCfg cfg = new IpPortCfg();
 				BeanUtils.copyProperties(entity, cfg, new String[]{"cfgId"});
@@ -274,6 +353,56 @@ public class InterceptCfgService extends CrudService<WebsiteCfgDao,CfgIndexInfo>
 		
 		//查询子配置并修改审核状态
 		entity = this.getInterceptCfg(entity.getCfgId(),entity.getCompileId());
+		if(entity.getServiceId().equals(518)){//IP仿冒策略
+			//仿冒IP池配置匹配下发或者取消
+			PxyObjSpoofingIpPool pool=new PxyObjSpoofingIpPool();
+			pool.setCfgId(Long.valueOf(entity.getUserRegion3()));
+			pool.setIsValid(entity.getIsValid());
+			pool.setIsAudit(isAudit);
+			pool.setAuditorId(UserUtils.getUser().getId());
+			pool.setAuditTime(new Date());
+			pxyObjSpoofingIpPoolDao.update(pool);
+			pool = pxyObjSpoofingIpPoolDao.getPxyObjSpoofingIpPool(pool.getCfgId());
+			List<PxyObjSpoofingIpPool> list = new ArrayList<PxyObjSpoofingIpPool>();
+			String json="";
+			String areaEffectiveIds="0";
+			if(entity.getIsAudit()==1){
+				pool.setAreaEffectiveIds(areaEffectiveIds);
+				pool.setGroupId(pool.getCfgId().intValue());//界面端的配置ID作为策略分组ID
+				list.add(pool);
+				//调用服务接口下发配置数据
+				json=gsonToJson(list);
+				logger.info("欺骗IP池配置下发配置参数："+json);
+				//调用服务接口下发配置
+				try {
+					ToMaatResult result = ConfigServiceUtil.postCallbackCfg(json);
+					if(result!=null){
+						logger.info("欺骗IP池配置下发响应信息："+result.getMsg());
+					}
+				} catch (Exception e) {
+					logger.error("欺骗IP池配置配置下发失败",e);
+					throw e;
+				}
+			}else if(entity.getIsAudit()==3){
+				PxyObjSpoofingIpPool cfg = new PxyObjSpoofingIpPool();
+				cfg.setIsValid(0);
+				cfg.setCompileId(pool.getCompileId());
+				cfg.setServiceId(pool.getServiceId());
+				list.add(cfg);
+				//调用服务接口取消配置
+				json=gsonToJson(list);
+				logger.info("欺骗IP池配置配置参数："+json);
+				//调用服务接口取消配置
+				try {
+					ToMaatResult result = ConfigServiceUtil.put(json, 2);
+					logger.info("欺骗IP池配置响应信息："+result.getMsg());
+				} catch (Exception e) {
+					e.printStackTrace();
+					logger.info("欺骗IP池配置配置失败");
+					throw e;
+				}
+			}
+		}
 		if(entity.getIpPortList()!=null && entity.getIpPortList().size()>0){
 			IpPortCfg cfg = new IpPortCfg();
 			BeanUtils.copyProperties(entity, cfg, new String[]{"cfgId"});
@@ -398,7 +527,7 @@ public class InterceptCfgService extends CrudService<WebsiteCfgDao,CfgIndexInfo>
 			if(entity.getAction().equals(48)){
 					//HTTP replace： replace type is not null ;find is not null;replace with is not null(userRegion is not null)
 					userRegion="nat_type="+entity.getUserRegion1();
-					userRegion+=";spoofing_ip_pool="+entity.getUserRegion2();
+					userRegion+=";spoofing_ip_pool="+entity.getUserRegion3();
 					maatCfg.setUserRegion(userRegion);
 			}
 			

src/main/java/com/nis/web/service/configuration/PxyObjSpoofingIpPoolService.java

@@ -165,6 +165,7 @@ public class PxyObjSpoofingIpPoolService extends BaseService{
 				areaEffectiveIds = this.setEffectiveRange(entity.getAreaEffectiveIds());
 			}
 			entity.setAreaEffectiveIds(areaEffectiveIds);
+			entity.setGroupId(entity.getCfgId().intValue());//界面的配置ID作为策略分组ID
 			list.add(entity);
 			//调用服务接口下发配置数据
 			json=gsonToJson(list);

src/main/webapp/WEB-INF/views/cfg/intercept/interceptForm.jsp

@@ -696,7 +696,7 @@
 											<div class="col-md-6">
 												<div class="form-group">
 													<label class="control-label col-md-3"><font color="red">*</font>
-															<spring:message code="Spoofing" />
+															<spring:message code="spoofing" />
 													</label>
 													<div class="col-md-6">
 														<select name="userRegion1"
@@ -714,12 +714,14 @@
 													<label class="control-label col-md-3"><font color="red">*</font>
 														<spring:message code="With" /></label>
 													<div class="col-md-6">
-														<select name="userRegion2" class="selectpicker show-tick form-control required">
+														<input class="form-control required ip" type="text" name="userRegion2" value="${_cfg.userRegion2}">
+														<input class="form-control" type="hidden" name="userRegion3" value="${_cfg.userRegion3}">
+														<%-- <select name="userRegion2" class="selectpicker show-tick form-control required">
 										            		<option value="" ><spring:message code="select"/></option>
 							               					<c:forEach items="${policyGroups }" var="policyGroup">
-																<option value="${policyGroup.groupId}" <c:if test="${_cfg.userRegion2==policyGroup.groupId }">selected</c:if>><spring:message code="${policyGroup.groupName}"/></option>
+																<option value="${policyGroup.cfgId}" <c:if test="${_cfg.userRegion2==policyGroup.cfgId }">selected</c:if>><spring:message code="${policyGroup.groupName}"/></option>
 									              			</c:forEach>
-										                </select>
+										                </select> --%>
 													</div>
 													<div for="userRegion2"></div>
 												</div>

src/main/webapp/WEB-INF/views/cfg/intercept/interceptList.jsp

@@ -397,7 +397,7 @@
 							    		<th column="userregion3" ><spring:message code="replace_content"/></th>
 							    	</c:if>
 							    	<c:if test="${cfg.functionId eq 214 }">
-							    		<th column="userregion1" ><spring:message code="Spoofing"/></th>
+							    		<th column="userregion1" ><spring:message code="spoofing"/></th>
 							    		<th column="userregion2" ><spring:message code="With"/></th>
 							    	</c:if>
 							    	<c:if test="${cfg.functionId eq 201 }">
@@ -437,7 +437,7 @@
 											<spring:message code="bypass"/>
 										</c:if>
 										<c:if test="${indexCfg.action eq 48}">
-											<spring:message code="Spoofing"/>
+											<spring:message code="spoofing"/>
 										</c:if>
 										<c:if test="${(indexCfg.action ne 1) && (indexCfg.action ne 128) && (indexCfg.action ne 48)}">
 											<c:forEach items="${fns:getDictList('SERVICE_ACTION') }" var="dict">
@@ -511,11 +511,12 @@
 											</c:forEach>
 									    </td>
 									    <td>
-									    	<c:forEach items="${policyGroups}" var="policyGroup">
+									    	${indexCfg.userRegion2 }
+									    	<%-- <c:forEach items="${policyGroups}" var="policyGroup">
 												<c:if test="${indexCfg.userRegion2==policyGroup.groupId}">
 													${policyGroup.groupName }
 												</c:if>
-											</c:forEach>
+											</c:forEach> --%>
 									    </td>
 									</c:if>
 									<c:if test="${cfg.functionId eq 201 }">

src/main/webapp/WEB-INF/views/cfg/proxy/spoofingIpPool/form.jsp

@@ -89,11 +89,12 @@ $(function(){
 								        <div class="form-group">
 								            <label class="control-label col-md-3"><font color="red">*</font><spring:message code="group"/></label>
 								            <div class="col-md-6">
-								            	<select name="groupId" id="group" class="selectpicker show-tick form-control required">
+								            	<input class="form-control required" type="text" name="groupName" value="${_cfg.groupName}">
+								            	<%-- <select name="groupId" id="group" class="selectpicker show-tick form-control required">
 					               					<c:forEach items="${policyGroups }" var="policyGroup">
 														<option value="${policyGroup.groupId}" groupType="${policyGroup.asnNo }" <c:if test="${_cfg.groupId==policyGroup.groupId }">selected</c:if>><spring:message code="${policyGroup.groupName}"/></option>
 							              			</c:forEach>
-								                </select>
+								                </select> --%>
 								            </div>
 								             <div for="groupId"></div>
 								        </div>