snat配置下发优化

app相关数据更改

src/main/java/com/nis/domain/callback/ProxyObjTrustedCa.java

@@ -65,7 +65,6 @@ public class ProxyObjTrustedCa {
 		return certName;
 	}
 	public void setCertName(String certName) {
-		certName=BaseService.keywordsEscape(certName);
 		this.certName = certName;
 	}
 	public String getCertFile() {

src/main/java/com/nis/domain/configuration/IpReusePolicyCfg.java

@@ -1,20 +1,31 @@
 package com.nis.domain.configuration;
 
+import com.google.gson.annotations.Expose;
+import com.google.gson.annotations.SerializedName;
+
 /**
  * IP复用策略
  * @author dell
  *
  */
+/**
+ * @author DuanDongmei
+ *
+ */
 public class IpReusePolicyCfg extends BaseCfg<IpReusePolicyCfg>{
 
 	private static final long serialVersionUID = 2904010760648378142L;
 	private String indexTable="ip_reuse_policy_cfg";
 	
 	private Integer userId;			// 用户标识
-	private String userType;		// 用户类型
+	@Expose
-	private Integer addrPoolId;		// 地址池ID
+	protected String userType;		// 用户类型
-	private String translateParam;	// 地址翻译参数
+	@Expose
-	
+	protected Integer addrPoolId;		// 地址池ID
+	@Expose
+	protected String translateParam;	// 地址翻译参数
+	@Expose
+	@SerializedName("userId")
 	private String userName;		
 	private String addrPoolName;	// 仅用于列表条件检索
 	
@@ -22,6 +33,33 @@ public class IpReusePolicyCfg extends BaseCfg<IpReusePolicyCfg>{
 	private Integer ipPattern;
 	private String srcIpAddress;
 	private String destIpAddress;
+	@Expose
+	@SerializedName("configId")
+	private Integer compileId;
+	@Expose
+	@SerializedName("effectiveRange")
+	private String areaEffectiveIds ;
+	@Expose
+	private Integer doLog ;
+	
+	public void setDoLog(Integer doLog) {
+		this.doLog = doLog;
+	}
+	public Integer getDoLog() {
+		return doLog;
+	}
+	public Integer getCompileId() {
+		return compileId;
+	}
+	public void setCompileId(Integer compileId) {
+		this.compileId = compileId;
+	}
+	public String getAreaEffectiveIds() {
+		return areaEffectiveIds;
+	}
+	public void setAreaEffectiveIds(String areaEffectiveIds) {
+		this.areaEffectiveIds = areaEffectiveIds;
+	}
 	
 	public Integer getUserId() {
 		return userId;

src/main/java/com/nis/web/dao/configuration/IpMultiplexDao.xml

@@ -11,7 +11,7 @@
 		<result column="ip_type" property="ipType" jdbcType="INTEGER" />
     	<result column="ip_pattern" property="ipPattern" jdbcType="INTEGER" />
     	<result column="src_ip_address" property="srcIpAddress" jdbcType="VARCHAR" />
-    	
+    	<result column="translate_param" property="translateParam" jdbcType="VARCHAR" />
 		<result column="do_log" property="doLog" jdbcType="INTEGER" />
 		<result column="is_valid" property="isValid" jdbcType="INTEGER" />
 	    <result column="is_audit" property="isAudit" jdbcType="INTEGER" />
@@ -77,7 +77,7 @@
 	
 	<sql id="policyColumns">
 		r.CFG_ID,r.CFG_DESC,r.ADDR_POOL_ID,r.USER_NAME,r.USER_TYPE,r.IP_TYPE,r.IP_PATTERN,r.SRC_IP_ADDRESS,
-		r.ACTION,r.DO_LOG,r.IS_VALID,r.IS_AUDIT,r.CFG_REGION_CODE,r.CFG_TYPE,r.FUNCTION_ID,
+		r.TRANSLATE_PARAM,r.ACTION,r.DO_LOG,r.IS_VALID,r.IS_AUDIT,r.CFG_REGION_CODE,r.CFG_TYPE,r.FUNCTION_ID,
 		r.SERVICE_ID,r.COMPILE_ID,r.REQUEST_ID,r.CLASSIFY,r.ATTRIBUTE,r.LABLE,
     	r.CREATOR_ID,r.CREATE_TIME,r.EDITOR_ID,r.EDIT_TIME,r.AUDITOR_ID,r.AUDIT_TIME,
     	r.CANCEL_REQUEST_ID,r.IS_AREA_EFFECTIVE,r.AREA_EFFECTIVE_IDS,
@@ -225,6 +225,7 @@
 			ip_type,
     		ip_pattern,
     		src_ip_address,
+    		translate_param,
 			action,
 			do_log,
 			is_valid,
@@ -259,6 +260,7 @@
 			#{ipType,jdbcType=INTEGER},
     		#{ipPattern,jdbcType=INTEGER},
     		#{srcIpAddress,jdbcType=VARCHAR},
+    		#{translateParam,jdbcType=VARCHAR},
 	   		#{action,jdbcType=INTEGER},
 	   		#{doLog,jdbcType=INTEGER},
 			0,
@@ -404,7 +406,7 @@
 	    FROM 
 	    	ip_reuse_policy_cfg r
 	    WHERE
-	     	r.addr_pool_id = #{addrPoolId} AND r.is_valid != -1
+	     	r.addr_pool_id = #{addrPoolId} AND r.is_valid !=-1 and r.is_audit !=3
 	</select>
 	
 	<update id="updateDnatPolicyStatus" parameterType="com.nis.domain.configuration.IpReuseDnatPolicyCfg">

src/main/java/com/nis/web/service/BaseService.java

@@ -61,6 +61,7 @@ import com.nis.domain.configuration.DdosIpCfg;
 import com.nis.domain.configuration.DnsIpCfg;
 import com.nis.domain.configuration.DnsResStrategy;
 import com.nis.domain.configuration.FileDigestCfg;
+import com.nis.domain.configuration.IpReusePolicyCfg;
 import com.nis.domain.configuration.PxyObjKeyring;
 import com.nis.domain.configuration.PxyObjTrustedCaCert;
 import com.nis.domain.configuration.PxyObjTrustedCaCrl;
@@ -93,6 +94,7 @@ import com.nis.web.dao.configuration.StringCfgDao;
 import com.nis.web.dao.specific.ConfigGroupInfoDao;
 import com.nis.web.dao.specific.SpecificServiceCfgDao;
 import com.nis.web.security.UserUtils;
+import com.nis.web.service.basics.SysDictInfoService;
 
 /**
  * Service基类
@@ -1330,6 +1332,22 @@ public abstract class BaseService {
 		proxyObjKeyring.setOpTime(cfg.getAuditTime());
 		return proxyObjKeyring;
 	}
+	// 拦截策略
+	public static IpReusePolicyCfg convertCallBackSnatPolicy(IpReusePolicyCfg cfg) {
+		if(cfg != null) {
+			String areaEffectiveIds=cfg.getAreaEffectiveIds();
+			if(StringUtils.isEmpty(areaEffectiveIds)){
+				areaEffectiveIds="0";
+			}else {
+				// 组织区域、运营商配置下发格式
+				SysDictInfoService service = SpringContextHolder.getBean(SysDictInfoService.class);
+				areaEffectiveIds = service.setEffectiveRange(areaEffectiveIds);
+			}
+			cfg.setAreaEffectiveIds(areaEffectiveIds);
+			cfg.setUserName(keywordsEscape(cfg.getUserName()));
+		}
+		return cfg;
+	}
 
 	// 可信证书
 	public static List<ProxyObjTrustedCa> convertCallBackProxyObjTrustedCa(PxyObjTrustedCaCert cfgCert,
@@ -1340,7 +1358,7 @@ public abstract class BaseService {
 			proxyObjTrustedCaCert.setId(Long.valueOf(cfgCert.getCompileId()));
 			proxyObjTrustedCaCert.setCfgId(cfgCert.getCompileId());
 			proxyObjTrustedCaCert.setCertId(cfgCert.getCompileId());
-			proxyObjTrustedCaCert.setCertName(cfgCert.getCfgDesc());
+			proxyObjTrustedCaCert.setCertName(keywordsEscape(cfgCert.getCfgDesc()));
 			proxyObjTrustedCaCert.setCertFile(cfgCert.getCertFile());
 			proxyObjTrustedCaCert.setService(cfgCert.getServiceId());
 			proxyObjTrustedCaCert.setIsValid(cfgCert.getIsValid());

src/main/java/com/nis/web/service/configuration/IpMultiplexService.java

@@ -64,7 +64,7 @@ public class IpMultiplexService extends BaseService{
 			entity.setIpPattern(null);
 			entity.setSrcIpAddress("");
 		}else{
-			entity.setUserName("");
+			entity.setUserName(entity.getSrcIpAddress());
 		}
 		
 		// 更新策略信息
@@ -132,22 +132,9 @@ public class IpMultiplexService extends BaseService{
 		cfg = this.getPolicyCfg(cfg.getCfgId(), null);
 		String json="";
 		if(cfg.getIsAudit() == Constants.AUDIT_YES){
-			String areaEffectiveIds = cfg.getIsAreaEffective() == 1?sysDictInfoService.setEffectiveRange(cfg.getAreaEffectiveIds()):"0";
+			cfg=convertCallBackSnatPolicy(cfg);
-			Map<String, Object> params = new HashMap<String,Object>();
-			params.put("configId", cfg.getCompileId());
-			params.put("addrPoolId", cfg.getAddrPoolId());
-			params.put("userType", cfg.getUserType());
-			params.put("userId", keywordsEscape(StringUtils.isNotBlank(cfg.getUserName())?cfg.getUserName():cfg.getSrcIpAddress()));
-			params.put("doLog", cfg.getDoLog());
-			params.put("action", cfg.getAction());
-			params.put("service", cfg.getServiceId());
-			params.put("isValid", 1);
-			params.put("opTime", auditTime);
-			params.put("translateParam", "byconn=10");
-			params.put("effectiveRange", areaEffectiveIds);
-			
 			List list = Lists.newArrayList();
-			list.add(params);
+			list.add(cfg);
 			//调用服务接口下发配置数据
 			json=gsonToJson(list);
 			logger.info("SNAT策略配置下发参数："+json);
@@ -163,22 +150,9 @@ public class IpMultiplexService extends BaseService{
 			}
 			
 		}else if(cfg.getIsAudit() == Constants.AUDIT_NOT_YES){
-			String areaEffectiveIds = cfg.getIsAreaEffective() == 1?sysDictInfoService.setEffectiveRange(cfg.getAreaEffectiveIds()):"0";
+			cfg=convertCallBackSnatPolicy(cfg);
-			Map<String, Object> params = new HashMap<String,Object>();
-			params.put("configId", cfg.getCompileId());
-			params.put("addrPoolId", cfg.getAddrPoolId());
-			params.put("userType", cfg.getUserType());
-			params.put("userId", keywordsEscape(StringUtils.isNotBlank(cfg.getUserName())?cfg.getUserName():cfg.getSrcIpAddress()));
-			params.put("doLog", cfg.getDoLog());
-			params.put("action", cfg.getAction());
-			params.put("service", cfg.getServiceId());
-			params.put("isValid", 0);
-			params.put("opTime", auditTime);
-			params.put("translateParam", "byconn=10");
-			params.put("effectiveRange", areaEffectiveIds);
-			
 			List list = Lists.newArrayList();
-			list.add(params);
+			list.add(cfg);
 			//调用服务接口取消配置
 			json=gsonToJson(list);
 			logger.info("SNAT策略配置下发参数："+json);

src/main/resources/sql/20181208/update_menu_and_function_dict.sql

@@ -0,0 +1,10 @@
+#修改协议的code为国际化key
+update sys_menu set code='protocol' where id in (931,934,937,1131,1134);
+#删除APP HTTP Feature APP SSL Cert Feature APP DK GL Admin业务
+update sys_menu set is_show=0,del_flag=0  where function_id in (402,520,567);
+UPDATE function_region_dict set is_valid=0 where function_id in (402,520,567);
+update function_service_dict  set is_valid=0 where function_id in (402,520,567);
+#APP的http admin，ssladmin 及payload admin业务变更district
+update function_region_dict set config_district='Host,URI,User-Agent,Content-Type,Content-Encoding,Refer,Cookie,Set-cookie' where dict_id in(220,221,222);
+update function_region_dict set config_district='SSL_SNI,SSL_FP,serilNumber,issuer_commonName,issuer_organizationName,issuer_countryName,subject_commonName,subject_organizationName,subject_countryName,notBefore,notAfter,Algorithm_id' where dict_id in(224,225,226);
+update function_region_dict set config_district='Payload,L2_header,L3_header,C2S_session_size,S2C_session_size' where dict_id in(212,213,215);

src/main/webapp/WEB-INF/views/cfg/manipulation/ipmulitiplex/snatPolicyForm2.jsp

@@ -105,6 +105,7 @@ var switchUserType = function(obj){
                             <input type="hidden" name="cfgId" value="${_cfg.cfgId}">
                             <input type="hidden" name="compileId" value="${_cfg.compileId}">
                             <input type="hidden" name="functionId" value="${_cfg.functionId}">
+                            	<input type="hidden" name="translateParam" value="byconn=10">
                             <input name="isAreaEffective" type="hidden" value="0">
                             <c:if test="${fn:length(serviceList)==1}">
 				            	<c:forEach items="${serviceList}" var="service">