diff --git a/src/main/java/com/nis/domain/configuration/BaseIpCfg.java b/src/main/java/com/nis/domain/configuration/BaseIpCfg.java index f77938551..7a997f38c 100644 --- a/src/main/java/com/nis/domain/configuration/BaseIpCfg.java +++ b/src/main/java/com/nis/domain/configuration/BaseIpCfg.java @@ -413,6 +413,7 @@ public class BaseIpCfg extends BaseCfg { protected String min; protected String max; protected Integer mirrorClient; + protected Integer allowHttp2; protected Integer enable; protected Integer mirrorProfile; @@ -494,6 +495,13 @@ public class BaseIpCfg extends BaseCfg { public void setMirrorClient(Integer mirrorClient) { this.mirrorClient = mirrorClient; } + + public Integer getAllowHttp2() { + return allowHttp2; + } + public void setAllowHttp2(Integer allowHttp2) { + this.allowHttp2 = allowHttp2; + } public Integer getEnable() { return enable; } diff --git a/src/main/java/com/nis/domain/configuration/BaseStringCfg.java b/src/main/java/com/nis/domain/configuration/BaseStringCfg.java index bd483e840..e574328d5 100644 --- a/src/main/java/com/nis/domain/configuration/BaseStringCfg.java +++ b/src/main/java/com/nis/domain/configuration/BaseStringCfg.java @@ -295,6 +295,7 @@ public class BaseStringCfg extends BaseCfg { protected String min; protected String max; protected Integer mirrorClient; + protected Integer allowHttp2; protected Integer enable; protected Integer mirrorProfile; @@ -375,6 +376,12 @@ public class BaseStringCfg extends BaseCfg { } public void setMirrorClient(Integer mirrorClient) { this.mirrorClient = mirrorClient; + } + public Integer getAllowHttp2() { + return allowHttp2; + } + public void setAllowHttp2(Integer allowHttp2) { + this.allowHttp2 = allowHttp2; } public Integer getEnable() { return enable; diff --git a/src/main/java/com/nis/domain/configuration/PxyInterceptCfg.java b/src/main/java/com/nis/domain/configuration/PxyInterceptCfg.java index 3ff381ad3..10bb84172 100644 --- a/src/main/java/com/nis/domain/configuration/PxyInterceptCfg.java +++ b/src/main/java/com/nis/domain/configuration/PxyInterceptCfg.java @@ -34,9 +34,11 @@ public class PxyInterceptCfg extends CfgIndexInfo { private String max; @ExcelField(title="ssl_ver_mirror_client",dictType="SYS_YES_NO",sort=20) private String mirrorClient; - @ExcelField(title="decrypt_mirror_enable",dictType="SYS_YES_NO",sort=21) + @ExcelField(title="ssl_ver_allow_http2",dictType="SYS_YES_NO",sort=21) + private String allowHttp2; + @ExcelField(title="decrypt_mirror_enable",dictType="SYS_YES_NO",sort=22) private String enable; - @ExcelField(title="decrypt_mirror_mirror_profile",sort=22) + @ExcelField(title="decrypt_mirror_mirror_profile",sort=23) private String mirrorProfile; private String userRegion1; private String userRegion2; @@ -120,6 +122,12 @@ public class PxyInterceptCfg extends CfgIndexInfo { } public void setMirrorClient(String mirrorClient) { this.mirrorClient = mirrorClient; + } + public String getAllowHttp2() { + return allowHttp2; + } + public void setAllowHttp2(String allowHttp2) { + this.allowHttp2 = allowHttp2; } public String getEnable() { return enable; diff --git a/src/main/java/com/nis/domain/configuration/template/InterceptDomainTemplate.java b/src/main/java/com/nis/domain/configuration/template/InterceptDomainTemplate.java index a8a14ba3d..aee4be801 100644 --- a/src/main/java/com/nis/domain/configuration/template/InterceptDomainTemplate.java +++ b/src/main/java/com/nis/domain/configuration/template/InterceptDomainTemplate.java @@ -29,6 +29,8 @@ public class InterceptDomainTemplate extends StringAllNotDoLogTemplate { private Integer mirrorClient; + private Integer allowHttp2; + private Integer enable; private Integer mirrorProfile; @@ -124,14 +126,21 @@ public class InterceptDomainTemplate extends StringAllNotDoLogTemplate { public void setMirrorClient(Integer mirrorClient) { this.mirrorClient = mirrorClient; } - @ExcelField(title="decrypt_mirror_enable",align=2,sort=30) + @ExcelField(title="ssl_ver_allow_http2",align=2,sort=30) + public Integer getAllowHttp2() { + return allowHttp2; + } + public void setAllowHttp2(Integer allowHttp2) { + this.allowHttp2 = allowHttp2; + } + @ExcelField(title="decrypt_mirror_enable",align=2,sort=31) public Integer getEnable() { return enable; } public void setEnable(Integer enable) { this.enable = enable; } - @ExcelField(title="decrypt_mirror_mirror_profile",align=2,sort=31) + @ExcelField(title="decrypt_mirror_mirror_profile",align=2,sort=32) public Integer getMirrorProfile() { return mirrorProfile; } diff --git a/src/main/java/com/nis/domain/configuration/template/InterceptIpTemplate.java b/src/main/java/com/nis/domain/configuration/template/InterceptIpTemplate.java index a25ecf788..f4ac838ae 100644 --- a/src/main/java/com/nis/domain/configuration/template/InterceptIpTemplate.java +++ b/src/main/java/com/nis/domain/configuration/template/InterceptIpTemplate.java @@ -30,6 +30,8 @@ public class InterceptIpTemplate extends IpAllNotDoLogTemplate { private Integer mirrorClient; + private Integer allowHttp2; + private Integer enable; private Integer mirrorProfile; @@ -125,14 +127,21 @@ public class InterceptIpTemplate extends IpAllNotDoLogTemplate { public void setMirrorClient(Integer mirrorClient) { this.mirrorClient = mirrorClient; } - @ExcelField(title="decrypt_mirror_enable",align=2,sort=30) + @ExcelField(title="ssl_ver_allow_http2",align=2,sort=30) + public Integer getAllowHttp2() { + return allowHttp2; + } + public void setAllowHttp2(Integer allowHttp2) { + this.allowHttp2 = allowHttp2; + } + @ExcelField(title="decrypt_mirror_enable",align=2,sort=31) public Integer getEnable() { return enable; } public void setEnable(Integer enable) { this.enable = enable; } - @ExcelField(title="decrypt_mirror_mirror_profile",align=2,sort=31) + @ExcelField(title="decrypt_mirror_mirror_profile",align=2,sort=32) public Integer getMirrorProfile() { return mirrorProfile; } diff --git a/src/main/java/com/nis/util/excel/ExportExcel.java b/src/main/java/com/nis/util/excel/ExportExcel.java index e0d34d868..8a8cf7282 100644 --- a/src/main/java/com/nis/util/excel/ExportExcel.java +++ b/src/main/java/com/nis/util/excel/ExportExcel.java @@ -896,6 +896,25 @@ public class ExportExcel { index++; } } + //allow_http2 + if("ssl_ver_allow_http2".equals(headerStr)) { + commentStr=""; + defaultValue="1"; + commentStr=msgProp.getProperty("select")+":\n"+commentStr; + index++; + commentStr+=1+"("+msgProp.getProperty("yes")+")\n"; + index++; + commentStr+=0+"("+msgProp.getProperty("no")+")\n"; + index++; + commentStr=commentStr+msgProp.getProperty("rule_desc_tip")+":\n"; + index++; + //1、默认值说明 + if(!StringUtil.isEmpty(defaultValue)){ + commentStr=commentStr+"▶"+msgProp.getProperty("default_value")+":"+defaultValue+"\n"; + index++; + } + index++; + } if("decrypt_mirror_enable".equals(headerStr)) { commentStr=""; defaultValue="0"; diff --git a/src/main/java/com/nis/util/excel/thread/CheckIpFormatThread.java b/src/main/java/com/nis/util/excel/thread/CheckIpFormatThread.java index cc604a1d6..0abfc35e6 100644 --- a/src/main/java/com/nis/util/excel/thread/CheckIpFormatThread.java +++ b/src/main/java/com/nis/util/excel/thread/CheckIpFormatThread.java @@ -579,6 +579,7 @@ public class CheckIpFormatThread implements Callable{ String min=baseIpCfg.getMin(); String max=baseIpCfg.getMax(); Integer mirrorClient=baseIpCfg.getMirrorClient(); + Integer allowHttp2=baseIpCfg.getAllowHttp2(); Integer enable=baseIpCfg.getEnable(); Integer mirrorProfile=baseIpCfg.getMirrorProfile(); Map userRegionMap=new HashMap<>(); @@ -726,6 +727,17 @@ public class CheckIpFormatThread implements Callable{ if(StringUtils.isBlank(max)) { max="tls13"; } + if(allowHttp2==null) { + allowHttp2=1; + map.put("allow_http2", allowHttp2); + }else { + if(allowHttp2!=0&&allowHttp2!=1) { + errInfo.append(String.format(prop.getProperty("is_incorrect"), + prop.getProperty("ssl_ver_allow_http2","SSL version allow http2") + " ") + ";"); + }else { + map.put("allow_http2", allowHttp2); + } + } for(SysDataDictionaryItem sslversion: sslversions) { if(sslversion.getItemCode().equals(min)) { minSort=sslversion.getItemSort(); diff --git a/src/main/java/com/nis/util/excel/thread/CheckStringFormatThread.java b/src/main/java/com/nis/util/excel/thread/CheckStringFormatThread.java index a9a93bb80..3d837b281 100644 --- a/src/main/java/com/nis/util/excel/thread/CheckStringFormatThread.java +++ b/src/main/java/com/nis/util/excel/thread/CheckStringFormatThread.java @@ -527,6 +527,7 @@ public class CheckStringFormatThread implements Callable{ String min=baseStringCfg.getMin(); String max=baseStringCfg.getMax(); Integer mirrorClient=baseStringCfg.getMirrorClient(); + Integer allowHttp2=baseStringCfg.getAllowHttp2(); Integer enable=baseStringCfg.getEnable(); Integer mirrorProfile=baseStringCfg.getMirrorProfile(); Map userRegionMap=new HashMap<>(); @@ -674,6 +675,17 @@ public class CheckStringFormatThread implements Callable{ if(StringUtils.isBlank(max)) { max="tls13"; } + if(allowHttp2==null) { + allowHttp2=1; + map.put("allow_http2", allowHttp2); + }else { + if(allowHttp2!=0&&allowHttp2!=1) { + errInfo.append(String.format(prop.getProperty("is_incorrect"), + prop.getProperty("ssl_ver_allow_http2","SSL version allow http2") + " ") + ";"); + }else { + map.put("allow_http2", allowHttp2); + } + } for(SysDataDictionaryItem sslversion: sslversions) { if(sslversion.getItemCode().equals(min)) { minSort=sslversion.getItemSort(); diff --git a/src/main/java/com/nis/web/controller/configuration/proxy/InterceptController.java b/src/main/java/com/nis/web/controller/configuration/proxy/InterceptController.java index 14c7ee705..f2f651774 100644 --- a/src/main/java/com/nis/web/controller/configuration/proxy/InterceptController.java +++ b/src/main/java/com/nis/web/controller/configuration/proxy/InterceptController.java @@ -198,6 +198,7 @@ public class InterceptController extends CommonController { //ssl_ver map=new HashMap<>(); String mirror_client=request.getParameter("mirror_client"); + String allow_http2 = request.getParameter("allow_http2"); String min=request.getParameter("min"); String max=request.getParameter("max"); if(StringUtils.isNotBlank(mirror_client)){ @@ -206,6 +207,12 @@ public class InterceptController extends CommonController { mirror_client="0"; map.put("mirror_client", 0); } + if(StringUtils.isNotBlank(allow_http2)){ + map.put("allow_http2", Integer.parseInt(allow_http2.trim())); + }else { + allow_http2="1"; + map.put("allow_http2", 1); + } if("0".equals(mirror_client)) { if(StringUtils.isNotBlank(min)){ map.put("min", min.trim()); @@ -546,6 +553,9 @@ public class InterceptController extends CommonController { if(((Map)userregion.get("ssl_ver")).containsKey("mirror_client")) { pxyInterceptCfg.setMirrorClient(((Map)userregion.get("ssl_ver")).get("mirror_client").toString()); } + if(((Map)userregion.get("ssl_ver")).containsKey("allow_http2")) { + pxyInterceptCfg.setAllowHttp2(((Map)userregion.get("ssl_ver")).get("allow_http2").toString()); + } if(((Map)userregion.get("decrypt_mirror")).containsKey("enable")) { pxyInterceptCfg.setEnable(((Map)userregion.get("decrypt_mirror")).get("enable").toString()); } diff --git a/src/main/webapp/WEB-INF/views/cfg/intercept/interceptForm.jsp b/src/main/webapp/WEB-INF/views/cfg/intercept/interceptForm.jsp index f4cdb0b0b..232d68b5a 100644 --- a/src/main/webapp/WEB-INF/views/cfg/intercept/interceptForm.jsp +++ b/src/main/webapp/WEB-INF/views/cfg/intercept/interceptForm.jsp @@ -837,6 +837,20 @@ legend{padding:.5em;border:0;width:auto;font-family: "Open Sans", sans-serif;col
+
hidden""> +
+ +
+
+ checked/> +
+
+
+
+
hidden">
diff --git a/src/main/webapp/WEB-INF/views/cfg/intercept/interceptList.jsp b/src/main/webapp/WEB-INF/views/cfg/intercept/interceptList.jsp index 88a7d15b1..b26ae6022 100644 --- a/src/main/webapp/WEB-INF/views/cfg/intercept/interceptList.jsp +++ b/src/main/webapp/WEB-INF/views/cfg/intercept/interceptList.jsp @@ -123,6 +123,7 @@ } }); $(obj).parent().find("td[data-column='mirror_client']").text(jsonObj.ssl_ver.mirror_client==1?"":""); + $(obj).parent().find("td[data-column='allow_http2']").text(jsonObj.ssl_ver.allow_http2==1?"":""); $(obj).parent().find("td[data-column='enable']").text(jsonObj.decrypt_mirror.enable==1?"":""); $(obj).parent().find("td[data-column='mirror_profile']").text(jsonObj.decrypt_mirror.mirror_profile); if(jsonObj.decrypt_mirror.mirror_profile){ @@ -468,6 +469,7 @@ + @@ -572,6 +574,7 @@ + diff --git a/src/main/webapp/static/global/scripts/ipRegion.js b/src/main/webapp/static/global/scripts/ipRegion.js index 9d8bc226a..e96e72760 100644 --- a/src/main/webapp/static/global/scripts/ipRegion.js +++ b/src/main/webapp/static/global/scripts/ipRegion.js @@ -71,15 +71,17 @@ var processPattern=function(selector,pattern){ * ip默认选项处理 */ var initCommIpVal=function(){ - var action,regionCode,serviceType,ipPortShow,ipType, + var action,regionCode,ipPortShow,ipType,serviceId, srcIpPattern,destIpPattern,srcPortPattern,destPortPattern, direction,protocol,regionType; if($("input[name$='action']:checked").length>0){ regionCode=$("input[name$='action']:checked").attr("regionCode"); action=$("input[name$='action']:checked").val(); + serviceId=$("input[name$='action']:checked").attr("serviceId"); }else{ regionCode=$("input[name$='action']").attr("regionCode"); action=$("input[name$='action']").val(); + serviceId=$("input[name$='action']").attr("serviceId"); } if(regionCode){ if(regionCode.indexOf(",")==-1){ @@ -102,6 +104,10 @@ var initCommIpVal=function(){ } } if(regionCode){//IP域大于1个,根据action获取ip属性 + + if(serviceId==149||serviceId==37){//ASN比较特殊,action与ip的相同但是service id不同,这里调用regionCode=5的话会导致获取不到正确的属性 + regionCode=$("input[name$='action'][value='"+action+"'][serviceId!='"+serviceId+"']").attr("regionCode"); + } ipPortShow=$("input[name$='cfgRegionCode'][value='"+regionCode+"']").attr("ipPortShow"), ipType=$("input[name$='cfgRegionCode'][value='"+regionCode+"']").attr("ipType"), srcIpPattern=$("input[name$='cfgRegionCode'][value='"+regionCode+"']").attr("srcIpPattern"), @@ -230,7 +236,7 @@ var changeIPVal=function(obj){ } if(regionCode){ if(regionCode.indexOf(",")==-1){ - $("#cfgRegionCode"+regionCode).attr("name","cfgRegionCode"); + $("#cfgRegionCode"+regionCode).attr("name","cfgRegionCode"); $("#cfgType"+regionCode).attr("name","cfgType"); }else{ var _region=''; @@ -327,7 +333,7 @@ var changeIPVal=function(obj){ o.find("select[name$='ipType']").selectpicker("refresh"); } } - + } //源ip格式处理 changePattern(o,"srcIpPattern",srcIpPattern);