From 974486b7f9c19279d8cd6f9310291d7975c6ebde Mon Sep 17 00:00:00 2001 From: DuanDongmei Date: Wed, 28 Nov 2018 18:00:53 +0800 Subject: [PATCH 1/8] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E4=B8=AD=E6=96=87?= =?UTF-8?q?=E5=9B=BD=E9=99=85=E5=8C=96=E7=BC=BA=E5=B0=91=E7=9A=84code?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/main/resources/messages/message_zh_CN.properties | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/main/resources/messages/message_zh_CN.properties b/src/main/resources/messages/message_zh_CN.properties index 477054eee..a597aea66 100644 --- a/src/main/resources/messages/message_zh_CN.properties +++ b/src/main/resources/messages/message_zh_CN.properties @@ -1228,6 +1228,8 @@ source_compile_id=\u914D\u7F6E\u6765\u6E90 most_keywords=%s\u6700\u591A\u5305\u542B1024\u4E2A\u5B57\u7B26 hex_case_insensitive=16\u8FDB\u5236\u7684\u503C\u5927\u5C0F\u5199\u4E0D\u654F\u611F default_request=\u9ED8\u8BA4\u51FD +default_value=\u9ED8\u8BA4\u503C +intercept=\u62E6\u622A unkown_error=\u672A\u77E5\u9519\u8BEF\u4FE1\u606F exception_info=\u5F02\u5E38\u4FE1\u606F no_tc_udp_port_comment_tip=Port must be 0 @@ -1326,4 +1328,8 @@ outgoing_broadcast_total_size=\u8F93\u51FA\u5E7F\u64AD\u603B\u5927\u5C0F incoming_unicast_packets=\u8F93\u5165\u5355\u5305 incoming_unicast_total_size=\u8F93\u5165\u5355\u64AD\u603B\u5927\u5C0F incoming_broadcast_packets=\u8F93\u5165\u5E7F\u64AD\u6570\u636E\u5305 -incoming_broadcast_total_size=\u8F93\u5165\u5E7F\u64AD\u603B\u5927\u5C0F \ No newline at end of file +incoming_broadcast_total_size=\u8F93\u5165\u5E7F\u64AD\u603B\u5927\u5C0F +address_pool=\u5730\u5740\u6C60 +ip_total=IP\u603B\u6570 +available_ip_total=\u53EF\u7528IP\u6570 +address_pool_id=\u5730\u5740\u6C60ID \ No newline at end of file From 2c1fa458dcef70c93d75b25905db090c7b9566c2 Mon Sep 17 00:00:00 2001 From: DuanDongmei Date: Thu, 29 Nov 2018 09:24:29 +0800 Subject: [PATCH 2/8] =?UTF-8?q?=E6=97=A0=E5=8F=98=E5=8C=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../web/controller/configuration/ntc/IpController.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/main/java/com/nis/web/controller/configuration/ntc/IpController.java b/src/main/java/com/nis/web/controller/configuration/ntc/IpController.java index 0da999180..3c07fccb7 100644 --- a/src/main/java/com/nis/web/controller/configuration/ntc/IpController.java +++ b/src/main/java/com/nis/web/controller/configuration/ntc/IpController.java @@ -73,7 +73,7 @@ public class IpController extends BaseController{ @RequiresPermissions(value={"iplist:config"}) public String form(Model model,String ids,CfgIndexInfo entity) { if(StringUtils.isNotBlank(ids)){ - entity = ipCfgService.getIpPortCfg(Long.parseLong(ids)); + entity = ipCfgService.getIpPortCfg(Long.parseLong(ids),entity.getCompileId()); initUpdateFormCondition(model,entity); }else{ initFormCondition(model,entity); @@ -89,8 +89,8 @@ public class IpController extends BaseController{ return "redirect:" + adminPath +"/ntc/iplist/list?functionId="+entity.getFunctionId(); } @RequestMapping(value = {"ajaxSubList"}) - public String ajaxIpPortSubList(Model model,Long cfgId,Integer index) { - CfgIndexInfo cfg = ipCfgService.getIpPortCfg(cfgId); + public String ajaxIpPortSubList(Model model,Long cfgId,Integer index,Integer compileId) { + CfgIndexInfo cfg = ipCfgService.getIpPortCfg(cfgId,compileId); /*List regionList = DictUtils.getFunctionRegionDictList(cfg.getFunctionId()); model.addAttribute("regionList", regionList);*/ List tabList = new ArrayList(); @@ -133,7 +133,7 @@ public class IpController extends BaseController{ CfgIndexInfo entity = new CfgIndexInfo(); String[] idArray = ids.split(","); for(String id :idArray){ - entity = ipCfgService.getIpPortCfg(Long.parseLong(id)); + entity = ipCfgService.getIpPortCfg(Long.parseLong(id),entity.getCompileId()); entity.setIsAudit(isAudit); entity.setIsValid(isValid); entity.setAuditorId(UserUtils.getUser().getId()); From 8f9f1004695f604ef3f22f36bec2e9d6b595ed13 Mon Sep 17 00:00:00 2001 From: DuanDongmei Date: Thu, 29 Nov 2018 09:31:36 +0800 Subject: [PATCH 3/8] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E6=89=B9=E9=87=8F?= =?UTF-8?q?=E4=B8=8B=E5=8F=91=E6=95=B0=E6=8D=AE=E5=BA=93=E7=8A=B6=E6=80=81?= =?UTF-8?q?=E5=8F=98=E6=9B=B4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../ConfigSynchronizationService.java | 870 +++++++++++++++++- 1 file changed, 830 insertions(+), 40 deletions(-) diff --git a/src/main/java/com/nis/web/service/configuration/ConfigSynchronizationService.java b/src/main/java/com/nis/web/service/configuration/ConfigSynchronizationService.java index a6cf1f8b5..ec81e2d1b 100644 --- a/src/main/java/com/nis/web/service/configuration/ConfigSynchronizationService.java +++ b/src/main/java/com/nis/web/service/configuration/ConfigSynchronizationService.java @@ -23,9 +23,11 @@ import com.google.common.collect.Lists; import com.nis.domain.FunctionServiceDict; import com.nis.domain.Page; import com.nis.domain.basics.AsnIpCfg; +import com.nis.domain.configuration.AppFeatureIndex; import com.nis.domain.configuration.AppPolicyCfg; import com.nis.domain.configuration.AvFileSampleCfg; import com.nis.domain.configuration.BaseCfg; +import com.nis.domain.configuration.BaseIpCfg; import com.nis.domain.configuration.BaseStringCfg; import com.nis.domain.configuration.CfgIndexInfo; import com.nis.domain.configuration.ComplexkeywordCfg; @@ -51,6 +53,7 @@ import com.nis.util.DateUtils; import com.nis.util.DictUtils; import com.nis.util.ServiceConfigTemplateUtil; import com.nis.util.StringUtil; +import com.nis.web.dao.configuration.CommonPolicyDao; import com.nis.web.dao.configuration.ConfigSynchronizationDao; import com.nis.web.security.UserUtils; import com.nis.web.service.BaseService; @@ -64,6 +67,8 @@ import com.nis.web.service.BaseService; public class ConfigSynchronizationService extends BaseService{ @Autowired protected ConfigSynchronizationDao configSynchronizationDao; + @Autowired + protected CommonPolicyDao commonPolicyDao; /** * 配置全量更新下发 @@ -92,13 +97,26 @@ public class ConfigSynchronizationService extends BaseService{ if("1".equals(serviceType)){//maat类配置 List> cfgList = (List>) service.get("cfgList"); List> userRegionList = (List>) service.get("userRegionList"); - if("cfg_index_info".equals(tableName)){ + if(cfgList.size()>0){ + Page page=new Page(request,response,Constants.MAAT_JSON_SEND_SIZE,"a"); + handleNtcMaatData(cfgList,userRegionList,page,entity,request,response,false,tableName); + }else{ + int cfgType = Integer.parseInt(service.get("cfgType").toString()); + if("ddos_ip_cfg".equals(tableName)){ + Page page=new Page(request,response,Constants.MAAT_JSON_SEND_SIZE,"a"); + handleDdosMaatData(cfgList,userRegionList,page,entity,request,response,false); + }else{ + Page page=new Page(request,response,Constants.MAAT_JSON_SEND_SIZE,"a"); + handleSingleMaatData(cfgType,userRegionList,page,entity,request,response,false); + } + } + /*if("cfg_index_info".equals(tableName)){ Page page=new Page(request,response,Constants.MAAT_JSON_SEND_SIZE,"a"); handleNtcMaatData(cfgList,userRegionList,page,entity,request,response,false); }else if("ddos_ip_cfg".equals(tableName)){ Page page=new Page(request,response,Constants.MAAT_JSON_SEND_SIZE,"a"); handleDdosMaatData(cfgList,userRegionList,page,entity,request,response,false); - } + }*/ }else if("2".equals(serviceType)){//回调类配置 entity.setTableName(tableName); entity.setServiceId(Integer.valueOf(serviceId)); @@ -127,21 +145,48 @@ public class ConfigSynchronizationService extends BaseService{ * @throws IllegalArgumentException */ public void handleNtcMaatData(List>cfgList,List>userRegionList, - Page page,BaseCfg entity,HttpServletRequest request,HttpServletResponse response, - boolean isUpdateCfg) throws NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException{ + Page page,BaseCfg entity,HttpServletRequest request,HttpServletResponse response, + boolean isUpdateCfg,String tableName) throws NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException{ boolean hasData = true; while(hasData){ entity.setPage(page); - List list = configSynchronizationDao.getCfgIndexList(entity); - if(!StringUtil.isEmpty(list)){ - hasData=auditNtcMaatData(cfgList,userRegionList,page,entity,list,hasData,isUpdateCfg); - if(hasData) { - page.setPageNo(page.getNext()); + List list = Lists.newArrayList(); + if("cfg_index_info".equals(tableName)){ + list = configSynchronizationDao.getCfgIndexList(entity); + if(!StringUtil.isEmpty(list)){ + hasData=auditNtcMaatData(cfgList,userRegionList,page,entity,list,hasData,isUpdateCfg); + if(hasData) { + page.setPageNo(page.getNext()); + } + }else{ + hasData = false; + } + }else if("app_policy_cfg".equals(tableName)){ + list = configSynchronizationDao.getAppPolicyList(entity); + if(!StringUtil.isEmpty(list)){ + hasData=auditAppPolicyData(cfgList,userRegionList,page,entity,list,hasData,isUpdateCfg); + if(hasData) { + page.setPageNo(page.getNext()); + } + }else{ + hasData = false; + } + }else if("app_feature_index".equals(tableName)){ + list = configSynchronizationDao.getAppFeatureIndexList(entity); + if(!StringUtil.isEmpty(list)){ + hasData=auditAppFeatureData(cfgList,userRegionList,page,entity,list,hasData,isUpdateCfg); + if(hasData) { + page.setPageNo(page.getNext()); + } + }else{ + hasData = false; } }else{ + logger.info("全量同步未知业务"); hasData = false; } + } } /** @@ -192,6 +237,9 @@ public class ConfigSynchronizationService extends BaseService{ asnGroupIds.add(cfg.getUserRegion4()); } } + if(isUpdateCfg) { + auditBatch(compileIds, entity.getTableName(), entity); + } if(cfgList!=null){ for(Map m:cfgList){ String tableName = m.get("tableName").toString(); @@ -212,6 +260,16 @@ public class ConfigSynchronizationService extends BaseService{ }else if("5".equals(m.get("cfgType"))){ fileList.addAll(configSynchronizationDao.getFileDigestList(tableName, compileIds)); } + + if(isUpdateCfg) { + if(tableName.equals("asn_ip_cfg")){ + if(!StringUtil.isEmpty(asnGroupIds)) { + auditBatch(asnGroupIds, tableName, entity); + } + }else{ + auditBatch(compileIds, tableName, entity); + } + } } } //批量获取regionId,groupId(相同编译下的IP类配置多条ip只获取一个组号),分组复用的域配置不需要重新获取regionId,groupId @@ -284,12 +342,12 @@ public class ConfigSynchronizationService extends BaseService{ for(int index=0;index> cfgList, + List> userRegionList, + Page page, + BaseCfg entity, + List list, + boolean hasData, + boolean isUpdateCfg)throws NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException{ + ToMaatBean maatBean; + MaatCfg maatCfg; + List configCompileList; + List groupRelationList; + List ipRegionList; + List strRegionList; + List numRegionList; + List digestRegionList; + List areaIpRegionList; + + List ipList = new ArrayList(); + List strList = new ArrayList(); + List complexStrList = new ArrayList(); + List numList = new ArrayList(); + List fileList = new ArrayList(); + maatBean = new ToMaatBean(); + configCompileList = new ArrayList(); + List compileIds = new ArrayList(); + List asnGroupIds = new ArrayList(); + for(AppPolicyCfg cfg:list){ + compileIds.add(cfg.getCompileId()); + } + if(cfgList!=null){ + for(Map m:cfgList){ + String tableName = m.get("tableName").toString(); + if("1".equals(m.get("cfgType"))){ + ipList.addAll(configSynchronizationDao.getIpPortList(tableName, compileIds)); + }else if("2".equals(m.get("cfgType"))){ + strList.addAll(configSynchronizationDao.getStrList(tableName,compileIds)); + }else if("3".equals(m.get("cfgType"))){ + complexStrList.addAll(configSynchronizationDao.getComplexStrList(tableName,compileIds)); + }else if("4".equals(m.get("cfgType"))){ + + }else if("5".equals(m.get("cfgType"))){ + fileList.addAll(configSynchronizationDao.getFileDigestList(tableName, compileIds)); + } + } + } + //批量获取regionId,groupId(相同编译下的IP类配置多条ip只获取一个组号),compileIds.size()表示app策略本身有一个字符串域 + List regionIds = ConfigServiceUtil.getId(3, ipList.size()+strList.size()+compileIds.size()+complexStrList.size()+numList.size()+fileList.size()); + List groupIds = ConfigServiceUtil.getId(2, strList.size()+compileIds.size()+complexStrList.size()+numList.size()+fileList.size()); + for(AppPolicyCfg cfg:list){ + maatCfg = new MaatCfg(); + maatCfg.initDefaultValue(); + groupRelationList = new ArrayList(); + ipRegionList = new ArrayList(); + strRegionList = new ArrayList(); + numRegionList = new ArrayList(); + digestRegionList = new ArrayList(); + areaIpRegionList = new ArrayList(); + List list1 = new ArrayList(); + List list2 = new ArrayList(); + List list3 = new ArrayList(); + List list4 = new ArrayList(); + List list5 = new ArrayList(); + String userRegion = ""; + //处理自定义域 + if(userRegionList!=null){ + for(Map n:userRegionList){ + Object userRegionPosition = n.get("userRegionPosition"); + if(userRegionPosition!=null && (userRegionPosition.toString().equals("1")||userRegionPosition.toString().equals("0"))){ + //通过反射机制获取自定义域字段值 + String regionColumn = n.get("regionColumn").toString(); + Class aClass = null; + if(userRegionPosition.toString().equals(("0"))){ + aClass = BaseCfg.class; + }else{ + aClass = AppPolicyCfg.class; + } + Object value = ""; + Field field = aClass.getDeclaredField(regionColumn); + field.setAccessible(true); + value = field.get(cfg); + if(!StringUtil.isEmpty(value)){ + if(StringUtil.isEmpty(n.get("regionKey"))){ + userRegion = value.toString(); + }else{ + userRegion += n.get("regionKey")+"="+value+Constants.USER_REGION_SPLIT; + } + } + } + } + if(userRegion.endsWith(Constants.USER_REGION_SPLIT)){ + userRegion = userRegion.substring(0, userRegion.length()-1); + } + } + //将app码与行为码设置为字符串域 + StringBuffer cfgKeywords = new StringBuffer(); + BaseStringCfg strCfg = new BaseStringCfg(); + if(cfg.getServiceId().equals(35)||cfg.getServiceId().equals(147)||cfg.getServiceId().equals(1059)){//基础协议 + cfgKeywords.append(Constants.PROTO_ID_REGION + "=" + cfg.getAppCode()); + }else if(cfg.getServiceId().equals(33)||cfg.getServiceId().equals(145)||cfg.getServiceId().equals(1056)){ + cfgKeywords.append(Constants.APP_ID_REGION + "=" + cfg.getAppCode()); + if(cfg.getBehavCode()!=null){ + cfgKeywords.append(Constants.KEYWORD_EXPR); + cfgKeywords.append(Constants.BEHAV_ID_REGION + "=" + cfg.getBehavCode()); + } + }else if(cfg.getServiceId().equals(36)||cfg.getServiceId().equals(148)||cfg.getServiceId().equals(1060)){//隧道加密协议 + cfgKeywords.append(Constants.PROTO_ID_REGION + "=" + cfg.getAppCode()); + if(cfg.getBehavCode()!=null){ + cfgKeywords.append(Constants.KEYWORD_EXPR); + cfgKeywords.append(Constants.BEHAV_ID_REGION + "=" + cfg.getBehavCode()); + } + } + cfg.setCfgKeywords(cfgKeywords.toString()); + BeanUtils.copyProperties(cfg, strCfg); + strList.add(strCfg); + + + if(ipList.size()>0){ + List ipGroupId = ConfigServiceUtil.getId(2,1);//多条IP只获取一个groupId + for(int index=0;index0){ + ipList.removeAll(list1); + Map map = cfgToMaatConvert(ipRegionList,list1,1,groupRelationList); + groupRelationList=map.get("groupList"); + ipRegionList=map.get("dstList"); + if(map.get("numRegionList")!=null){ + numRegionList.addAll(map.get("numRegionList")); + } + } + if(list2.size()>0){ + strList.removeAll(list2); + Map map = cfgToMaatConvert(strRegionList,list2,2,groupRelationList); + groupRelationList=map.get("groupList"); + strRegionList=map.get("dstList"); + } + + if(list3.size()>0){ + complexStrList.removeAll(list3); + Map map = cfgToMaatConvert(strRegionList,list3,3,groupRelationList); + groupRelationList=map.get("groupList"); + strRegionList=map.get("dstList"); + } + if(list4.size()>0){ + numList.removeAll(list4); + Map map = cfgToMaatConvert(numRegionList,list4,4,groupRelationList); + groupRelationList=map.get("groupList"); + numRegionList=map.get("dstList"); + } + if(list5.size()>0){ + fileList.removeAll(list5); + Map map = cfgToMaatConvert(digestRegionList,list5,5,groupRelationList); + groupRelationList=map.get("groupList"); + digestRegionList=map.get("dstList"); + } + + BeanUtils.copyProperties(cfg, maatCfg); + maatCfg.setAction(cfg.getAction()); + maatCfg.setAuditTime(StringUtil.isEmpty(cfg.getAuditTime()) ? new Date():cfg.getAuditTime()); + maatCfg.setIpRegionList(ipRegionList); + maatCfg.setStrRegionList(strRegionList); + maatCfg.setNumRegionList(numRegionList); + maatCfg.setDigestRegionList(digestRegionList); + maatCfg.setGroupRelationList(groupRelationList); + maatCfg.setGroupNum(groupRelationList.size()); + maatCfg.setAreaIpRegionList(areaIpRegionList); + maatCfg.setIsValid(entity.getIsValid()); + maatCfg.setAuditTime(new Date()); + if(!StringUtil.isEmpty(userRegion)){ + maatCfg.setUserRegion(userRegion); + } + configCompileList.add(maatCfg); + } + page.setList(list); + if(page.isLastPage()){ + hasData = false; + } + if(!StringUtil.isEmpty(configCompileList.size())){ + maatBean.setConfigCompileList(configCompileList); + maatBean.setAuditTime(new Date()); + maatBean.setCreatorName(UserUtils.getUser().getName()); + maatBean.setVersion(Constants.MAAT_VERSION); + maatBean.setOpAction(Constants.INSERT_ACTION); + String json=gsonToJson(maatBean); + //调用服务接口下发配置数据 + if(isUpdateCfg) { + logger.info("配置批量下发:"+json); + //调用服务接口同步回调类配置 + ToMaatResult result = ConfigServiceUtil.postMaatCfg(json); + if(result!=null){ + logger.info("配置批量下发响应信息:"+result.getMsg()); + } + }else { + //调用服务接口配置全量更新 +// JSONObject result = ConfigServiceUtil.configSync(json,1,entity.getServiceId(),null,(hasData?null:"FINISHED")); + } + } + return hasData; + } + /** + * APP特征批量下发 + * @param cfgList + * @param userRegionList + * @param page + * @param entity + * @param list + * @param hasData + * @param isUpdateCfg 业务配置全部生效时需同步更新库表配置状态 + * @return + * @throws NoSuchFieldException + * @throws SecurityException + * @throws IllegalArgumentException + * @throws IllegalAccessException + */ + public boolean auditAppFeatureData(List> cfgList, + List> userRegionList, + Page page, + BaseCfg entity, + List list, + boolean hasData, + boolean isUpdateCfg)throws NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException{ + ToMaatBean maatBean; + MaatCfg maatCfg; + List configCompileList; + List groupRelationList; + List ipRegionList; + List strRegionList; + List numRegionList; + List digestRegionList; + List areaIpRegionList; + + List ipList = new ArrayList(); + List strList = new ArrayList(); + List complexStrList = new ArrayList(); + List numList = new ArrayList(); + List fileList = new ArrayList(); + maatBean = new ToMaatBean(); + configCompileList = new ArrayList(); + List compileIds = new ArrayList(); + List asnGroupIds = new ArrayList(); + for(AppFeatureIndex cfg:list){ + compileIds.add(cfg.getCompileId()); + if(entity.getServiceId().equals(37)||entity.getServiceId().equals(149)){ + asnGroupIds.add(cfg.getUserRegion4()); + } + } + if(cfgList!=null){ + for(Map m:cfgList){ + String tableName = m.get("tableName").toString(); + if("1".equals(m.get("cfgType"))){ + ipList.addAll(configSynchronizationDao.getAppIpPortList(tableName, compileIds)); + }else if("2".equals(m.get("cfgType"))){ + strList.addAll(configSynchronizationDao.getStrList(tableName,compileIds)); + }else if("3".equals(m.get("cfgType"))){ + complexStrList.addAll(configSynchronizationDao.getComplexStrList(tableName,compileIds)); + }else if("4".equals(m.get("cfgType"))){ + + }else if("5".equals(m.get("cfgType"))){ + fileList.addAll(configSynchronizationDao.getFileDigestList(tableName, compileIds)); + } + } + } + //批量获取regionId,groupId(相同编译下的IP类配置多条ip只获取一个组号),分组复用的域配置不需要重新获取regionId,groupId + List regionIds = ConfigServiceUtil.getId(3, ipList.size()+strList.size()+complexStrList.size()+numList.size()+fileList.size()); + List groupIds = ConfigServiceUtil.getId(2, strList.size()+complexStrList.size()+numList.size()+fileList.size()); + for(AppFeatureIndex cfg:list){ + maatCfg = new MaatCfg(); + maatCfg.initDefaultValue(); + groupRelationList = new ArrayList(); + ipRegionList = new ArrayList(); + strRegionList = new ArrayList(); + numRegionList = new ArrayList(); + digestRegionList = new ArrayList(); + areaIpRegionList = new ArrayList(); + List list1 = new ArrayList(); + List list2 = new ArrayList(); + List list3 = new ArrayList(); + List list4 = new ArrayList(); + List list5 = new ArrayList(); + String userRegion = ""; + //处理自定义域 + if(userRegionList!=null){ + for(Map n:userRegionList){ + Object userRegionPosition = n.get("userRegionPosition"); + if(userRegionPosition!=null && (userRegionPosition.toString().equals("1")||userRegionPosition.toString().equals("0"))){ + //通过反射机制获取自定义域字段值 + String regionColumn = n.get("regionColumn").toString(); + Class aClass = null; + if(userRegionPosition.toString().equals(("0"))){ + aClass = BaseCfg.class; + }else{ + aClass = AppFeatureIndex.class; + } + Object value = ""; + Field field = aClass.getDeclaredField(regionColumn); + field.setAccessible(true); + value = field.get(cfg); + if(!StringUtil.isEmpty(value)){ + if(StringUtil.isEmpty(n.get("regionKey"))){ + userRegion = value.toString(); + }else{ + userRegion += n.get("regionKey")+"="+value+Constants.USER_REGION_SPLIT; + } + } + } + } + if(userRegion.endsWith(Constants.USER_REGION_SPLIT)){ + userRegion = userRegion.substring(0, userRegion.length()-1); + } + } + if(ipList.size()>0){ + List ipGroupId = ConfigServiceUtil.getId(2,1);//多条IP只获取一个groupId + for(int index=0;index0){ + ipList.removeAll(list1); + Map map = cfgToMaatConvert(ipRegionList,list1,1,groupRelationList); + groupRelationList=map.get("groupList"); + ipRegionList=map.get("dstList"); + if(map.get("numRegionList")!=null){ + numRegionList.addAll(map.get("numRegionList")); + } + } + if(list2.size()>0){ + strList.removeAll(list2); + Map map = cfgToMaatConvert(strRegionList,list2,2,groupRelationList); + groupRelationList=map.get("groupList"); + strRegionList=map.get("dstList"); + } + if(list3.size()>0){ + complexStrList.removeAll(list3); + Map map = cfgToMaatConvert(strRegionList,list3,3,groupRelationList); + groupRelationList=map.get("groupList"); + strRegionList=map.get("dstList"); + } + if(list4.size()>0){ + numList.removeAll(list4); + Map map = cfgToMaatConvert(numRegionList,list4,4,groupRelationList); + groupRelationList=map.get("groupList"); + numRegionList=map.get("dstList"); + } + if(list5.size()>0){ + fileList.removeAll(list5); + Map map = cfgToMaatConvert(digestRegionList,list5,5,groupRelationList); + groupRelationList=map.get("groupList"); + digestRegionList=map.get("dstList"); + } + + BeanUtils.copyProperties(cfg, maatCfg); + maatCfg.setAction(cfg.getAction()); + maatCfg.setAuditTime(StringUtil.isEmpty(cfg.getAuditTime()) ? new Date():cfg.getAuditTime()); + maatCfg.setIpRegionList(ipRegionList); + maatCfg.setStrRegionList(strRegionList); + maatCfg.setNumRegionList(numRegionList); + maatCfg.setDigestRegionList(digestRegionList); + maatCfg.setGroupRelationList(groupRelationList); + maatCfg.setGroupNum(groupRelationList.size()); + maatCfg.setAreaIpRegionList(areaIpRegionList); + maatCfg.setIsValid(entity.getIsValid()); + maatCfg.setAuditTime(new Date()); + if(!StringUtil.isEmpty(userRegion)){ + maatCfg.setUserRegion(userRegion); + } + configCompileList.add(maatCfg); + } + page.setList(list); + if(page.isLastPage()){ + hasData = false; + } + if(!StringUtil.isEmpty(configCompileList.size())){ + maatBean.setConfigCompileList(configCompileList); + maatBean.setAuditTime(new Date()); + maatBean.setCreatorName(UserUtils.getUser().getName()); + maatBean.setVersion(Constants.MAAT_VERSION); + maatBean.setOpAction(Constants.INSERT_ACTION); + String json=gsonToJson(maatBean); + //调用服务接口下发配置数据 + if(isUpdateCfg) { + logger.info("配置批量下发:"+json); + //调用服务接口同步回调类配置 + ToMaatResult result = ConfigServiceUtil.postMaatCfg(json); + if(result!=null){ + logger.info("配置批量下发响应信息:"+result.getMsg()); + } + }else { + //调用服务接口配置全量更新 +// JSONObject result = ConfigServiceUtil.configSync(json,1,entity.getServiceId(),null,(hasData?null:"FINISHED")); + } + } + return hasData; + } /** * 处理ddos配置 * @param serviceId @@ -488,7 +1077,42 @@ public class ConfigSynchronizationService extends BaseService{ } } } - + /** + * 处理单域maat配置 + * @param serviceId + * @param request + * @param response + * @throws SecurityException + * @throws NoSuchFieldException + * @throws IllegalAccessException + * @throws IllegalArgumentException + */ + public void handleSingleMaatData(int cfgType,List>userRegionList, + Page page,BaseCfg entity,HttpServletRequest request,HttpServletResponse response, + boolean isUpdateCfg) throws NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException{ + + boolean hasData = true; + while(hasData){ + entity.setPage(page); + List list = Lists.newArrayList(); + if(cfgType==1){ + list = configSynchronizationDao.getIpPortListByService(entity); + }else if(cfgType==2){ + list = configSynchronizationDao.getStrListByService(entity); + }else if(cfgType==3){ + list = configSynchronizationDao.getComplexStrListByService(entity); + } + if(!StringUtil.isEmpty(list)){ + hasData=auditSingleMaatData(cfgType,userRegionList, + page,entity,list,hasData,isUpdateCfg); + if(hasData) { + page.setPageNo(page.getNext()); + } + }else{ + hasData = false; + } + } + } /** * ddos配置批量下发 * @param cfgList @@ -627,6 +1251,161 @@ public class ConfigSynchronizationService extends BaseService{ } return hasData; } + /** + * 单域配置批量下发 + * @param cfgList + * @param userRegionList + * @param page + * @param entity + * @param list + * @param hasData + * @param isUpdateCfg 业务配置全部生效时需同步更新库表配置状态 + * @return + * @throws NoSuchFieldException + * @throws SecurityException + * @throws IllegalArgumentException + * @throws IllegalAccessException + */ + public boolean auditSingleMaatData(int cfgType, + List>userRegionList, + Page page, + BaseCfg entity, + List list, + boolean hasData, + boolean isUpdateCfg) throws NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException{ + ToMaatBean maatBean; + MaatCfg maatCfg; + List configCompileList; + List groupRelationList; + List ipRegionList; + List strRegionList; + List numRegionList; + List digestRegionList; + List areaIpRegionList; + + + List ipList = new ArrayList(); + maatBean = new ToMaatBean(); + configCompileList = new ArrayList(); + //批量获取regionId,groupId + List regionIds = ConfigServiceUtil.getId(3, list.size()); + List groupIds = ConfigServiceUtil.getId(2, list.size()); + IpPortCfg ipCfg = null; + BaseStringCfg strCfg = null; + ComplexkeywordCfg complexStr = null; + for(int i=0;i n:userRegionList){ + Object userRegionPosition = n.get("userRegionPosition"); + if(userRegionPosition!=null && (userRegionPosition.toString().equals("1")||userRegionPosition.toString().equals("0"))){ + //通过反射机制获取自定义域字段值 + String regionColumn = n.get("regionColumn").toString(); + Class aClass = null; + if(userRegionPosition.toString().equals(("0"))){ + aClass = BaseCfg.class; + }else{ + if(cfgType==1){ + aClass = IpPortCfg.class; + }else if(cfgType==2){ + aClass = BaseStringCfg.class; + }else if(cfgType==3){ + aClass = ComplexkeywordCfg.class; + } + + } + Object value = ""; + Field field = aClass.getDeclaredField(regionColumn); + field.setAccessible(true); + value = field.get(cfg); + if(!StringUtil.isEmpty(value)){ + if(StringUtil.isEmpty(n.get("regionKey"))){ + userRegion = value.toString(); + }else{ + userRegion += n.get("regionKey")+"="+value+Constants.USER_REGION_SPLIT; + } + } + } + } + if(userRegion.endsWith(Constants.USER_REGION_SPLIT)){ + userRegion = userRegion.substring(0, userRegion.length()-1); + } + } + list1.add(cfg); + if(list1.size()>0){ + ipList.removeAll(list1); + if(cfgType==1){ + Map map = cfgToMaatConvert(ipRegionList,list1,1,groupRelationList); + groupRelationList=map.get("groupList"); + ipRegionList=map.get("dstList"); + if(map.get("numRegionList")!=null){ + numRegionList.addAll(map.get("numRegionList")); + } + }else if(cfgType==2||cfgType==3){ + Map map = cfgToMaatConvert(strRegionList,list1,2,groupRelationList); + groupRelationList=map.get("groupList"); + strRegionList=map.get("dstList"); + } + } + BeanUtils.copyProperties(cfg, maatCfg); + maatCfg.setAction(cfg.getAction()); + maatCfg.setAuditTime(StringUtil.isEmpty(cfg.getAuditTime()) ? new Date():cfg.getAuditTime()); + maatCfg.setIpRegionList(ipRegionList); + maatCfg.setStrRegionList(strRegionList); + maatCfg.setNumRegionList(numRegionList); + maatCfg.setDigestRegionList(digestRegionList); + maatCfg.setGroupRelationList(groupRelationList); + maatCfg.setGroupNum(groupRelationList.size()); + maatCfg.setAreaIpRegionList(areaIpRegionList); + maatCfg.setIsValid(entity.getIsValid()); + if(!StringUtil.isEmpty(userRegion)){ + maatCfg.setUserRegion(userRegion); + } + configCompileList.add(maatCfg); + } + page.setList(list); + if(page.isLastPage()){ + hasData = false; + } + if(!StringUtil.isEmpty(configCompileList.size())){ + maatBean.setConfigCompileList(configCompileList); + maatBean.setAuditTime(new Date()); + maatBean.setCreatorName(UserUtils.getUser().getName()); + maatBean.setVersion(Constants.MAAT_VERSION); + maatBean.setOpAction(Constants.INSERT_ACTION); + String json=gsonToJson(maatBean); + //调用服务接口下发配置数据 + if(isUpdateCfg) { + logger.info("配置批量下发:"+json); + //调用服务接口同步回调类配置 + ToMaatResult result = ConfigServiceUtil.postMaatCfg(json); + if(result!=null){ + logger.info("配置批量下发响应信息:"+result.getMsg()); + } + }else { + //调用服务接口配置全量更新 + JSONObject result = ConfigServiceUtil.configSync(json,1,entity.getServiceId(),null,(hasData?null:"FINISHED")); + } + + } + return hasData; + } /** * 处理app业务maat类配置 * @param serviceId @@ -759,4 +1538,15 @@ public class ConfigSynchronizationService extends BaseService{ return hasData; } + public void auditBatch(List compileIds,String tableName,BaseCfg entity) { + if(!StringUtil.isEmpty(compileIds) && !StringUtil.isEmpty(tableName)) { + commonPolicyDao.auditCfgBatch(tableName + , entity.getIsAudit() + , entity.getIsValid() + , entity.getAuditTime() + , entity.getAuditorId() + , compileIds, null); + } + + } } From c81bb25f2255ee6dee9ae275c83cdd3d87f2a513 Mon Sep 17 00:00:00 2001 From: DuanDongmei Date: Thu, 29 Nov 2018 09:34:13 +0800 Subject: [PATCH 4/8] =?UTF-8?q?=E6=97=A0=E6=9B=B4=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../com/nis/web/service/configuration/IpCfgService.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/main/java/com/nis/web/service/configuration/IpCfgService.java b/src/main/java/com/nis/web/service/configuration/IpCfgService.java index 91c74f593..e06fe9407 100644 --- a/src/main/java/com/nis/web/service/configuration/IpCfgService.java +++ b/src/main/java/com/nis/web/service/configuration/IpCfgService.java @@ -206,7 +206,7 @@ public class IpCfgService extends CrudService { entity.setFunctionId(functionId); ipCfgDao.updateCfgValid(entity); //查询子配置 - entity = this.getIpPortCfg(Long.parseLong(id)); + entity = this.getIpPortCfg(Long.parseLong(id),entity.getCompileId()); if(entity.getIpPortList()!=null && entity.getIpPortList().size()>0){ IpPortCfg cfg = new IpPortCfg(); BeanUtils.copyProperties(entity, cfg, new String[]{"cfgId"}); @@ -468,7 +468,7 @@ public class IpCfgService extends CrudService { List dictList = DictUtils.getFunctionRegionDictList(entity.getFunctionId()); int maatType=0; //查询子配置并修改审核状态 - entity = this.getIpPortCfg(entity.getCfgId()); + entity = this.getIpPortCfg(entity.getCfgId(),entity.getCompileId()); if(entity.getIpPortList()!=null && entity.getIpPortList().size()>0){ //判断下发类型是走maat还是callback String regionValue=entity.getIpPortList().get(0).getCfgType(); @@ -827,8 +827,8 @@ public class IpCfgService extends CrudService { public BaseIpCfg getIpCfgById(BaseIpCfg baseIpCfg){ return ipCfgDao.getById(baseIpCfg.getTableName(), baseIpCfg.getCfgId()); } - public CfgIndexInfo getIpPortCfg(Long cfgId){ - CfgIndexInfo entity = ipCfgDao.getCfgIndexInfo(cfgId); + public CfgIndexInfo getIpPortCfg(Long cfgId,Integer compileId){ + CfgIndexInfo entity = ipCfgDao.getCfgIndexInfo(cfgId,compileId); List ipPortList = ipCfgDao.getIpPortList(entity); List subscribeIdList = stringCfgDao.findSubscribeIdCfgListByCfgIndexInfo(entity); entity.setIpPortList(ipPortList); From 17422bfb93687211c288e76c5fcd172bde756b40 Mon Sep 17 00:00:00 2001 From: DuanDongmei Date: Thu, 29 Nov 2018 09:35:34 +0800 Subject: [PATCH 5/8] =?UTF-8?q?default=5Fvalue=20intercept=20=E4=B8=AD?= =?UTF-8?q?=E6=96=87=E5=9B=BD=E9=99=85=E5=8C=96=E5=A2=9E=E5=8A=A0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../messages/message_zh_CN.properties | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/src/main/resources/messages/message_zh_CN.properties b/src/main/resources/messages/message_zh_CN.properties index a597aea66..2b1946ef3 100644 --- a/src/main/resources/messages/message_zh_CN.properties +++ b/src/main/resources/messages/message_zh_CN.properties @@ -1321,15 +1321,16 @@ transfer_bytes=\u4F20\u8F93\u6570\u636E\u5B57\u8282 user_info=\u7528\u6237\u4FE1\u606F user_list=\u7528\u6237\u5217\u8868 equal_password=\u5BC6\u7801\u4E0D\u4E00\u81F4\uFF01 -outgoing_unicast_packets=\u8F93\u51FA\u5355\u5305 -outgoing_unicast_total_size=\u8F93\u51FA\u5355\u64AD\u603B\u5927\u5C0F -outgoing_broadcast_packets=\u8F93\u51FA\u5E7F\u64AD\u6570\u636E\u5305 -outgoing_broadcast_total_size=\u8F93\u51FA\u5E7F\u64AD\u603B\u5927\u5C0F -incoming_unicast_packets=\u8F93\u5165\u5355\u5305 -incoming_unicast_total_size=\u8F93\u5165\u5355\u64AD\u603B\u5927\u5C0F -incoming_broadcast_packets=\u8F93\u5165\u5E7F\u64AD\u6570\u636E\u5305 -incoming_broadcast_total_size=\u8F93\u5165\u5E7F\u64AD\u603B\u5927\u5C0F +outgoing_unicast_packets=\u4E0A\u4F20\u6570\u636E\u5305\u6570 +outgoing_unicast_total_size=\u4E0A\u4F20\u6570\u636E\u5305\u6570\u603B\u91CF +outgoing_broadcast_packets=\u4E0A\u4F20\u5B57\u8282\u6570 +outgoing_broadcast_total_size=\u4E0A\u4F20\u5B57\u8282\u6570\u603B\u91CF +incoming_unicast_packets=\u4E0B\u8F7D\u6570\u636E\u5305\u6570 +incoming_unicast_total_size=\u4E0B\u8F7D\u6570\u636E\u5305\u6570\u603B\u91CF +incoming_broadcast_packets=\u4E0B\u8F7D\u5B57\u8282\u6570 +incoming_broadcast_total_size=\u4E0B\u8F7D\u5B57\u8282\u6570\u603B\u91CF address_pool=\u5730\u5740\u6C60 ip_total=IP\u603B\u6570 available_ip_total=\u53EF\u7528IP\u6570 -address_pool_id=\u5730\u5740\u6C60ID \ No newline at end of file +address_pool_id=\u5730\u5740\u6C60ID +log_to_cfg=\u914D\u7F6E \ No newline at end of file From daba76f7b29e5a0ae8e7a89e936c8a23a15b80bc Mon Sep 17 00:00:00 2001 From: DuanDongmei Date: Thu, 29 Nov 2018 10:13:22 +0800 Subject: [PATCH 6/8] =?UTF-8?q?maat=E9=85=8D=E7=BD=AE=E6=89=B9=E9=87=8F?= =?UTF-8?q?=E4=B8=8B=E5=8F=91=E5=A2=9E=E5=8A=A0=E6=95=B0=E6=8D=AE=E5=BA=93?= =?UTF-8?q?=E7=8A=B6=E6=80=81=E5=8F=98=E6=9B=B4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../dao/configuration/CommonPolicyDao.java | 7 +++++ .../web/dao/configuration/CommonPolicyDao.xml | 26 +++++++++++++++++++ .../ConfigSynchronizationService.java | 20 +++++++++++++- 3 files changed, 52 insertions(+), 1 deletion(-) diff --git a/src/main/java/com/nis/web/dao/configuration/CommonPolicyDao.java b/src/main/java/com/nis/web/dao/configuration/CommonPolicyDao.java index 188c6aaf4..cb23303aa 100644 --- a/src/main/java/com/nis/web/dao/configuration/CommonPolicyDao.java +++ b/src/main/java/com/nis/web/dao/configuration/CommonPolicyDao.java @@ -1,8 +1,11 @@ package com.nis.web.dao.configuration; +import java.util.Date; import java.util.List; +import org.apache.ibatis.annotations.Param; + import com.nis.domain.configuration.BaseCfg; import com.nis.domain.configuration.BaseStringCfg; import com.nis.domain.configuration.CfgIndexInfo; @@ -28,4 +31,8 @@ public interface CommonPolicyDao { public void deleteComplexStringCfg(CfgIndexInfo entity); public void updateCfgValid(BaseCfg entity); public void auditCfg(BaseCfg entity); + public void auditCfgBatch(@Param("tableName")String tableName, + @Param("entity")BaseCfg baseCfg, + @Param("compileIds")List compileIds, + @Param("requestId")Integer requestId); } diff --git a/src/main/java/com/nis/web/dao/configuration/CommonPolicyDao.xml b/src/main/java/com/nis/web/dao/configuration/CommonPolicyDao.xml index 1b0da6ed4..67d4f21c0 100644 --- a/src/main/java/com/nis/web/dao/configuration/CommonPolicyDao.xml +++ b/src/main/java/com/nis/web/dao/configuration/CommonPolicyDao.xml @@ -733,4 +733,30 @@ + + update ${tableName} set is_audit = #{entity.isAudit,jdbcType=INTEGER}, + auditor_id = #{entity.auditorId,jdbcType=INTEGER}, + audit_time = #{entity.auditTime,jdbcType=TIMESTAMP} + + ,is_valid = #{entity.isValid,jdbcType=INTEGER} + + + ,cancel_request_id = #{requestId,jdbcType=INTEGER} + + + + and asn_ip_group in + + #{compileId} + + + + and compile_id in + + #{compileId} + + + + + \ No newline at end of file diff --git a/src/main/java/com/nis/web/service/configuration/ConfigSynchronizationService.java b/src/main/java/com/nis/web/service/configuration/ConfigSynchronizationService.java index 5a55368f3..f2788c3c7 100644 --- a/src/main/java/com/nis/web/service/configuration/ConfigSynchronizationService.java +++ b/src/main/java/com/nis/web/service/configuration/ConfigSynchronizationService.java @@ -52,6 +52,7 @@ import com.nis.util.DateUtils; import com.nis.util.DictUtils; import com.nis.util.ServiceConfigTemplateUtil; import com.nis.util.StringUtil; +import com.nis.web.dao.configuration.CommonPolicyDao; import com.nis.web.dao.configuration.ConfigSynchronizationDao; import com.nis.web.security.UserUtils; import com.nis.web.service.BaseService; @@ -65,7 +66,8 @@ import com.nis.web.service.BaseService; public class ConfigSynchronizationService extends BaseService{ @Autowired protected ConfigSynchronizationDao configSynchronizationDao; - + @Autowired + protected CommonPolicyDao commonPolicyDao; /** * 配置全量更新下发 * @param request @@ -234,6 +236,13 @@ public class ConfigSynchronizationService extends BaseService{ asnGroupIds.add(cfg.getUserRegion4()); } } + + if(isUpdateCfg) { + if(!StringUtil.isEmpty(compileIds) && !StringUtil.isEmpty(entity.getTableName())) { + commonPolicyDao.auditCfgBatch( entity.getTableName(), entity,compileIds,null); + } + } + if(cfgList!=null){ for(Map m:cfgList){ String tableName = m.get("tableName").toString(); @@ -254,6 +263,15 @@ public class ConfigSynchronizationService extends BaseService{ }else if("5".equals(m.get("cfgType"))){ fileList.addAll(configSynchronizationDao.getFileDigestList(tableName, compileIds)); } + if(isUpdateCfg) { + if(tableName.equals("asn_ip_cfg")){ + if(!StringUtil.isEmpty(asnGroupIds)) { + commonPolicyDao.auditCfgBatch( entity.getTableName(), entity,asnGroupIds,null); + } + }else{ + commonPolicyDao.auditCfgBatch( tableName, entity,asnGroupIds,null); + } + } } } //批量获取regionId,groupId(相同编译下的IP类配置多条ip只获取一个组号),分组复用的域配置不需要重新获取regionId,groupId From ae9edb47e7087c902a37b43e7dc2377848d70ab0 Mon Sep 17 00:00:00 2001 From: zhangwq Date: Thu, 29 Nov 2018 10:38:10 +0800 Subject: [PATCH 7/8] =?UTF-8?q?=E6=8F=90=E4=BA=A4=201.SNAT=E5=A4=8D?= =?UTF-8?q?=E7=94=A8=E7=AD=96=E7=95=A5=E3=80=81=E7=9B=B8=E5=85=B3sql=202.I?= =?UTF-8?q?P=E5=A4=8D=E7=94=A8=E8=B0=83=E7=94=A8CGI=E6=8E=A5=E5=8F=A3url?= =?UTF-8?q?=E5=AD=97=E5=85=B8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/main/java/com/nis/util/Constants.java | 3 + .../nis/web/controller/BaseController.java | 3 + .../manipulation/IpMultiplexController.java | 52 ++- .../dao/configuration/IpAddrPoolCfgDao.java | 2 + .../dao/configuration/IpAddrPoolCfgDao.xml | 6 + .../configuration/IpAddrPoolCfgService.java | 116 +++++ .../sql/20181129/add_ip_reuse_addr_pool.sql | 39 ++ .../maintenance/ipMultiplexPool/snatform2.jsp | 2 +- .../ipmulitiplex/snatPolicyForm2.jsp | 320 +++++++++++++ .../ipmulitiplex/snatPolicyList2.jsp | 431 ++++++++++++++++++ 10 files changed, 964 insertions(+), 10 deletions(-) create mode 100644 src/main/resources/sql/20181129/add_ip_reuse_addr_pool.sql create mode 100644 src/main/webapp/WEB-INF/views/cfg/manipulation/ipmulitiplex/snatPolicyForm2.jsp create mode 100644 src/main/webapp/WEB-INF/views/cfg/manipulation/ipmulitiplex/snatPolicyList2.jsp diff --git a/src/main/java/com/nis/util/Constants.java b/src/main/java/com/nis/util/Constants.java index f5cf8d76c..05c539a03 100644 --- a/src/main/java/com/nis/util/Constants.java +++ b/src/main/java/com/nis/util/Constants.java @@ -750,4 +750,7 @@ public final class Constants { public static final String NTC_IP_REUSE_USER_DELETE = Configurations.getStringProperty("userDelete",""); public static final String NTC_IP_REUSE_USER_GET = Configurations.getStringProperty("userGet",""); public static final String NTC_IP_REUSE_USER_LIST = Configurations.getStringProperty("userList",""); + + // IP复用模块调用相关CGI接口URL + public static final String IP_REUSE_CALL_CGI_URL = Configurations.getStringProperty("ip_reuse_call_cgi_url",""); } diff --git a/src/main/java/com/nis/web/controller/BaseController.java b/src/main/java/com/nis/web/controller/BaseController.java index 8a6bd2d25..08bf5f86c 100644 --- a/src/main/java/com/nis/web/controller/BaseController.java +++ b/src/main/java/com/nis/web/controller/BaseController.java @@ -126,6 +126,7 @@ import com.nis.web.service.configuration.FileTransferCfgService; import com.nis.web.service.configuration.GroupAreaService; import com.nis.web.service.configuration.HttpRedirectCfgService; import com.nis.web.service.configuration.InterceptCfgService; +import com.nis.web.service.configuration.IpAddrPoolCfgService; import com.nis.web.service.configuration.IpCfgService; import com.nis.web.service.configuration.IpMultiplexPoolCfgService; import com.nis.web.service.configuration.MailCfgService; @@ -261,6 +262,8 @@ public class BaseController { protected UserManageService userManageService; @Autowired protected IpReuseIpCfgService ipReuseIpCfgService; + @Autowired + protected IpAddrPoolCfgService ipAddrPoolCfgService;// 地址池管理service /** * 管理基础路径 */ diff --git a/src/main/java/com/nis/web/controller/configuration/manipulation/IpMultiplexController.java b/src/main/java/com/nis/web/controller/configuration/manipulation/IpMultiplexController.java index 579abca55..a353a2cbb 100644 --- a/src/main/java/com/nis/web/controller/configuration/manipulation/IpMultiplexController.java +++ b/src/main/java/com/nis/web/controller/configuration/manipulation/IpMultiplexController.java @@ -9,6 +9,7 @@ package com.nis.web.controller.configuration.manipulation; import java.util.ArrayList; +import java.util.Date; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -31,9 +32,12 @@ import com.nis.domain.Page; import com.nis.domain.SysDataDictionaryItem; import com.nis.domain.basics.PolicyGroupInfo; import com.nis.domain.configuration.BaseIpCfg; +import com.nis.domain.configuration.IpAddrPoolCfg; import com.nis.domain.configuration.IpMultiplexPoolCfg; import com.nis.domain.configuration.IpPortCfg; +import com.nis.domain.configuration.UserManage; import com.nis.domain.configuration.template.IpMultiplexPolicyTemplate; +import com.nis.exceptions.MaatConvertException; import com.nis.util.Constants; import com.nis.util.DictUtils; import com.nis.util.StringUtil; @@ -126,24 +130,35 @@ public class IpMultiplexController extends CommonController { @RequestMapping(value = {"/snatPolicyList"}) public String snatPolicyList(String cfgName,Model model,@ModelAttribute("cfg")IpPortCfg cfg,HttpServletRequest request,HttpServletResponse response) { this._ipList(cfgName,model, cfg, request, response); - return "/cfg/manipulation/ipmulitiplex/snatPolicyList"; + + // 获取地址池、用户信息 + List users = userManageService.findUsers(); + List addrPools = ipAddrPoolCfgService.getEffectiveAddrPool(); + model.addAttribute("users", users); + model.addAttribute("addrPools", addrPools); + return "/cfg/manipulation/ipmulitiplex/snatPolicyList2"; } @RequestMapping(value = {"/snatPolicyForm"}) @RequiresPermissions(value={"snat_policy:config"}) - public String snatPolicyForm(String cfgName,Model model,String ids,Integer functionId,BaseIpCfg entity) { + public String snatPolicyForm(String cfgName,Model model,String ids,Integer functionId,BaseIpCfg entity, HttpServletRequest request,HttpServletResponse response) { this._ipForm(cfgName,model, ids, functionId, entity); - // 获取拥有区域信息的策略分组 - List policyGroups = policyGroupInfoService.getHasAreaPolicyGroups(2); - model.addAttribute("policyGroups", policyGroups); + + // 获取用户信息 地址池信息 + List users = userManageService.findUsers(); + List addrPools = ipAddrPoolCfgService.getEffectiveAddrPool(); + + model.addAttribute("users", users); + model.addAttribute("addrPools", addrPools); model.addAttribute("urlPrefix","/manipulation/ipmulitiplex"); - return "/cfg/manipulation/ipmulitiplex/snatPolicyForm"; + return "/cfg/manipulation/ipmulitiplex/snatPolicyForm2"; } @RequestMapping(value = {"/saveOrUpdateSnat"}) public String saveOrUpdateSnat(String cfgName,RedirectAttributes model, IpPortCfg cfg) { // 设置生效区域信息 - groupAreaService.setAreaEffective(cfg); + //groupAreaService.setAreaEffective(cfg); + this._saveOrUpdateIp(cfgName,model, cfg); return "redirect:" + adminPath +"/manipulation/ipmulitiplex/snatPolicyList?functionId="+cfg.getFunctionId(); } @@ -158,7 +173,26 @@ public class IpMultiplexController extends CommonController { @RequestMapping(value = {"/auditSnat"}) @RequiresPermissions("snat_policy:confirm") public String auditSnat(String cfgName,String ids,IpPortCfg cfg,RedirectAttributes redirectAttributes) { - this._auditIp(cfgName,ids, cfg, redirectAttributes); + //this._auditIp(cfgName,ids, cfg, redirectAttributes); + + if(!StringUtil.isEmpty(ids)){ + String[] idArray = ids.split(","); + Date auditTime=new Date(); + for(String id :idArray){ + try { + ipAddrPoolCfgService.auditSnatStrategy(id, cfg, auditTime); + } catch (Exception e) { + e.printStackTrace(); + logger.error("SNAT策略配置下发失败:"+e.getMessage()); + if(e instanceof MaatConvertException) { + addMessage(redirectAttributes,"error", "request_service_failed"); + }else { + addMessage(redirectAttributes,"error", "audit_failed"); + } + } + } + + } return "redirect:" + adminPath +"/manipulation/ipmulitiplex/snatPolicyList?functionId="+cfg.getFunctionId(); } @@ -234,7 +268,7 @@ public class IpMultiplexController extends CommonController { } titleList.add(entity.getMenuNameCode()); classMap.put(entity.getMenuNameCode(), BaseIpCfg.class); - String snatNoExport=",server_ip,ip_type,ip_pattern,port_pattern,client_port,server_port,ir_type,direction,protocol,do_log,whether_area_block,userregion1,userregion2,userregion3,userregion4,userregion5,"; + String snatNoExport=",client_ip,group_name,server_ip,ip_type,ip_pattern,port_pattern,client_port,server_port,ir_type,direction,protocol,do_log,whether_area_block,userregion1,userregion2,userregion3,userregion4,userregion5,"; noExportMap.put(entity.getMenuNameCode(),snatNoExport); dataMap.put(entity.getMenuNameCode(), page.getList()); /*}*/ diff --git a/src/main/java/com/nis/web/dao/configuration/IpAddrPoolCfgDao.java b/src/main/java/com/nis/web/dao/configuration/IpAddrPoolCfgDao.java index 96f266959..241239888 100644 --- a/src/main/java/com/nis/web/dao/configuration/IpAddrPoolCfgDao.java +++ b/src/main/java/com/nis/web/dao/configuration/IpAddrPoolCfgDao.java @@ -33,4 +33,6 @@ public interface IpAddrPoolCfgDao extends CrudDao{ IpAddrPoolCfg getCfgInfo(IpAddrPoolCfg cfg); + List findAddrPoolCfg(); + } diff --git a/src/main/java/com/nis/web/dao/configuration/IpAddrPoolCfgDao.xml b/src/main/java/com/nis/web/dao/configuration/IpAddrPoolCfgDao.xml index b1d1a6149..83b10017d 100644 --- a/src/main/java/com/nis/web/dao/configuration/IpAddrPoolCfgDao.xml +++ b/src/main/java/com/nis/web/dao/configuration/IpAddrPoolCfgDao.xml @@ -439,4 +439,10 @@ + + \ No newline at end of file diff --git a/src/main/java/com/nis/web/service/configuration/IpAddrPoolCfgService.java b/src/main/java/com/nis/web/service/configuration/IpAddrPoolCfgService.java index 8320a748b..f05e39e8d 100644 --- a/src/main/java/com/nis/web/service/configuration/IpAddrPoolCfgService.java +++ b/src/main/java/com/nis/web/service/configuration/IpAddrPoolCfgService.java @@ -21,20 +21,25 @@ import com.nis.domain.Page; import com.nis.domain.callback.InlineIp; import com.nis.domain.callback.IpAddrPool; import com.nis.domain.configuration.BaseIpCfg; +import com.nis.domain.configuration.CfgIndexInfo; import com.nis.domain.configuration.IpAddrPoolCfg; import com.nis.domain.configuration.IpMultiplexPoolCfg; import com.nis.domain.configuration.IpPortCfg; +import com.nis.domain.configuration.UserManage; import com.nis.domain.maat.ToMaatResult; import com.nis.domain.maat.MaatCfg.IpCfg; import com.nis.exceptions.MaatConvertException; import com.nis.util.ConfigServiceUtil; +import com.nis.util.Constants; import com.nis.util.StringUtils; import com.nis.util.httpclient.HttpClientUtil; import com.nis.web.dao.configuration.IpAddrPoolCfgDao; +import com.nis.web.dao.configuration.IpCfgDao; import com.nis.web.security.UserUtils; import com.nis.web.service.BaseService; import com.nis.web.service.SpringContextHolder; import com.nis.web.service.basics.PolicyGroupInfoService; +import com.nis.web.service.basics.SysDictInfoService; import jersey.repackaged.com.google.common.collect.Maps; @@ -282,4 +287,115 @@ public class IpAddrPoolCfgService extends BaseService{ return ipAddrPoolCfgDao.getCfgInfo(cfg); } + + /** + * 策略管理获取地址池信息(至少有1个IP地址有效状态该地址池才能被使用) + * @param response + * @param request + * @return + */ + public List getEffectiveAddrPool() { + List addrPools = ipAddrPoolCfgDao.findAddrPoolCfg(); + + /*String cgiUrl = "http://localhost:8080/gwall/nis/maintenance/ipMultiplexPoolCfg/cgiCall"; + if(StringUtils.isNotBlank(Constants.IP_REUSE_CGI_URL)){ + cgiUrl = Constants.IP_REUSE_CGI_URL; + } + for (IpAddrPoolCfg cfg : addrPools) { + + Map params = new HashMap(); + params.put("cmd", "IpNumGet"); + params.put("addr_pool_id", cfg.getAddrPoolId()); + try { + String resJson = HttpClientUtil.getMsg(cgiUrl, params, req); + + } catch (Exception e) { + logger.error("获取地址池信息失败!", e); + e.printStackTrace(); + } + + }*/ + + return addrPools; + } + + /** + * 策略配置审核 + * @param ids + * @param cfg + * @param auditTime + */ + @Transactional(readOnly=false,rollbackFor=RuntimeException.class) + public void auditSnatStrategy(String id, IpPortCfg cfg, Date auditTime) { + cfg.setCfgId(Long.valueOf(id)); + cfg.setTableName(IpPortCfg.getTablename()); + cfg.setAuditorId(UserUtils.getUser().getId()); + cfg.setAuditTime(auditTime); + // 更新配置审核状态 + IpCfgDao ipCfgDao = SpringContextHolder.getBean(IpCfgDao.class); + IpCfgService IpCfgService = SpringContextHolder.getBean(IpCfgService.class); + ipCfgDao.auditCfg(cfg); + + // 获取配置信息 + BaseIpCfg ipCfg = IpCfgService.getIpCfgById(cfg); + SysDictInfoService sysDictInfoService = SpringContextHolder.getBean(SysDictInfoService.class); + UserManageService userManageService = SpringContextHolder.getBean(UserManageService.class); + UserManage user = userManageService.getUserById(ipCfg.getUserRegion1()); + String json=""; + if(cfg.getIsAudit() == Constants.AUDIT_YES){ + Map params = new HashMap(); + params.put("configId", ipCfg.getCompileId()); + params.put("addrPoolId", ipCfg.getUserRegion2()); + params.put("userType", user.getUserType()); + params.put("userId", user.getId()); + params.put("isValid", 1); + params.put("opTime", auditTime); + if(ipCfg.getIsAreaEffective() == 1){ + params.put("effectiveRange", sysDictInfoService.setEffectiveRange(ipCfg.getAreaEffectiveIds())); + } + List list = Lists.newArrayList(); + list.add(params); + //调用服务接口下发配置数据 + json=gsonToJson(list); + logger.info("SNAT策略配置下发参数:"+json); + //调用服务接口下发配置 + try { + ToMaatResult result = ConfigServiceUtil.postCallbackCfg(json); + if(result!=null){ + logger.info("SNAT地址池配置下发响应信息:"+result.getMsg()); + } + } catch (Exception e) { + logger.error("SNAT策略配置下发失败",e); + throw e; + } + + }else if(cfg.getIsAudit() == Constants.AUDIT_NOT_YES){ + Map params = new HashMap(); + params.put("configId", ipCfg.getCompileId()); + params.put("addrPoolId", ipCfg.getUserRegion2()); + params.put("userType", user.getUserType()); + params.put("userId", user.getId()); + params.put("isValid", 0); + params.put("opTime", auditTime); + if(ipCfg.getIsAreaEffective() == 1){ + params.put("effectiveRange", sysDictInfoService.setEffectiveRange(ipCfg.getAreaEffectiveIds())); + } + List list = Lists.newArrayList(); + list.add(params); + //调用服务接口取消配置 + json=gsonToJson(list); + logger.info("SNAT策略配置下发参数:"+json); + //调用服务接口取消配置 + try { + ToMaatResult result = ConfigServiceUtil.put(json, 2); + logger.info("SNAT策略配置响应信息:"+result.getMsg()); + } catch (Exception e) { + e.printStackTrace(); + logger.info("SNAT策略配置配置失败"); + throw e; + } + + } + } + } diff --git a/src/main/resources/sql/20181129/add_ip_reuse_addr_pool.sql b/src/main/resources/sql/20181129/add_ip_reuse_addr_pool.sql new file mode 100644 index 000000000..816c0566e --- /dev/null +++ b/src/main/resources/sql/20181129/add_ip_reuse_addr_pool.sql @@ -0,0 +1,39 @@ +-- ---------------------------- +-- 地址池管理表 +-- ---------------------------- +DROP TABLE IF EXISTS `ip_reuse_addr_pool`; +CREATE TABLE `ip_reuse_addr_pool` ( + `cfg_id` bigint(20) NOT NULL AUTO_INCREMENT, + `addr_pool_id` int(11) NOT NULL COMMENT '地址池ID', + `addr_pool_name` varchar(128) DEFAULT NULL COMMENT '地址池名称', + `ip_total` int(11) DEFAULT NULL COMMENT '地址池IP总数', + `available_ip_total` int(11) DEFAULT NULL COMMENT '地址池可用IP数', + `action` int(11) NOT NULL COMMENT '1:阻断,2:监测, 5: FD 白名单,6:监测白名单,7: FD 监测都白名单,应与业务ID所代表的逻辑相匹配,8-灰名单', + `is_valid` int(11) NOT NULL COMMENT '0无效,1有效,-1删除\r\n1) 未审核时配置可删除\r\n2) 审核通过,此字段置1\r\n3) 取消审核通过,此字段置0', + `is_audit` int(11) NOT NULL COMMENT '0未审核,1审核通过,2审核未通过,3取消审核通过\r\n1) 审核未通过,配置可修改\r\n2) 审核通过,配置不可删除,只能取消审核通过', + `cfg_region_code` int(11) DEFAULT NULL, + `cfg_type` varchar(64) DEFAULT '', + `function_id` int(11) NOT NULL, + `service_id` int(11) NOT NULL COMMENT '参考系统业务类型管理表', + `compile_id` int(11) NOT NULL COMMENT '取自服务接口返回的maat配置的编译id,配置初始入库时获取。', + `is_area_effective` int(11) NOT NULL DEFAULT 0 COMMENT '0否,1是', + `area_effective_ids` varchar(1024) DEFAULT NULL COMMENT '多个以英文逗号分隔', + `request_id` int(11) NOT NULL COMMENT '取自request_info.id', + `classify` varchar(128) DEFAULT '' COMMENT '分类id,多个用英文逗号分隔', + `attribute` varchar(128) DEFAULT '' COMMENT '性质id,多个用英文逗号分隔', + `lable` varchar(128) DEFAULT '' COMMENT '标签id,多个用英文逗号分隔', + `creator_id` int(11) NOT NULL COMMENT '取自sys_user.id', + `create_time` datetime NOT NULL, + `editor_id` int(11) DEFAULT NULL COMMENT '取自sys_user.id', + `edit_time` datetime DEFAULT NULL, + `auditor_id` int(11) DEFAULT NULL COMMENT '取自sys_user.id', + `audit_time` datetime DEFAULT NULL, + `description` varchar(200) DEFAULT '' COMMENT '描述信息', + `cancel_request_id` int(11) DEFAULT NULL COMMENT '取消审核来函', + `user_region1` varchar(1024) DEFAULT '' COMMENT '预留自定义域1', + `user_region2` varchar(1024) DEFAULT '' COMMENT '预留自定义域2', + `user_region3` varchar(1024) DEFAULT '' COMMENT '预留自定义域3', + `user_region4` varchar(1024) DEFAULT '' COMMENT '预留自定义域4', + `user_region5` varchar(1024) DEFAULT '' COMMENT '预留自定义域5', + PRIMARY KEY (`cfg_id`) +) ENGINE=InnoDB AUTO_INCREMENT=17 DEFAULT CHARSET=utf8mb4; diff --git a/src/main/webapp/WEB-INF/views/cfg/maintenance/ipMultiplexPool/snatform2.jsp b/src/main/webapp/WEB-INF/views/cfg/maintenance/ipMultiplexPool/snatform2.jsp index 3b3e7b5b1..4c6ffa9f2 100644 --- a/src/main/webapp/WEB-INF/views/cfg/maintenance/ipMultiplexPool/snatform2.jsp +++ b/src/main/webapp/WEB-INF/views/cfg/maintenance/ipMultiplexPool/snatform2.jsp @@ -140,7 +140,7 @@ var resetIndex = function(){
- +
diff --git a/src/main/webapp/WEB-INF/views/cfg/manipulation/ipmulitiplex/snatPolicyForm2.jsp b/src/main/webapp/WEB-INF/views/cfg/manipulation/ipmulitiplex/snatPolicyForm2.jsp new file mode 100644 index 000000000..abdd89fc4 --- /dev/null +++ b/src/main/webapp/WEB-INF/views/cfg/manipulation/ipmulitiplex/snatPolicyForm2.jsp @@ -0,0 +1,320 @@ +<%@ page contentType="text/html;charset=UTF-8"%> +<%@ include file="/WEB-INF/include/taglib.jsp"%> + + +<spring:message code="${cfgName}"></spring:message> + + + +
+

+ +

+
+
+
+
+
+ + + +
+
+
+ +
+
+ + + + + + + + + + + + + + + + + + + + + +
+ +
+
+
+ +
+ +
+
+
+
+
+ +
+ +
+
+
+
+ +
+
+ +
+ + + +
+
+
+
+ +
+
+
+
+ +
+ +
+
+
+
+
+ +
+ +
+ +
+ <%@include file="/WEB-INF/include/form/areaInfo.jsp"%> +
+ <%@include file="/WEB-INF/include/form/basicInfo.jsp" %> +
+
+
+
+
+
+ + +
+
+
+
+
+
+ + +
+
+
+
+
+
+ + \ No newline at end of file diff --git a/src/main/webapp/WEB-INF/views/cfg/manipulation/ipmulitiplex/snatPolicyList2.jsp b/src/main/webapp/WEB-INF/views/cfg/manipulation/ipmulitiplex/snatPolicyList2.jsp new file mode 100644 index 000000000..de276eb2d --- /dev/null +++ b/src/main/webapp/WEB-INF/views/cfg/manipulation/ipmulitiplex/snatPolicyList2.jsp @@ -0,0 +1,431 @@ +<%@ page contentType="text/html;charset=UTF-8"%> +<%@ include file="/WEB-INF/include/taglib.jsp"%> + + +<spring:message code="snat_policy"></spring:message> + + + + + + +
+ + +

+ +

+
+
+
+
+
+ + + + + + + + + + + + +
+
+ + + + + + + +
+ +
+ +
+
+ + + + + + + + +
+ + +
+ + + + + + + + + + + +
+
+
+
+ + + +
+
+ + + + + + +
+ +
    +
    • +
    • +
    • +
+
+ + href="javascript:;"> + + +
+
+ + + +
+
+ +
+ +
+ + + + + + + + +
+ +
+ +
+ +
+ + + + + + + +
+ +
+ +
+ +
+ + + + + + + + +
+ +
+ +
+ +
+ + + + + + + +
+ +
+ +
+ +
+
+
+ + +
+
+ +
+
+ + " onclick="WdatePicker({dateFmt:'yyyy-MM-dd HH:mm:ss',isShowClear:true});"/> + +
+
+ +
+
+ + " onclick="WdatePicker({dateFmt:'yyyy-MM-dd HH:mm:ss',isShowClear:true});"/> + +
+
+ +
+
+ + " onclick="WdatePicker({dateFmt:'yyyy-MM-dd HH:mm:ss',isShowClear:true});"/> + +
+
+ +
+
+ + " onclick="WdatePicker({dateFmt:'yyyy-MM-dd HH:mm:ss',isShowClear:true});"/> + +
+
+ +
+
+ + " onclick="WdatePicker({dateFmt:'yyyy-MM-dd HH:mm:ss',isShowClear:true});"/> + +
+
+
+ + +
+ + + +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + ${indexCfg.compileId }${indexCfg.cfgDesc } + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + ${indexCfg.requestName } + + + + + + + + + + + + + + + ${fns:abbr(classify,20)} + + + + + + + + + + + + + + + + + ${fns:abbr(attribute,20)} + + + + + + + + + + + + + + + + + + ${fns:abbr(lableInfo,20)} + + ${indexCfg.creatorName }${indexCfg.editorName }${indexCfg.auditorName }
+
${page}
+
+
+
+
+
+ + + \ No newline at end of file From 5b61613113a18ba81bdfd9c4b02744320494b129 Mon Sep 17 00:00:00 2001 From: DuanDongmei Date: Thu, 29 Nov 2018 10:39:39 +0800 Subject: [PATCH 8/8] =?UTF-8?q?maat=E9=85=8D=E7=BD=AE=E6=89=B9=E9=87=8F?= =?UTF-8?q?=E4=B8=8B=E5=8F=91=E4=BC=98=E5=8C=96=E7=8A=B6=E6=80=81=E6=9B=B4?= =?UTF-8?q?=E6=96=B0=E6=96=B9=E6=B3=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../service/configuration/ConfigSynchronizationService.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/java/com/nis/web/service/configuration/ConfigSynchronizationService.java b/src/main/java/com/nis/web/service/configuration/ConfigSynchronizationService.java index f2788c3c7..85a6ae5b7 100644 --- a/src/main/java/com/nis/web/service/configuration/ConfigSynchronizationService.java +++ b/src/main/java/com/nis/web/service/configuration/ConfigSynchronizationService.java @@ -266,10 +266,10 @@ public class ConfigSynchronizationService extends BaseService{ if(isUpdateCfg) { if(tableName.equals("asn_ip_cfg")){ if(!StringUtil.isEmpty(asnGroupIds)) { - commonPolicyDao.auditCfgBatch( entity.getTableName(), entity,asnGroupIds,null); + commonPolicyDao.auditCfgBatch(tableName, entity,asnGroupIds,null); } }else{ - commonPolicyDao.auditCfgBatch( tableName, entity,asnGroupIds,null); + commonPolicyDao.auditCfgBatch( tableName, entity,compileIds,null); } } }