gfwleak/k18-ntcs-web-ntc
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

DDOS,Intercept Policy导入拆分

Browse Source
This commit is contained in:
wangxin
2019-04-02 17:52:10 +08:00
parent bd29b40573
commit d27ba7ec93
5 changed files with 519 additions and 173 deletions
Download Patch File Download Diff File Expand all files Collapse all files

173
src/main/java/com/nis/web/controller/configuration/manipulation/DdosCfgController.java
View File

@@ -6,35 +6,40 @@ import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.concurrent.BlockingQueue;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.beanutils.BeanUtils;
import org.apache.cxf.common.util.StringUtils;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.jets3t.service.ServiceException;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.multipart.MultipartFile;
import org.springframework.web.servlet.mvc.support.RedirectAttributes;
import com.beust.jcommander.internal.Lists;
import com.nis.domain.FunctionRegionDict;
import com.nis.domain.FunctionServiceDict;
import com.nis.domain.Page;
import com.nis.domain.basics.ServiceDictInfo;
import com.nis.domain.configuration.AvFileSampleCfg;
import com.nis.domain.configuration.AvVoipAccountCfg;
import com.nis.domain.configuration.BaseIpCfg;
import com.nis.domain.configuration.CfgIndexInfo;
import com.nis.domain.configuration.DdosIpCfg;
import com.nis.domain.configuration.DnsResStrategy;
import com.nis.domain.configuration.IpPortCfg;
import com.nis.domain.configuration.NtcSubscribeIdCfg;
import com.nis.domain.configuration.DdosIpCfg;
import com.nis.domain.configuration.RequestInfo;
import com.nis.domain.configuration.template.DdosIpTemplate;
import com.nis.exceptions.MaatConvertException;
import com.nis.util.ConfigServiceUtil;
import com.nis.util.Constants;
import com.nis.util.DictUtils;
import com.nis.util.StringUtil;
import com.nis.util.excel.ImportBigExcel;
import com.nis.web.controller.BaseController;
import com.nis.web.security.UserUtils;
@@ -266,4 +271,156 @@ public class DdosCfgController extends BaseController {
model.addAttribute("tabList", tabList);
return "/cfg/ddosSubList";
}
@RequestMapping(value = {"import"}, method=RequestMethod.POST)
public String importCfg(HttpServletRequest request,HttpServletResponse response,RedirectAttributes redirectAttributes,
@RequestParam("files") MultipartFile[] files
,Integer serviceDictId
,Integer requestId
,String attribute
,String classify
,String regionDictIds
,String importPath) {
logger.warn("import start...");
long start=System.currentTimeMillis();
ImportBigExcel ei=null;
try {
FunctionServiceDict serviceDict = DictUtils.getFunctionServiceDict(serviceDictId);
StringBuffer errTip=new StringBuffer();
BlockingQueue<BaseIpCfg> ipPortCfgs =null;
Properties properties=this.getMsgProp();
for (int i = 0; i < files.length; i++) {
MultipartFile file = files[i];
ei = new ImportBigExcel(file, 0, 1);
FunctionRegionDict regionDict = DictUtils
.getFunctionRegionDict(Integer.parseInt(regionDictIds.split(",")[i]));
//------------------------------------check format start----------------------------
if (regionDict.getRegionType().equals(1)) {// IP
//加载模板
ei.loadInitParams(DdosIpTemplate.class, properties, regionDict, serviceDict);
BlockingQueue<DdosIpTemplate> list = ei.getDataList(DdosIpTemplate.class );
ipPortCfgs=this.checkIpCfgMulity(errTip,serviceDict, regionDict, null,null, list);
}
//删除文件
if(ei.getUploadFile()!=null&&ei.getUploadFile().exists()) {
ei.getUploadFile().delete();
}
//------------------------------------check format end----------------------------
Date date = new Date();
String isSend = request.getParameter("isSend")==null?"":request.getParameter("isSend");
if (regionDict.getRegionType().equals(1)) {// IP
List<BaseIpCfg> _ipPortCfgs=Lists.newArrayList(Constants.MAAT_JSON_SEND_SIZE);
while(!ipPortCfgs.isEmpty()) {
ipPortCfgs.drainTo(_ipPortCfgs, Constants.MAAT_JSON_SEND_SIZE);
List<Integer> compileIds=Lists.newArrayList();
List<Integer> regionIds=Lists.newArrayList();
List<Integer> groupIds=Lists.newArrayList();
List<Integer> numRegionGroupIds=Lists.newArrayList();
List<Integer> numRegionRegionIds=Lists.newArrayList();
if(!regionDict.getFunctionId().equals(405)) {//app ip compileId 从config_group_info中取
try {
compileIds = ConfigServiceUtil.getId(1,_ipPortCfgs.size());
if(isSend.equals("1")) {
groupIds = ConfigServiceUtil.getId(2,_ipPortCfgs.size());
regionIds = ConfigServiceUtil.getId(3,_ipPortCfgs.size());
//需要获取数值域的id
if(serviceDict!=null&&serviceDict.getProtocolId()!=null&&serviceDict.getProtocolId()>0) {
numRegionGroupIds = ConfigServiceUtil.getId(2,_ipPortCfgs.size());
numRegionRegionIds = ConfigServiceUtil.getId(3,_ipPortCfgs.size());
}
}
} catch (Exception e) {
e.printStackTrace();
logger.info("获取编译ID出错");
throw new MaatConvertException("<spring:message code=\"request_service_failed\"/>:"+e.getMessage());
}
}else {
try {
regionIds = ConfigServiceUtil.getId(3,_ipPortCfgs.size());
} catch (Exception e) {
e.printStackTrace();
logger.info("获取域ID出错");
throw new MaatConvertException("<spring:message code=\"request_service_failed\"/>:"+e.getMessage());
}
}
int ind=0;
for (BaseIpCfg cfg : _ipPortCfgs) {
cfg.setAction(serviceDict==null?null:serviceDict.getAction());
/*cfg.setAuditorId(UserUtils.getUser().getId());
cfg.setAuditTime(date);*/
cfg.setCfgRegionCode(regionDict.getConfigRegionCode());
cfg.setCfgType(regionDict.getConfigRegionValue());
cfg.setCreateTime(date);
cfg.setCreatorId(UserUtils.getUser().getId());
//cfg.setDoLog(2);
cfg.setFunctionId(regionDict.getFunctionId());
if(isSend.equals("1")) {
cfg.setIsAudit(Constants.AUDIT_YES);
cfg.setIsValid(Constants.VALID_YES);
cfg.setAuditorId(UserUtils.getUser().getId());
cfg.setAuditTime(date);
if(groupIds!=null&&groupIds.size()==_ipPortCfgs.size()) {
cfg.setGroupId(groupIds.get(ind));
}
if(regionIds!=null&&regionIds.size()==_ipPortCfgs.size()) {
cfg.setRegionId(regionIds.get(ind));
}
if(serviceDict!=null&&serviceDict.getProtocolId()!=null) {
if(numRegionGroupIds!=null&&numRegionGroupIds.size()==_ipPortCfgs.size()) {
cfg.setNumberRegionGroupId(numRegionGroupIds.get(ind));
}
if(numRegionRegionIds!=null&&numRegionRegionIds.size()==_ipPortCfgs.size()) {
cfg.setNumberRegionRegionId(numRegionRegionIds.get(ind));
}
}
}else {
cfg.setIsAudit(Constants.AUDIT_NOT_YET);
cfg.setIsValid(Constants.VALID_NO);
}
cfg.setIsAreaEffective(0);
cfg.setLable("0");
cfg.setRequestId(StringUtil.isEmpty(requestId) ? 0 : requestId);
cfg.setAttribute(attribute);
cfg.setClassify(classify);
cfg.setServiceId(serviceDict==null?null:serviceDict.getServiceId());
cfg.setTableName("ip_port_cfg");
if(compileIds.size()==_ipPortCfgs.size()) {
cfg.setCompileId(compileIds.get(ind));
}
CfgIndexInfo cfgIndexInfo = new CfgIndexInfo();
org.springframework.beans.BeanUtils.copyProperties(cfg, cfgIndexInfo,new String[] {"cfgId"});
if(cfg.getDnsStrategyId()!=null) {
cfgIndexInfo.setDnsStrategyId(Long.parseLong(cfg.getDnsStrategyId().toString()));
}
ind++;
}
ddosCfgService.saveAndSend(regionDict, _ipPortCfgs, isSend.equals("1"));
_ipPortCfgs.clear();
}
}
}
if(errTip.toString().length()>0) {
addMessage(redirectAttributes,"error", errTip.toString());
}
} catch (Exception e) {
if(ei!=null) {
if(ei.getUploadFile().exists()) {
ei.getUploadFile().delete();
}
}
if(e instanceof MaatConvertException) {
addMessage(redirectAttributes,"error", "request_service_failed");
}else if(e instanceof ServiceException) {
addMessage(redirectAttributes,"error", e.getMessage());
}else if(e instanceof IndexOutOfBoundsException){
addMessage(redirectAttributes,"error", "template_error");
}else {
addMessage(redirectAttributes,"error", "import_failed");
}
e.printStackTrace();
}
long end=System.currentTimeMillis();
logger.warn("import finish,cost:"+(end-start));
return "redirect:" + adminPath+ importPath;
}
}

252
src/main/java/com/nis/web/controller/configuration/proxy/InterceptController.java
View File

@@ -29,21 +29,32 @@ import com.beust.jcommander.internal.Lists;
import com.nis.domain.FunctionRegionDict;
import com.nis.domain.FunctionServiceDict;
import com.nis.domain.Page;
import com.nis.domain.basics.AsnGroupInfo;
import com.nis.domain.basics.PolicyGroupInfo;
import com.nis.domain.configuration.AppPolicyCfg;
import com.nis.domain.configuration.BaseIpCfg;
import com.nis.domain.configuration.BaseStringCfg;
import com.nis.domain.configuration.CfgIndexInfo;
import com.nis.domain.configuration.ComplexkeywordCfg;
import com.nis.domain.configuration.HttpUrlCfg;
import com.nis.domain.configuration.InterceptPktBin;
import com.nis.domain.configuration.IpPortCfg;
import com.nis.domain.configuration.PxyObjKeyring;
import com.nis.domain.configuration.PxyObjSpoofingIpPool;
import com.nis.domain.configuration.template.BlackListComplexStringTemplate;
import com.nis.domain.configuration.template.BlackListIPTemplate;
import com.nis.domain.configuration.template.BlackListP2pHashStringTemplate;
import com.nis.domain.configuration.template.BlackListP2pIpTemplate;
import com.nis.domain.configuration.template.BlackListStringTemplate;
import com.nis.domain.configuration.template.ComplexStringAllTemplate;
import com.nis.domain.configuration.template.DomainInterceptMonitTemplate;
import com.nis.domain.configuration.template.DomainInterceptRateLimitTemplate;
import com.nis.domain.configuration.template.DomainInterceptTemplate;
import com.nis.domain.configuration.template.IpAllNotDoLogTemplate;
import com.nis.domain.configuration.template.IpAllTemplate;
import com.nis.domain.configuration.template.IpPayloadTemplate;
import com.nis.domain.configuration.template.IpRateLimitTemplate;
import com.nis.domain.configuration.template.IpSpoofingTemplate;
import com.nis.domain.configuration.template.P2pHashStringTemplate;
import com.nis.domain.configuration.template.P2pIpTemplate;
import com.nis.domain.configuration.template.StringAllTemplate;
import com.nis.exceptions.MaatConvertException;
import com.nis.util.ConfigServiceUtil;
import com.nis.util.Constants;
@@ -53,8 +64,6 @@ import com.nis.util.excel.ImportBigExcel;
import com.nis.web.controller.configuration.CommonController;
import com.nis.web.security.UserUtils;
import jersey.repackaged.com.google.common.collect.Maps;
/**
* IP相关配置控制类
*
@@ -269,7 +278,7 @@ public class InterceptController extends CommonController {
* redirectAttributes){ this._exportIp(columns,model, request, response,
* entity, ids, redirectAttributes); }
*/
@RequestMapping(value = {"/ippayload/import","/ip/import"}, method=RequestMethod.POST)
@RequestMapping(value = {"/ippayload/import","/ip/import","/domain/import"}, method=RequestMethod.POST)
public String importIPList(HttpServletRequest request,HttpServletResponse response,RedirectAttributes redirectAttributes,
@RequestParam("files") MultipartFile[] files
,Integer serviceDictId
@@ -283,6 +292,7 @@ public class InterceptController extends CommonController {
FunctionServiceDict serviceDict = DictUtils.getFunctionServiceDict(serviceDictId);
StringBuffer errTip=new StringBuffer();
BlockingQueue<BaseIpCfg> ipPortCfgs =null;
BlockingQueue<BaseStringCfg<?>> stringCfgs =null;
List<CfgIndexInfo> cfgIndexInfos = new ArrayList<CfgIndexInfo>();
ImportBigExcel ei=null;
Properties properties=this.getMsgProp();
@@ -303,6 +313,38 @@ public class InterceptController extends CommonController {
ei.loadInitParams(IpSpoofingTemplate.class, properties, regionDict, serviceDict);
BlockingQueue<IpSpoofingTemplate> list = ei.getDataList(IpSpoofingTemplate.class );
ipPortCfgs=this.checkIpCfgMulity(errTip,serviceDict, regionDict,null,null, list);
} else if(regionDict.getFunctionId().equals(200)) {//Intercept Policy
if(regionDict.getDictId().equals(53)) {
if(serviceDict.getAction().equals(64)) {
//加载模板
ei.loadInitParams(IpRateLimitTemplate.class, properties, regionDict, serviceDict);
BlockingQueue<IpRateLimitTemplate> list = ei.getDataList(IpRateLimitTemplate.class );
ipPortCfgs=this.checkIpCfgMulity(errTip,serviceDict, regionDict,null,null, list);
}else {
//加载模板
ei.loadInitParams(IpAllNotDoLogTemplate.class, properties, regionDict, serviceDict);
BlockingQueue<IpAllNotDoLogTemplate> list = ei.getDataList(IpAllNotDoLogTemplate.class );
ipPortCfgs=this.checkIpCfgMulity(errTip,serviceDict, regionDict,null,null, list);
}
}
if(regionDict.getDictId().equals(56)) {
if(serviceDict.getAction().equals(1)){// 监测
//加载模板
ei.loadInitParams(DomainInterceptMonitTemplate.class, properties, regionDict, serviceDict);
BlockingQueue<DomainInterceptMonitTemplate> list = ei.getDataList(DomainInterceptMonitTemplate.class);
stringCfgs=this.checkStringCfgMulity(errTip,serviceDict, regionDict, list);
}else if(serviceDict.getAction().equals(64)){// 限速
//加载模板
ei.loadInitParams(DomainInterceptRateLimitTemplate.class, properties, regionDict, serviceDict);
BlockingQueue<DomainInterceptRateLimitTemplate> list = ei.getDataList(DomainInterceptRateLimitTemplate.class);
stringCfgs=this.checkStringCfgMulity(errTip,serviceDict, regionDict, list);
}else{// 白名单
//加载模板
ei.loadInitParams(DomainInterceptTemplate.class, properties, regionDict, serviceDict);
BlockingQueue<DomainInterceptTemplate> list = ei.getDataList(DomainInterceptTemplate.class);
stringCfgs=this.checkStringCfgMulity(errTip,serviceDict, regionDict, list);
}
}
}
//------------------------------------check format end----------------------------
//删除文件
@@ -312,84 +354,146 @@ public class InterceptController extends CommonController {
Date date = new Date();
String isSend = request.getParameter("isSend")==null?"":request.getParameter("isSend");
List<BaseIpCfg> _ipPortCfgs=Lists.newArrayList(Constants.MAAT_JSON_SEND_SIZE);
while(!ipPortCfgs.isEmpty()) {
ipPortCfgs.drainTo(_ipPortCfgs, Constants.MAAT_JSON_SEND_SIZE);
List<Integer> compileIds=Lists.newArrayList();
List<Integer> regionIds=Lists.newArrayList();
List<Integer> groupIds=Lists.newArrayList();
List<Integer> numRegionGroupIds=Lists.newArrayList();
List<Integer> numRegionRegionIds=Lists.newArrayList();
try {
compileIds = ConfigServiceUtil.getId(1,_ipPortCfgs.size());
if(isSend.equals("1")) {
groupIds = ConfigServiceUtil.getId(2,_ipPortCfgs.size());
regionIds = ConfigServiceUtil.getId(3,_ipPortCfgs.size());
//需要获取数值域的id
if(serviceDict!=null&&serviceDict.getProtocolId()!=null&&serviceDict.getProtocolId()>0) {
numRegionGroupIds = ConfigServiceUtil.getId(2,_ipPortCfgs.size());
numRegionRegionIds = ConfigServiceUtil.getId(3,_ipPortCfgs.size());
if (regionDict.getRegionType().equals(1)) {// IP
while(!ipPortCfgs.isEmpty()) {
ipPortCfgs.drainTo(_ipPortCfgs, Constants.MAAT_JSON_SEND_SIZE);
List<Integer> compileIds=Lists.newArrayList();
List<Integer> regionIds=Lists.newArrayList();
List<Integer> groupIds=Lists.newArrayList();
List<Integer> numRegionGroupIds=Lists.newArrayList();
List<Integer> numRegionRegionIds=Lists.newArrayList();
try {
compileIds = ConfigServiceUtil.getId(1,_ipPortCfgs.size());
if(isSend.equals("1")) {
groupIds = ConfigServiceUtil.getId(2,_ipPortCfgs.size());
regionIds = ConfigServiceUtil.getId(3,_ipPortCfgs.size());
//需要获取数值域的id
if(serviceDict!=null&&serviceDict.getProtocolId()!=null&&serviceDict.getProtocolId()>0) {
numRegionGroupIds = ConfigServiceUtil.getId(2,_ipPortCfgs.size());
numRegionRegionIds = ConfigServiceUtil.getId(3,_ipPortCfgs.size());
}
}
}
} catch (Exception e) {
e.printStackTrace();
logger.info("获取编译ID出错");
throw new MaatConvertException("<spring:message code=\"request_service_failed\"/>:"+e.getMessage());
}
int ind=0;
for (BaseIpCfg cfg : _ipPortCfgs) {
cfg.setAction(serviceDict==null?null:serviceDict.getAction());
cfg.setCfgRegionCode(regionDict.getConfigRegionCode());
cfg.setCfgType(regionDict.getConfigRegionValue());
cfg.setCreateTime(date);
cfg.setCreatorId(UserUtils.getUser().getId());
cfg.setFunctionId(regionDict.getFunctionId());
if(isSend.equals("1")) {
cfg.setIsAudit(Constants.AUDIT_YES);
cfg.setIsValid(Constants.VALID_YES);
cfg.setAuditorId(UserUtils.getUser().getId());
cfg.setAuditTime(date);
if(groupIds!=null&&groupIds.size()==_ipPortCfgs.size()) {
cfg.setGroupId(groupIds.get(ind));
}
if(regionIds!=null&&regionIds.size()==_ipPortCfgs.size()) {
cfg.setRegionId(regionIds.get(ind));
}
if(serviceDict!=null&&serviceDict.getProtocolId()!=null) {
if(numRegionGroupIds!=null&&numRegionGroupIds.size()==_ipPortCfgs.size()) {
cfg.setNumberRegionGroupId(numRegionGroupIds.get(ind));
} catch (Exception e) {
e.printStackTrace();
logger.info("获取编译ID出错");
throw new MaatConvertException("<spring:message code=\"request_service_failed\"/>:"+e.getMessage());
}
int ind=0;
for (BaseIpCfg cfg : _ipPortCfgs) {
cfg.setAction(serviceDict==null?null:serviceDict.getAction());
cfg.setCfgRegionCode(regionDict.getConfigRegionCode());
cfg.setCfgType(regionDict.getConfigRegionValue());
cfg.setCreateTime(date);
cfg.setCreatorId(UserUtils.getUser().getId());
cfg.setFunctionId(regionDict.getFunctionId());
if(isSend.equals("1")) {
cfg.setIsAudit(Constants.AUDIT_YES);
cfg.setIsValid(Constants.VALID_YES);
cfg.setAuditorId(UserUtils.getUser().getId());
cfg.setAuditTime(date);
if(groupIds!=null&&groupIds.size()==_ipPortCfgs.size()) {
cfg.setGroupId(groupIds.get(ind));
}
if(numRegionRegionIds!=null&&numRegionRegionIds.size()==_ipPortCfgs.size()) {
cfg.setNumberRegionRegionId(numRegionRegionIds.get(ind));
if(regionIds!=null&&regionIds.size()==_ipPortCfgs.size()) {
cfg.setRegionId(regionIds.get(ind));
}
if(serviceDict!=null&&serviceDict.getProtocolId()!=null) {
if(numRegionGroupIds!=null&&numRegionGroupIds.size()==_ipPortCfgs.size()) {
cfg.setNumberRegionGroupId(numRegionGroupIds.get(ind));
}
if(numRegionRegionIds!=null&&numRegionRegionIds.size()==_ipPortCfgs.size()) {
cfg.setNumberRegionRegionId(numRegionRegionIds.get(ind));
}
}
}else {
cfg.setIsAudit(Constants.AUDIT_NOT_YET);
cfg.setIsValid(Constants.VALID_NO);
}
cfg.setIsAreaEffective(0);
cfg.setLable("0");
cfg.setRequestId(StringUtil.isEmpty(requestId) ? 0 : requestId);
cfg.setAttribute(attribute);
cfg.setClassify(classify);
cfg.setServiceId(serviceDict==null?null:serviceDict.getServiceId());
cfg.setTableName("ip_port_cfg");
if(compileIds.size()==_ipPortCfgs.size()) {
cfg.setCompileId(compileIds.get(ind));
}
if(regionDict.getFunctionId().equals(212)||regionDict.getFunctionId().equals(200)) {// IP Payload ,Intercept Policy
CfgIndexInfo cfgIndexInfo = new CfgIndexInfo();
BeanUtils.copyProperties(cfg, cfgIndexInfo,new String[] {"cfgId"});
cfgIndexInfos.add(cfgIndexInfo);
}
ind++;
}
if(serviceDict.getFunctionId().equals(214)) {// IpSpoofing
interceptCfgService.saveAndSendSpoofingIpPool(_ipPortCfgs, cfgIndexInfos,isSend.equals("1"));
}else {
cfg.setIsAudit(Constants.AUDIT_NOT_YET);
cfg.setIsValid(Constants.VALID_NO);
interceptCfgService.saveAndSend(regionDict,cfgIndexInfos, _ipPortCfgs, isSend.equals("1"));
}
cfg.setIsAreaEffective(0);
cfg.setLable("0");
cfg.setRequestId(StringUtil.isEmpty(requestId) ? 0 : requestId);
cfg.setAttribute(attribute);
cfg.setClassify(classify);
cfg.setServiceId(serviceDict==null?null:serviceDict.getServiceId());
cfg.setTableName("ip_port_cfg");
if(compileIds.size()==_ipPortCfgs.size()) {
cfg.setCompileId(compileIds.get(ind));
cfgIndexInfos.clear();
_ipPortCfgs.clear();
}
}else if(regionDict.getRegionType().equals(2)){//String
List<BaseStringCfg<?>> _stringCfgs=Lists.newArrayList(Constants.MAAT_JSON_SEND_SIZE);
while(!stringCfgs.isEmpty()) {
stringCfgs.drainTo(_stringCfgs, Constants.MAAT_JSON_SEND_SIZE);
List<Integer> compileIds=Lists.newArrayList();
List<Integer> groupIds=Lists.newArrayList();
List<Integer> regionIds=Lists.newArrayList();
try {
compileIds = ConfigServiceUtil.getId(1,_stringCfgs.size());
if(isSend.equals("1")) {
groupIds = ConfigServiceUtil.getId(2,_stringCfgs.size());
regionIds = ConfigServiceUtil.getId(3,_stringCfgs.size());
}
} catch (Exception e) {
e.printStackTrace();
logger.info("获取编译ID出错");
throw new MaatConvertException("<spring:message code=\"request_service_failed\"/>:"+e.getMessage());
}
if(serviceDict.getFunctionId().equals(212)) {// IP Payload
int ind=0;
for (BaseStringCfg cfg : _stringCfgs) {
cfg.setAction(serviceDict.getAction());
cfg.setCfgRegionCode(regionDict.getConfigRegionCode());
cfg.setCfgType(regionDict.getConfigRegionValue());
cfg.setCreateTime(date);
cfg.setCreatorId(UserUtils.getUser().getId());
//cfg.setDoLog(2);
cfg.setFunctionId(regionDict.getFunctionId());
if(isSend.equals("1")) {
cfg.setIsAudit(Constants.AUDIT_YES);
cfg.setIsValid(Constants.VALID_YES);
cfg.setAuditorId(UserUtils.getUser().getId());
cfg.setAuditTime(date);
if(groupIds!=null&&groupIds.size()==_stringCfgs.size()) {
cfg.setGroupId(groupIds.get(ind));
}
if(regionIds!=null&&regionIds.size()==_stringCfgs.size()) {
cfg.setRegionId(regionIds.get(ind));
}
}else {
cfg.setIsAudit(Constants.AUDIT_NOT_YET);
cfg.setIsValid(Constants.VALID_NO);
}
cfg.setIsAreaEffective(0);
cfg.setLable("0");
cfg.setRequestId(StringUtil.isEmpty(requestId) ? 0 : requestId);
cfg.setAttribute(attribute);
cfg.setClassify(classify);
cfg.setServiceId(serviceDict.getServiceId());
if(compileIds!=null&&compileIds.size()==_stringCfgs.size()) {
cfg.setCompileId(compileIds.get(ind));
}
CfgIndexInfo cfgIndexInfo = new CfgIndexInfo();
BeanUtils.copyProperties(cfg, cfgIndexInfo,new String[] {"cfgId"});
BeanUtils.copyProperties(cfg, cfgIndexInfo, new String[] {"cfgId"});
cfgIndexInfos.add(cfgIndexInfo);
ind++;
}
ind++;
interceptCfgService.saveAndSend(regionDict,cfgIndexInfos, _stringCfgs, isSend.equals("1"));
cfgIndexInfos.clear();
_stringCfgs.clear();
}
if(serviceDict.getFunctionId().equals(214)) {// IpSpoofing
interceptCfgService.saveAndSendSpoofingIpPool(_ipPortCfgs, cfgIndexInfos,isSend.equals("1"));
}else {
interceptCfgService.saveAndSendIPList(regionDict, serviceDict, _ipPortCfgs, cfgIndexInfos,isSend.equals("1"));
}
cfgIndexInfos.clear();
_ipPortCfgs.clear();
}
if(errTip.toString().length()>0) {
addMessage(redirectAttributes,"error", errTip.toString());
@@ -606,5 +710,5 @@ public class InterceptController extends CommonController {
// return "redirect:" + adminPath
// +"/ntc/iplist/list?functionId="+entity.getFunctionId();
}
}

76
src/main/java/com/nis/web/service/configuration/DdosCfgService.java
View File

@@ -1,45 +1,39 @@
package com.nis.web.service.configuration;
import java.lang.reflect.InvocationTargetException;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.ibatis.session.ExecutorType;
import org.apache.ibatis.session.SqlSession;
import org.apache.ibatis.session.SqlSessionFactory;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import com.beust.jcommander.internal.Lists;
import com.google.gson.Gson;
import com.nis.domain.FunctionRegionDict;
import com.nis.domain.Page;
import com.nis.domain.callback.InlineIp;
import com.nis.domain.configuration.BaseCfg;
import com.nis.domain.configuration.BaseIpCfg;
import com.nis.domain.configuration.CfgIndexInfo;
import com.nis.domain.configuration.DdosIpCfg;
import com.nis.domain.configuration.IpPortCfg;
import com.nis.domain.maat.MaatCfg;
import com.nis.domain.maat.ToMaatBean;
import com.nis.domain.maat.ToMaatResult;
import com.nis.domain.maat.MaatCfg.DigestCfg;
import com.nis.domain.maat.MaatCfg.GroupCfg;
import com.nis.domain.maat.MaatCfg.IpCfg;
import com.nis.domain.maat.MaatCfg.NumBoundaryCfg;
import com.nis.domain.maat.MaatCfg.StringCfg;
import com.nis.domain.maat.ToMaatBean;
import com.nis.domain.maat.ToMaatResult;
import com.nis.exceptions.MaatConvertException;
import com.nis.util.ConfigServiceUtil;
import com.nis.util.Constants;
import com.nis.util.StringUtil;
import com.nis.web.dao.configuration.DdosCfgDao;
import com.nis.web.dao.configuration.IpCfgDao;
import com.nis.web.security.UserUtils;
import com.nis.web.service.BaseService;
import com.nis.web.service.SpringContextHolder;
@@ -335,4 +329,64 @@ public class DdosCfgService extends BaseService{
}
}
/**
* 配置导入,目前只支持单sheet
* @param regionDict
* @param cfgIndexInfos
* @param data
* @param send
* @throws NoSuchMethodException
* @throws InvocationTargetException
* @throws IllegalAccessException
*/
@Transactional(readOnly=false,rollbackFor=RuntimeException.class)
public void saveAndSend(FunctionRegionDict regionDict,List<? extends BaseCfg<?>> data,boolean send) throws IllegalAccessException, InvocationTargetException, NoSuchMethodException {
if(data!=null&&!data.isEmpty()) {
List<MaatCfg> configCompileList = new ArrayList();
if(data.get(0) instanceof BaseIpCfg) {
for (int index = 0; index < data.size(); index++) {
DdosIpCfg ddosIpCfg=new DdosIpCfg();
BeanUtils.copyProperties(data.get(index), ddosIpCfg);
//如果insert加入了select last_insert_id会拖慢6~7倍以上的效率
ddosCfgDao.insert(ddosIpCfg);
if (send) {
if(regionDict.getIsMaat().intValue()==1) {
MaatCfg maatCfg=convertMaatCfg(data.get(index),1);
//userregion处理
Map umap= new HashMap();
umap.put("protocol", ddosIpCfg.getAntiddosProtocol());
umap.put("bps_threadshold", ddosIpCfg.getBpsThreadshold());
umap.put("pps_threadshold", ddosIpCfg.getPpsThreadshold());
maatCfg.setUserRegion(new Gson().toJson(umap));
configCompileList.add(maatCfg);
}
}
}
}
if (send && configCompileList.size() > 0) {
ToMaatBean maatBean = new ToMaatBean();
maatBean.setConfigCompileList(configCompileList);
maatBean.setAuditTime(new Date());
maatBean.setCreatorName(UserUtils.getUser().getName());
maatBean.setVersion(Constants.MAAT_VERSION);
maatBean.setOpAction(Constants.INSERT_ACTION);
long start=System.currentTimeMillis();
// 调用服务接口下发配置数据
String json = BaseService.gsonToJson(maatBean);
if(configCompileList.size()>10) {
logger.info("ddps ip配置下发配置条数" + configCompileList.size());
}else {
logger.info("ddps ip配置下发配置参数" + json);
}
// 调用服务接口下发配置
ToMaatResult result = ConfigServiceUtil.postMaatCfg(json);
logger.info("ddps ip配置下发响应信息" + result.getMsg());
long end=System.currentTimeMillis();
logger.info("ddps ip配置下发配置耗时" + (end-start));
}
}
}
}

190
src/main/java/com/nis/web/service/configuration/InterceptCfgService.java
View File

@@ -45,6 +45,7 @@ import com.nis.web.dao.configuration.AreaIpCfgDao;
import com.nis.web.dao.configuration.InterceptCfgDao;
import com.nis.web.dao.configuration.IpCfgDao;
import com.nis.web.dao.configuration.PxyObjSpoofingIpPoolDao;
import com.nis.web.dao.configuration.StringCfgDao;
import com.nis.web.dao.configuration.WebsiteCfgDao;
import com.nis.web.security.UserUtils;
import com.nis.web.service.BaseService;
@@ -68,6 +69,8 @@ public class InterceptCfgService extends CrudService<WebsiteCfgDao,CfgIndexInfo>
protected PxyObjSpoofingIpPoolDao pxyObjSpoofingIpPoolDao;
@Autowired
protected IpCfgDao ipCfgDao;
@Autowired
protected StringCfgDao stringCfgDao;
public CfgIndexInfo getInterceptCfg(Long cfgId,Integer compileId){
CfgIndexInfo entity = websiteCfgDao.getCfgIndexInfo(cfgId,compileId);
List<IpPortCfg> ipPortList = websiteCfgDao.getIpPortList(entity);
@@ -590,95 +593,122 @@ public class InterceptCfgService extends CrudService<WebsiteCfgDao,CfgIndexInfo>
logger.info("intercept IP/DNS 配置取消配置响应信息:"+result.getMsg());
}
}
/**
* 配置导入,目前只支持单sheet
* @param regionDict
* @param cfgIndexInfos
* @param data
* @param send
*/
@Transactional(readOnly=false,rollbackFor=RuntimeException.class)
public void saveAndSendIPList(FunctionRegionDict regionDict, FunctionServiceDict serviceDict,List<BaseIpCfg> list,List<CfgIndexInfo> cfgIndexInfos,boolean send) {
public void saveAndSend(FunctionRegionDict regionDict,List<CfgIndexInfo> cfgIndexInfos,List<? extends BaseCfg<?>> data,boolean send) {
if (cfgIndexInfos != null && cfgIndexInfos.size() > 0) {
this.saveCfgIndexOf(cfgIndexInfos);
}
Integer regionType = regionDict.getRegionType();
if (1 == regionType.intValue()) {
SqlSessionFactory sqlSessionFactory=SpringContextHolder.getBean(SqlSessionFactory.class);
SqlSession batchSqlSession = null;
List<MaatCfg> configCompileList = new ArrayList();
List<InlineIp> callbackIpList = new ArrayList();
try{
batchSqlSession = sqlSessionFactory.openSession(ExecutorType.BATCH, false);
for(int index = 0; index < list.size();index++){
BaseIpCfg _cfg = list.get(index);
batchSqlSession.getMapper(IpCfgDao.class).insertForBatch(_cfg);
if(send) {
if(regionDict.getIsMaat().intValue()==1) {
MaatCfg maatCfg=convertMaatCfg(_cfg,1);
//userregion处理
if(regionDict.getFunctionId()==212) {
String userRegion=Constants.REPLACE_ZONE_KEY+"="+_cfg.getUserRegion1();
String substitute="";
String userRegion2=StringUtil.isEmpty(_cfg.getUserRegion2()) ? "":_cfg.getUserRegion2();
substitute="/";
userRegion2 = BaseService.replaceContentEscape(userRegion2);
substitute=substitute+userRegion2;
String userRegion3=StringUtil.isEmpty(_cfg.getUserRegion3()) ? "":_cfg.getUserRegion3();
userRegion3 = BaseService.replaceContentEscape(userRegion3);
substitute=substitute+"/"+userRegion3;
userRegion=userRegion+";"+Constants.REPLACE_SUBSTITUTE_KEY+"="+substitute;
maatCfg.setUserRegion(userRegion);
if(data!=null&&!data.isEmpty()) {
List<MaatCfg> configCompileList = new ArrayList();
if(data.get(0) instanceof BaseIpCfg) {
for (int index = 0; index < data.size(); index++) {
BaseIpCfg cfg =(BaseIpCfg)data.get(index);
ipCfgDao.insertForBatch(cfg);
if (send) {
if(regionDict.getIsMaat().intValue()==1) {
MaatCfg maatCfg=convertMaatCfg(cfg,1);
//userregion处理
if(regionDict.getFunctionId()==212) {
String userRegion=Constants.REPLACE_ZONE_KEY+"="+cfg.getUserRegion1();
String substitute="";
String userRegion2=StringUtil.isEmpty(cfg.getUserRegion2()) ? "":cfg.getUserRegion2();
substitute="/";
userRegion2 = BaseService.replaceContentEscape(userRegion2);
substitute=substitute+userRegion2;
String userRegion3=StringUtil.isEmpty(cfg.getUserRegion3()) ? "":cfg.getUserRegion3();
userRegion3 = BaseService.replaceContentEscape(userRegion3);
substitute=substitute+"/"+userRegion3;
userRegion=userRegion+";"+Constants.REPLACE_SUBSTITUTE_KEY+"="+substitute;
maatCfg.setUserRegion(userRegion);
}else if(regionDict.getFunctionId()==200) {
//监测 需要发keyring_id
if(cfg.getAction().equals(Constants.MONIT_ACTION)){
cfg.setUserRegion1(StringUtil.isEmpty(cfg.getUserRegion1()) ? "0":cfg.getUserRegion1());
maatCfg.setUserRegion(Constants.INTERCEPT_IP_MONIT_USER_REGION_KEY+"="+cfg.getUserRegion1());
//监测的域名需下发拦截强度
cfg.setUserRegion5(StringUtil.isEmpty(cfg.getUserRegion5()) ? "1":cfg.getUserRegion5());
if(StringUtil.isEmpty(maatCfg.getUserRegion())) {
maatCfg.setUserRegion(Constants.INTERCEPT_DOMAN_INTENSITY_USER_REGION_KEY+"="+cfg.getUserRegion5());
}else {
maatCfg.setUserRegion(maatCfg.getUserRegion()+";"+Constants.INTERCEPT_DOMAN_INTENSITY_USER_REGION_KEY+"="+cfg.getUserRegion5());
}
}
configCompileList.add(maatCfg);
}else {
//根据具体情况判断
callbackIpList.add(this.convertCallBackIp(_cfg,_cfg.getDnsStrategyId()));
}
}
}
long start=System.currentTimeMillis();
long end=System.currentTimeMillis();
if (send) {
if(configCompileList.size() > 0) {
ToMaatBean maatBean = new ToMaatBean();
maatBean.setConfigCompileList(configCompileList);
maatBean.setAuditTime(new Date());
maatBean.setCreatorName(UserUtils.getUser().getName());
maatBean.setVersion(Constants.MAAT_VERSION);
maatBean.setOpAction(Constants.INSERT_ACTION);
start=System.currentTimeMillis();
// 调用服务接口下发配置数据
String json = BaseService.gsonToJson(maatBean);
if(configCompileList.size()>10) {
logger.info("IP 配置下发配置条数:" + configCompileList.size());
}else {
logger.info("IP 配置下发配置参数:" + json);
}
// 调用服务接口下发配置
ToMaatResult result = ConfigServiceUtil.postMaatCfg(json);
logger.info("IP 配置下发响应信息:" + result.getMsg());
end=System.currentTimeMillis();
logger.info("IP 配置下发配置耗时:" + (end-start));
}else {
//调用服务接口下发配置数据
String json=gsonToJson(callbackIpList);
logger.info("IP配置下发配置参数"+json);
//调用服务接口下发配置
try {
ToMaatResult result = ConfigServiceUtil.postCallbackCfg(json);
if(result!=null){
logger.info("IP配置配置下发响应信息"+result.getMsg());
//限速 需要发Droprate=0.001 暂不支持Bandwidth=200kbps
if(cfg.getAction().equals(Constants.RATELIMIT_ACTION)){
if(cfg.getUserRegion1().equals("0")){//丢包率
cfg.setUserRegion2(StringUtil.isEmpty(cfg.getUserRegion2()) ? "":cfg.getUserRegion2());
maatCfg.setUserRegion(Constants.INTERCEPT_IP_RATELIMIT_DROPRATE_USER_REGION_KEY+"="+cfg.getUserRegion2());
}else if(cfg.getUserRegion1().equals("1")){//带宽
cfg.setUserRegion3(StringUtil.isEmpty(cfg.getUserRegion3()) ? "":cfg.getUserRegion3());
maatCfg.setUserRegion(Constants.INTERCEPT_IP_RATELIMIT_BANDWITH_USER_REGION_KEY+"="+cfg.getUserRegion3());
}
}
} catch (Exception e) {
logger.error("IP配置配置下发失败",e);
throw e;
}
}
configCompileList.add(maatCfg);
}
}
batchSqlSession.commit();
}finally {
if(batchSqlSession != null){
batchSqlSession.close();
}
}
}
}else if(data.get(0) instanceof BaseStringCfg) {
for (int index = 0; index < data.size(); index++) {
BaseStringCfg cfg = (BaseStringCfg)data.get(index);
if(cfg.getCfgKeywords()!=null && !"".equals(cfg.getCfgKeywords())){
if(regionDict.getDictId().intValue() == 56){
cfg.setTableName("http_url_cfg");
}
stringCfgDao.saveStringCfgBatch(cfg);
}
if (send) {
if(regionDict.getIsMaat().intValue()==1) {
MaatCfg maatCfg=convertMaatCfg(cfg,2);
//userregion处理
if(regionDict.getFunctionId()==200) {// Domain Intercept
String userRegion = Constants.USERREGION_DOMAIN_ID+"="+cfg.getCompileId()+";"+Constants.USERREGION_DOMAIN_STR+"="+cfg.getCfgKeywords();
if(cfg.getAction().equals(Constants.MONIT_ACTION)) {// 监测 需要发keyring_id、拦截强度
userRegion = Constants.INTERCEPT_IP_MONIT_USER_REGION_KEY+"=0"+";"+Constants.INTERCEPT_DOMAN_INTENSITY_USER_REGION_KEY+"="+cfg.getUserRegion5()+";" + userRegion;
}else if(cfg.getAction().equals(Constants.RATELIMIT_ACTION)) {// 限速 需要发Droprate
userRegion = Constants.INTERCEPT_IP_RATELIMIT_DROPRATE_USER_REGION_KEY+"="+cfg.getUserRegion2()+";" + userRegion;
}
maatCfg.setUserRegion(userRegion);
}
configCompileList.add(maatCfg);
}
}
}
}
if (send && configCompileList.size() > 0) {
ToMaatBean maatBean = new ToMaatBean();
maatBean.setConfigCompileList(configCompileList);
maatBean.setAuditTime(new Date());
maatBean.setCreatorName(UserUtils.getUser().getName());
maatBean.setVersion(Constants.MAAT_VERSION);
maatBean.setOpAction(Constants.INSERT_ACTION);
long start=System.currentTimeMillis();
// 调用服务接口下发配置数据
String json = BaseService.gsonToJson(maatBean);
if(configCompileList.size()>10) {
logger.info("intercept IP/DNS配置下发配置条数" + configCompileList.size());
}else {
logger.info("intercept IP/DNS配置下发配置参数" + json);
}
// 调用服务接口下发配置
ToMaatResult result = ConfigServiceUtil.postMaatCfg(json);
logger.info("intercept IP/DNS配置下发响应信息" + result.getMsg());
long end=System.currentTimeMillis();
logger.info("intercept IP/DNS配置下发配置耗时" + (end-start));
}
}
}
/**
* 处理IpSpoofing配置导入

1
src/main/webapp/WEB-INF/views/cfg/ddosIpCfgList.jsp
View File

@@ -521,6 +521,7 @@
</div>
</div>
<c:set var="importPath" value="/manipulation/ddos/list?functionId=${cfg.functionId}"/>
<c:set var="importUrl" value="/manipulation/ddos/import"/>
<!-- 模板导入start -->
<%@include file="/WEB-INF/include/excel/importModal.jsp" %>
</body>