diff --git a/src/main/java/com/nis/web/controller/configuration/manipulation/DdosCfgController.java b/src/main/java/com/nis/web/controller/configuration/manipulation/DdosCfgController.java index 73df9f61b..58dcc2a76 100644 --- a/src/main/java/com/nis/web/controller/configuration/manipulation/DdosCfgController.java +++ b/src/main/java/com/nis/web/controller/configuration/manipulation/DdosCfgController.java @@ -6,35 +6,40 @@ import java.util.HashMap; import java.util.HashSet; import java.util.List; import java.util.Map; +import java.util.Properties; import java.util.Set; +import java.util.concurrent.BlockingQueue; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.beanutils.BeanUtils; -import org.apache.cxf.common.util.StringUtils; import org.apache.shiro.authz.annotation.RequiresPermissions; +import org.jets3t.service.ServiceException; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.web.bind.annotation.ModelAttribute; import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.multipart.MultipartFile; import org.springframework.web.servlet.mvc.support.RedirectAttributes; +import com.beust.jcommander.internal.Lists; +import com.nis.domain.FunctionRegionDict; +import com.nis.domain.FunctionServiceDict; import com.nis.domain.Page; -import com.nis.domain.basics.ServiceDictInfo; -import com.nis.domain.configuration.AvFileSampleCfg; -import com.nis.domain.configuration.AvVoipAccountCfg; import com.nis.domain.configuration.BaseIpCfg; import com.nis.domain.configuration.CfgIndexInfo; import com.nis.domain.configuration.DdosIpCfg; -import com.nis.domain.configuration.DnsResStrategy; import com.nis.domain.configuration.IpPortCfg; -import com.nis.domain.configuration.NtcSubscribeIdCfg; -import com.nis.domain.configuration.DdosIpCfg; -import com.nis.domain.configuration.RequestInfo; +import com.nis.domain.configuration.template.DdosIpTemplate; import com.nis.exceptions.MaatConvertException; +import com.nis.util.ConfigServiceUtil; import com.nis.util.Constants; +import com.nis.util.DictUtils; import com.nis.util.StringUtil; +import com.nis.util.excel.ImportBigExcel; import com.nis.web.controller.BaseController; import com.nis.web.security.UserUtils; @@ -266,4 +271,156 @@ public class DdosCfgController extends BaseController { model.addAttribute("tabList", tabList); return "/cfg/ddosSubList"; } + @RequestMapping(value = {"import"}, method=RequestMethod.POST) + public String importCfg(HttpServletRequest request,HttpServletResponse response,RedirectAttributes redirectAttributes, + @RequestParam("files") MultipartFile[] files + ,Integer serviceDictId + ,Integer requestId + ,String attribute + ,String classify + ,String regionDictIds + ,String importPath) { + logger.warn("import start..."); + long start=System.currentTimeMillis(); + ImportBigExcel ei=null; + try { + FunctionServiceDict serviceDict = DictUtils.getFunctionServiceDict(serviceDictId); + StringBuffer errTip=new StringBuffer(); + BlockingQueue ipPortCfgs =null; + Properties properties=this.getMsgProp(); + for (int i = 0; i < files.length; i++) { + MultipartFile file = files[i]; + ei = new ImportBigExcel(file, 0, 1); + FunctionRegionDict regionDict = DictUtils + .getFunctionRegionDict(Integer.parseInt(regionDictIds.split(",")[i])); + //------------------------------------check format start---------------------------- + if (regionDict.getRegionType().equals(1)) {// IP + //加载模板 + ei.loadInitParams(DdosIpTemplate.class, properties, regionDict, serviceDict); + BlockingQueue list = ei.getDataList(DdosIpTemplate.class ); + ipPortCfgs=this.checkIpCfgMulity(errTip,serviceDict, regionDict, null,null, list); + + } + //删除文件 + if(ei.getUploadFile()!=null&&ei.getUploadFile().exists()) { + ei.getUploadFile().delete(); + } + //------------------------------------check format end---------------------------- + Date date = new Date(); + String isSend = request.getParameter("isSend")==null?"":request.getParameter("isSend"); + if (regionDict.getRegionType().equals(1)) {// IP + List _ipPortCfgs=Lists.newArrayList(Constants.MAAT_JSON_SEND_SIZE); + while(!ipPortCfgs.isEmpty()) { + ipPortCfgs.drainTo(_ipPortCfgs, Constants.MAAT_JSON_SEND_SIZE); + List compileIds=Lists.newArrayList(); + List regionIds=Lists.newArrayList(); + List groupIds=Lists.newArrayList(); + List numRegionGroupIds=Lists.newArrayList(); + List numRegionRegionIds=Lists.newArrayList(); + if(!regionDict.getFunctionId().equals(405)) {//app ip compileId 从config_group_info中取 + try { + compileIds = ConfigServiceUtil.getId(1,_ipPortCfgs.size()); + if(isSend.equals("1")) { + groupIds = ConfigServiceUtil.getId(2,_ipPortCfgs.size()); + regionIds = ConfigServiceUtil.getId(3,_ipPortCfgs.size()); + //需要获取数值域的id + if(serviceDict!=null&&serviceDict.getProtocolId()!=null&&serviceDict.getProtocolId()>0) { + numRegionGroupIds = ConfigServiceUtil.getId(2,_ipPortCfgs.size()); + numRegionRegionIds = ConfigServiceUtil.getId(3,_ipPortCfgs.size()); + } + } + } catch (Exception e) { + e.printStackTrace(); + logger.info("获取编译ID出错"); + throw new MaatConvertException(":"+e.getMessage()); + } + }else { + try { + regionIds = ConfigServiceUtil.getId(3,_ipPortCfgs.size()); + } catch (Exception e) { + e.printStackTrace(); + logger.info("获取域ID出错"); + throw new MaatConvertException(":"+e.getMessage()); + } + } + int ind=0; + for (BaseIpCfg cfg : _ipPortCfgs) { + cfg.setAction(serviceDict==null?null:serviceDict.getAction()); + /*cfg.setAuditorId(UserUtils.getUser().getId()); + cfg.setAuditTime(date);*/ + cfg.setCfgRegionCode(regionDict.getConfigRegionCode()); + cfg.setCfgType(regionDict.getConfigRegionValue()); + cfg.setCreateTime(date); + cfg.setCreatorId(UserUtils.getUser().getId()); + //cfg.setDoLog(2); + cfg.setFunctionId(regionDict.getFunctionId()); + if(isSend.equals("1")) { + cfg.setIsAudit(Constants.AUDIT_YES); + cfg.setIsValid(Constants.VALID_YES); + cfg.setAuditorId(UserUtils.getUser().getId()); + cfg.setAuditTime(date); + if(groupIds!=null&&groupIds.size()==_ipPortCfgs.size()) { + cfg.setGroupId(groupIds.get(ind)); + } + if(regionIds!=null&®ionIds.size()==_ipPortCfgs.size()) { + cfg.setRegionId(regionIds.get(ind)); + } + if(serviceDict!=null&&serviceDict.getProtocolId()!=null) { + if(numRegionGroupIds!=null&&numRegionGroupIds.size()==_ipPortCfgs.size()) { + cfg.setNumberRegionGroupId(numRegionGroupIds.get(ind)); + } + if(numRegionRegionIds!=null&&numRegionRegionIds.size()==_ipPortCfgs.size()) { + cfg.setNumberRegionRegionId(numRegionRegionIds.get(ind)); + } + } + }else { + cfg.setIsAudit(Constants.AUDIT_NOT_YET); + cfg.setIsValid(Constants.VALID_NO); + } + cfg.setIsAreaEffective(0); + cfg.setLable("0"); + cfg.setRequestId(StringUtil.isEmpty(requestId) ? 0 : requestId); + cfg.setAttribute(attribute); + cfg.setClassify(classify); + cfg.setServiceId(serviceDict==null?null:serviceDict.getServiceId()); + cfg.setTableName("ip_port_cfg"); + if(compileIds.size()==_ipPortCfgs.size()) { + cfg.setCompileId(compileIds.get(ind)); + } + CfgIndexInfo cfgIndexInfo = new CfgIndexInfo(); + org.springframework.beans.BeanUtils.copyProperties(cfg, cfgIndexInfo,new String[] {"cfgId"}); + if(cfg.getDnsStrategyId()!=null) { + cfgIndexInfo.setDnsStrategyId(Long.parseLong(cfg.getDnsStrategyId().toString())); + } + ind++; + } + ddosCfgService.saveAndSend(regionDict, _ipPortCfgs, isSend.equals("1")); + _ipPortCfgs.clear(); + } + } + } + if(errTip.toString().length()>0) { + addMessage(redirectAttributes,"error", errTip.toString()); + } + } catch (Exception e) { + if(ei!=null) { + if(ei.getUploadFile().exists()) { + ei.getUploadFile().delete(); + } + } + if(e instanceof MaatConvertException) { + addMessage(redirectAttributes,"error", "request_service_failed"); + }else if(e instanceof ServiceException) { + addMessage(redirectAttributes,"error", e.getMessage()); + }else if(e instanceof IndexOutOfBoundsException){ + addMessage(redirectAttributes,"error", "template_error"); + }else { + addMessage(redirectAttributes,"error", "import_failed"); + } + e.printStackTrace(); + } + long end=System.currentTimeMillis(); + logger.warn("import finish,cost:"+(end-start)); + return "redirect:" + adminPath+ importPath; + } } diff --git a/src/main/java/com/nis/web/controller/configuration/proxy/InterceptController.java b/src/main/java/com/nis/web/controller/configuration/proxy/InterceptController.java index 58bbc0987..da6b85f32 100644 --- a/src/main/java/com/nis/web/controller/configuration/proxy/InterceptController.java +++ b/src/main/java/com/nis/web/controller/configuration/proxy/InterceptController.java @@ -29,21 +29,32 @@ import com.beust.jcommander.internal.Lists; import com.nis.domain.FunctionRegionDict; import com.nis.domain.FunctionServiceDict; import com.nis.domain.Page; -import com.nis.domain.basics.AsnGroupInfo; -import com.nis.domain.basics.PolicyGroupInfo; +import com.nis.domain.configuration.AppPolicyCfg; import com.nis.domain.configuration.BaseIpCfg; import com.nis.domain.configuration.BaseStringCfg; import com.nis.domain.configuration.CfgIndexInfo; +import com.nis.domain.configuration.ComplexkeywordCfg; import com.nis.domain.configuration.HttpUrlCfg; import com.nis.domain.configuration.InterceptPktBin; import com.nis.domain.configuration.IpPortCfg; import com.nis.domain.configuration.PxyObjKeyring; -import com.nis.domain.configuration.PxyObjSpoofingIpPool; +import com.nis.domain.configuration.template.BlackListComplexStringTemplate; +import com.nis.domain.configuration.template.BlackListIPTemplate; +import com.nis.domain.configuration.template.BlackListP2pHashStringTemplate; +import com.nis.domain.configuration.template.BlackListP2pIpTemplate; +import com.nis.domain.configuration.template.BlackListStringTemplate; +import com.nis.domain.configuration.template.ComplexStringAllTemplate; +import com.nis.domain.configuration.template.DomainInterceptMonitTemplate; +import com.nis.domain.configuration.template.DomainInterceptRateLimitTemplate; +import com.nis.domain.configuration.template.DomainInterceptTemplate; import com.nis.domain.configuration.template.IpAllNotDoLogTemplate; import com.nis.domain.configuration.template.IpAllTemplate; import com.nis.domain.configuration.template.IpPayloadTemplate; import com.nis.domain.configuration.template.IpRateLimitTemplate; import com.nis.domain.configuration.template.IpSpoofingTemplate; +import com.nis.domain.configuration.template.P2pHashStringTemplate; +import com.nis.domain.configuration.template.P2pIpTemplate; +import com.nis.domain.configuration.template.StringAllTemplate; import com.nis.exceptions.MaatConvertException; import com.nis.util.ConfigServiceUtil; import com.nis.util.Constants; @@ -53,8 +64,6 @@ import com.nis.util.excel.ImportBigExcel; import com.nis.web.controller.configuration.CommonController; import com.nis.web.security.UserUtils; -import jersey.repackaged.com.google.common.collect.Maps; - /** * IP相关配置控制类 * @@ -269,7 +278,7 @@ public class InterceptController extends CommonController { * redirectAttributes){ this._exportIp(columns,model, request, response, * entity, ids, redirectAttributes); } */ - @RequestMapping(value = {"/ippayload/import","/ip/import"}, method=RequestMethod.POST) + @RequestMapping(value = {"/ippayload/import","/ip/import","/domain/import"}, method=RequestMethod.POST) public String importIPList(HttpServletRequest request,HttpServletResponse response,RedirectAttributes redirectAttributes, @RequestParam("files") MultipartFile[] files ,Integer serviceDictId @@ -283,6 +292,7 @@ public class InterceptController extends CommonController { FunctionServiceDict serviceDict = DictUtils.getFunctionServiceDict(serviceDictId); StringBuffer errTip=new StringBuffer(); BlockingQueue ipPortCfgs =null; + BlockingQueue> stringCfgs =null; List cfgIndexInfos = new ArrayList(); ImportBigExcel ei=null; Properties properties=this.getMsgProp(); @@ -303,6 +313,38 @@ public class InterceptController extends CommonController { ei.loadInitParams(IpSpoofingTemplate.class, properties, regionDict, serviceDict); BlockingQueue list = ei.getDataList(IpSpoofingTemplate.class ); ipPortCfgs=this.checkIpCfgMulity(errTip,serviceDict, regionDict,null,null, list); + } else if(regionDict.getFunctionId().equals(200)) {//Intercept Policy + if(regionDict.getDictId().equals(53)) { + if(serviceDict.getAction().equals(64)) { + //加载模板 + ei.loadInitParams(IpRateLimitTemplate.class, properties, regionDict, serviceDict); + BlockingQueue list = ei.getDataList(IpRateLimitTemplate.class ); + ipPortCfgs=this.checkIpCfgMulity(errTip,serviceDict, regionDict,null,null, list); + }else { + //加载模板 + ei.loadInitParams(IpAllNotDoLogTemplate.class, properties, regionDict, serviceDict); + BlockingQueue list = ei.getDataList(IpAllNotDoLogTemplate.class ); + ipPortCfgs=this.checkIpCfgMulity(errTip,serviceDict, regionDict,null,null, list); + } + } + if(regionDict.getDictId().equals(56)) { + if(serviceDict.getAction().equals(1)){// 监测 + //加载模板 + ei.loadInitParams(DomainInterceptMonitTemplate.class, properties, regionDict, serviceDict); + BlockingQueue list = ei.getDataList(DomainInterceptMonitTemplate.class); + stringCfgs=this.checkStringCfgMulity(errTip,serviceDict, regionDict, list); + }else if(serviceDict.getAction().equals(64)){// 限速 + //加载模板 + ei.loadInitParams(DomainInterceptRateLimitTemplate.class, properties, regionDict, serviceDict); + BlockingQueue list = ei.getDataList(DomainInterceptRateLimitTemplate.class); + stringCfgs=this.checkStringCfgMulity(errTip,serviceDict, regionDict, list); + }else{// 白名单 + //加载模板 + ei.loadInitParams(DomainInterceptTemplate.class, properties, regionDict, serviceDict); + BlockingQueue list = ei.getDataList(DomainInterceptTemplate.class); + stringCfgs=this.checkStringCfgMulity(errTip,serviceDict, regionDict, list); + } + } } //------------------------------------check format end---------------------------- //删除文件 @@ -312,84 +354,146 @@ public class InterceptController extends CommonController { Date date = new Date(); String isSend = request.getParameter("isSend")==null?"":request.getParameter("isSend"); List _ipPortCfgs=Lists.newArrayList(Constants.MAAT_JSON_SEND_SIZE); - while(!ipPortCfgs.isEmpty()) { - ipPortCfgs.drainTo(_ipPortCfgs, Constants.MAAT_JSON_SEND_SIZE); - List compileIds=Lists.newArrayList(); - List regionIds=Lists.newArrayList(); - List groupIds=Lists.newArrayList(); - List numRegionGroupIds=Lists.newArrayList(); - List numRegionRegionIds=Lists.newArrayList(); - try { - compileIds = ConfigServiceUtil.getId(1,_ipPortCfgs.size()); - if(isSend.equals("1")) { - groupIds = ConfigServiceUtil.getId(2,_ipPortCfgs.size()); - regionIds = ConfigServiceUtil.getId(3,_ipPortCfgs.size()); - //需要获取数值域的id - if(serviceDict!=null&&serviceDict.getProtocolId()!=null&&serviceDict.getProtocolId()>0) { - numRegionGroupIds = ConfigServiceUtil.getId(2,_ipPortCfgs.size()); - numRegionRegionIds = ConfigServiceUtil.getId(3,_ipPortCfgs.size()); + if (regionDict.getRegionType().equals(1)) {// IP + while(!ipPortCfgs.isEmpty()) { + ipPortCfgs.drainTo(_ipPortCfgs, Constants.MAAT_JSON_SEND_SIZE); + List compileIds=Lists.newArrayList(); + List regionIds=Lists.newArrayList(); + List groupIds=Lists.newArrayList(); + List numRegionGroupIds=Lists.newArrayList(); + List numRegionRegionIds=Lists.newArrayList(); + try { + compileIds = ConfigServiceUtil.getId(1,_ipPortCfgs.size()); + if(isSend.equals("1")) { + groupIds = ConfigServiceUtil.getId(2,_ipPortCfgs.size()); + regionIds = ConfigServiceUtil.getId(3,_ipPortCfgs.size()); + //需要获取数值域的id + if(serviceDict!=null&&serviceDict.getProtocolId()!=null&&serviceDict.getProtocolId()>0) { + numRegionGroupIds = ConfigServiceUtil.getId(2,_ipPortCfgs.size()); + numRegionRegionIds = ConfigServiceUtil.getId(3,_ipPortCfgs.size()); + } } - } - } catch (Exception e) { - e.printStackTrace(); - logger.info("获取编译ID出错"); - throw new MaatConvertException(":"+e.getMessage()); - } - int ind=0; - for (BaseIpCfg cfg : _ipPortCfgs) { - cfg.setAction(serviceDict==null?null:serviceDict.getAction()); - cfg.setCfgRegionCode(regionDict.getConfigRegionCode()); - cfg.setCfgType(regionDict.getConfigRegionValue()); - cfg.setCreateTime(date); - cfg.setCreatorId(UserUtils.getUser().getId()); - cfg.setFunctionId(regionDict.getFunctionId()); - if(isSend.equals("1")) { - cfg.setIsAudit(Constants.AUDIT_YES); - cfg.setIsValid(Constants.VALID_YES); - cfg.setAuditorId(UserUtils.getUser().getId()); - cfg.setAuditTime(date); - if(groupIds!=null&&groupIds.size()==_ipPortCfgs.size()) { - cfg.setGroupId(groupIds.get(ind)); - } - if(regionIds!=null&®ionIds.size()==_ipPortCfgs.size()) { - cfg.setRegionId(regionIds.get(ind)); - } - if(serviceDict!=null&&serviceDict.getProtocolId()!=null) { - if(numRegionGroupIds!=null&&numRegionGroupIds.size()==_ipPortCfgs.size()) { - cfg.setNumberRegionGroupId(numRegionGroupIds.get(ind)); + } catch (Exception e) { + e.printStackTrace(); + logger.info("获取编译ID出错"); + throw new MaatConvertException(":"+e.getMessage()); + } + int ind=0; + for (BaseIpCfg cfg : _ipPortCfgs) { + cfg.setAction(serviceDict==null?null:serviceDict.getAction()); + cfg.setCfgRegionCode(regionDict.getConfigRegionCode()); + cfg.setCfgType(regionDict.getConfigRegionValue()); + cfg.setCreateTime(date); + cfg.setCreatorId(UserUtils.getUser().getId()); + cfg.setFunctionId(regionDict.getFunctionId()); + if(isSend.equals("1")) { + cfg.setIsAudit(Constants.AUDIT_YES); + cfg.setIsValid(Constants.VALID_YES); + cfg.setAuditorId(UserUtils.getUser().getId()); + cfg.setAuditTime(date); + if(groupIds!=null&&groupIds.size()==_ipPortCfgs.size()) { + cfg.setGroupId(groupIds.get(ind)); } - if(numRegionRegionIds!=null&&numRegionRegionIds.size()==_ipPortCfgs.size()) { - cfg.setNumberRegionRegionId(numRegionRegionIds.get(ind)); + if(regionIds!=null&®ionIds.size()==_ipPortCfgs.size()) { + cfg.setRegionId(regionIds.get(ind)); } + if(serviceDict!=null&&serviceDict.getProtocolId()!=null) { + if(numRegionGroupIds!=null&&numRegionGroupIds.size()==_ipPortCfgs.size()) { + cfg.setNumberRegionGroupId(numRegionGroupIds.get(ind)); + } + if(numRegionRegionIds!=null&&numRegionRegionIds.size()==_ipPortCfgs.size()) { + cfg.setNumberRegionRegionId(numRegionRegionIds.get(ind)); + } + } + }else { + cfg.setIsAudit(Constants.AUDIT_NOT_YET); + cfg.setIsValid(Constants.VALID_NO); } + cfg.setIsAreaEffective(0); + cfg.setLable("0"); + cfg.setRequestId(StringUtil.isEmpty(requestId) ? 0 : requestId); + cfg.setAttribute(attribute); + cfg.setClassify(classify); + cfg.setServiceId(serviceDict==null?null:serviceDict.getServiceId()); + cfg.setTableName("ip_port_cfg"); + if(compileIds.size()==_ipPortCfgs.size()) { + cfg.setCompileId(compileIds.get(ind)); + } + if(regionDict.getFunctionId().equals(212)||regionDict.getFunctionId().equals(200)) {// IP Payload ,Intercept Policy + CfgIndexInfo cfgIndexInfo = new CfgIndexInfo(); + BeanUtils.copyProperties(cfg, cfgIndexInfo,new String[] {"cfgId"}); + cfgIndexInfos.add(cfgIndexInfo); + } + ind++; + } + if(serviceDict.getFunctionId().equals(214)) {// IpSpoofing + interceptCfgService.saveAndSendSpoofingIpPool(_ipPortCfgs, cfgIndexInfos,isSend.equals("1")); }else { - cfg.setIsAudit(Constants.AUDIT_NOT_YET); - cfg.setIsValid(Constants.VALID_NO); + interceptCfgService.saveAndSend(regionDict,cfgIndexInfos, _ipPortCfgs, isSend.equals("1")); } - cfg.setIsAreaEffective(0); - cfg.setLable("0"); - cfg.setRequestId(StringUtil.isEmpty(requestId) ? 0 : requestId); - cfg.setAttribute(attribute); - cfg.setClassify(classify); - cfg.setServiceId(serviceDict==null?null:serviceDict.getServiceId()); - cfg.setTableName("ip_port_cfg"); - if(compileIds.size()==_ipPortCfgs.size()) { - cfg.setCompileId(compileIds.get(ind)); + cfgIndexInfos.clear(); + _ipPortCfgs.clear(); + } + }else if(regionDict.getRegionType().equals(2)){//String + List> _stringCfgs=Lists.newArrayList(Constants.MAAT_JSON_SEND_SIZE); + while(!stringCfgs.isEmpty()) { + stringCfgs.drainTo(_stringCfgs, Constants.MAAT_JSON_SEND_SIZE); + List compileIds=Lists.newArrayList(); + List groupIds=Lists.newArrayList(); + List regionIds=Lists.newArrayList(); + try { + compileIds = ConfigServiceUtil.getId(1,_stringCfgs.size()); + if(isSend.equals("1")) { + groupIds = ConfigServiceUtil.getId(2,_stringCfgs.size()); + regionIds = ConfigServiceUtil.getId(3,_stringCfgs.size()); + } + } catch (Exception e) { + e.printStackTrace(); + logger.info("获取编译ID出错"); + throw new MaatConvertException(":"+e.getMessage()); } - if(serviceDict.getFunctionId().equals(212)) {// IP Payload + int ind=0; + for (BaseStringCfg cfg : _stringCfgs) { + cfg.setAction(serviceDict.getAction()); + cfg.setCfgRegionCode(regionDict.getConfigRegionCode()); + cfg.setCfgType(regionDict.getConfigRegionValue()); + cfg.setCreateTime(date); + cfg.setCreatorId(UserUtils.getUser().getId()); + //cfg.setDoLog(2); + cfg.setFunctionId(regionDict.getFunctionId()); + if(isSend.equals("1")) { + cfg.setIsAudit(Constants.AUDIT_YES); + cfg.setIsValid(Constants.VALID_YES); + cfg.setAuditorId(UserUtils.getUser().getId()); + cfg.setAuditTime(date); + if(groupIds!=null&&groupIds.size()==_stringCfgs.size()) { + cfg.setGroupId(groupIds.get(ind)); + } + if(regionIds!=null&®ionIds.size()==_stringCfgs.size()) { + cfg.setRegionId(regionIds.get(ind)); + } + }else { + cfg.setIsAudit(Constants.AUDIT_NOT_YET); + cfg.setIsValid(Constants.VALID_NO); + } + cfg.setIsAreaEffective(0); + cfg.setLable("0"); + cfg.setRequestId(StringUtil.isEmpty(requestId) ? 0 : requestId); + cfg.setAttribute(attribute); + cfg.setClassify(classify); + cfg.setServiceId(serviceDict.getServiceId()); + if(compileIds!=null&&compileIds.size()==_stringCfgs.size()) { + cfg.setCompileId(compileIds.get(ind)); + } CfgIndexInfo cfgIndexInfo = new CfgIndexInfo(); - BeanUtils.copyProperties(cfg, cfgIndexInfo,new String[] {"cfgId"}); + BeanUtils.copyProperties(cfg, cfgIndexInfo, new String[] {"cfgId"}); cfgIndexInfos.add(cfgIndexInfo); + ind++; } - ind++; + interceptCfgService.saveAndSend(regionDict,cfgIndexInfos, _stringCfgs, isSend.equals("1")); + cfgIndexInfos.clear(); + _stringCfgs.clear(); } - if(serviceDict.getFunctionId().equals(214)) {// IpSpoofing - interceptCfgService.saveAndSendSpoofingIpPool(_ipPortCfgs, cfgIndexInfos,isSend.equals("1")); - }else { - interceptCfgService.saveAndSendIPList(regionDict, serviceDict, _ipPortCfgs, cfgIndexInfos,isSend.equals("1")); - } - cfgIndexInfos.clear(); - _ipPortCfgs.clear(); } if(errTip.toString().length()>0) { addMessage(redirectAttributes,"error", errTip.toString()); @@ -606,5 +710,5 @@ public class InterceptController extends CommonController { // return "redirect:" + adminPath // +"/ntc/iplist/list?functionId="+entity.getFunctionId(); } - + } diff --git a/src/main/java/com/nis/web/service/configuration/DdosCfgService.java b/src/main/java/com/nis/web/service/configuration/DdosCfgService.java index 20e1f0736..570d41d0b 100644 --- a/src/main/java/com/nis/web/service/configuration/DdosCfgService.java +++ b/src/main/java/com/nis/web/service/configuration/DdosCfgService.java @@ -1,45 +1,39 @@ package com.nis.web.service.configuration; +import java.lang.reflect.InvocationTargetException; import java.util.ArrayList; import java.util.Date; import java.util.HashMap; import java.util.List; import java.util.Map; -import org.apache.ibatis.session.ExecutorType; -import org.apache.ibatis.session.SqlSession; -import org.apache.ibatis.session.SqlSessionFactory; import org.springframework.beans.BeanUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; -import com.beust.jcommander.internal.Lists; import com.google.gson.Gson; +import com.nis.domain.FunctionRegionDict; import com.nis.domain.Page; -import com.nis.domain.callback.InlineIp; +import com.nis.domain.configuration.BaseCfg; import com.nis.domain.configuration.BaseIpCfg; -import com.nis.domain.configuration.CfgIndexInfo; import com.nis.domain.configuration.DdosIpCfg; -import com.nis.domain.configuration.IpPortCfg; import com.nis.domain.maat.MaatCfg; -import com.nis.domain.maat.ToMaatBean; -import com.nis.domain.maat.ToMaatResult; import com.nis.domain.maat.MaatCfg.DigestCfg; import com.nis.domain.maat.MaatCfg.GroupCfg; import com.nis.domain.maat.MaatCfg.IpCfg; import com.nis.domain.maat.MaatCfg.NumBoundaryCfg; import com.nis.domain.maat.MaatCfg.StringCfg; +import com.nis.domain.maat.ToMaatBean; +import com.nis.domain.maat.ToMaatResult; import com.nis.exceptions.MaatConvertException; import com.nis.util.ConfigServiceUtil; import com.nis.util.Constants; import com.nis.util.StringUtil; import com.nis.web.dao.configuration.DdosCfgDao; -import com.nis.web.dao.configuration.IpCfgDao; import com.nis.web.security.UserUtils; import com.nis.web.service.BaseService; -import com.nis.web.service.SpringContextHolder; @@ -335,4 +329,64 @@ public class DdosCfgService extends BaseService{ } } + + /** + * 配置导入,目前只支持单sheet + * @param regionDict + * @param cfgIndexInfos + * @param data + * @param send + * @throws NoSuchMethodException + * @throws InvocationTargetException + * @throws IllegalAccessException + */ + @Transactional(readOnly=false,rollbackFor=RuntimeException.class) + public void saveAndSend(FunctionRegionDict regionDict,List> data,boolean send) throws IllegalAccessException, InvocationTargetException, NoSuchMethodException { + if(data!=null&&!data.isEmpty()) { + List configCompileList = new ArrayList(); + if(data.get(0) instanceof BaseIpCfg) { + for (int index = 0; index < data.size(); index++) { + DdosIpCfg ddosIpCfg=new DdosIpCfg(); + BeanUtils.copyProperties(data.get(index), ddosIpCfg); + //如果insert加入了select last_insert_id,会拖慢6~7倍以上的效率 + ddosCfgDao.insert(ddosIpCfg); + if (send) { + if(regionDict.getIsMaat().intValue()==1) { + MaatCfg maatCfg=convertMaatCfg(data.get(index),1); + //userregion处理 + Map umap= new HashMap(); + umap.put("protocol", ddosIpCfg.getAntiddosProtocol()); + umap.put("bps_threadshold", ddosIpCfg.getBpsThreadshold()); + umap.put("pps_threadshold", ddosIpCfg.getPpsThreadshold()); + maatCfg.setUserRegion(new Gson().toJson(umap)); + configCompileList.add(maatCfg); + } + } + } + } + if (send && configCompileList.size() > 0) { + ToMaatBean maatBean = new ToMaatBean(); + maatBean.setConfigCompileList(configCompileList); + maatBean.setAuditTime(new Date()); + maatBean.setCreatorName(UserUtils.getUser().getName()); + maatBean.setVersion(Constants.MAAT_VERSION); + maatBean.setOpAction(Constants.INSERT_ACTION); + long start=System.currentTimeMillis(); + // 调用服务接口下发配置数据 + String json = BaseService.gsonToJson(maatBean); + if(configCompileList.size()>10) { + logger.info("ddps ip配置下发配置条数:" + configCompileList.size()); + }else { + logger.info("ddps ip配置下发配置参数:" + json); + } + // 调用服务接口下发配置 + ToMaatResult result = ConfigServiceUtil.postMaatCfg(json); + logger.info("ddps ip配置下发响应信息:" + result.getMsg()); + long end=System.currentTimeMillis(); + logger.info("ddps ip配置下发配置耗时:" + (end-start)); + + } + } + + } } diff --git a/src/main/java/com/nis/web/service/configuration/InterceptCfgService.java b/src/main/java/com/nis/web/service/configuration/InterceptCfgService.java index 742a98d1f..db14afeda 100644 --- a/src/main/java/com/nis/web/service/configuration/InterceptCfgService.java +++ b/src/main/java/com/nis/web/service/configuration/InterceptCfgService.java @@ -45,6 +45,7 @@ import com.nis.web.dao.configuration.AreaIpCfgDao; import com.nis.web.dao.configuration.InterceptCfgDao; import com.nis.web.dao.configuration.IpCfgDao; import com.nis.web.dao.configuration.PxyObjSpoofingIpPoolDao; +import com.nis.web.dao.configuration.StringCfgDao; import com.nis.web.dao.configuration.WebsiteCfgDao; import com.nis.web.security.UserUtils; import com.nis.web.service.BaseService; @@ -68,6 +69,8 @@ public class InterceptCfgService extends CrudService protected PxyObjSpoofingIpPoolDao pxyObjSpoofingIpPoolDao; @Autowired protected IpCfgDao ipCfgDao; + @Autowired + protected StringCfgDao stringCfgDao; public CfgIndexInfo getInterceptCfg(Long cfgId,Integer compileId){ CfgIndexInfo entity = websiteCfgDao.getCfgIndexInfo(cfgId,compileId); List ipPortList = websiteCfgDao.getIpPortList(entity); @@ -590,95 +593,122 @@ public class InterceptCfgService extends CrudService logger.info("intercept IP/DNS 配置取消配置响应信息:"+result.getMsg()); } } + /** + * 配置导入,目前只支持单sheet + * @param regionDict + * @param cfgIndexInfos + * @param data + * @param send + */ @Transactional(readOnly=false,rollbackFor=RuntimeException.class) - public void saveAndSendIPList(FunctionRegionDict regionDict, FunctionServiceDict serviceDict,List list,List cfgIndexInfos,boolean send) { + public void saveAndSend(FunctionRegionDict regionDict,List cfgIndexInfos,List> data,boolean send) { if (cfgIndexInfos != null && cfgIndexInfos.size() > 0) { this.saveCfgIndexOf(cfgIndexInfos); } - Integer regionType = regionDict.getRegionType(); - if (1 == regionType.intValue()) { - SqlSessionFactory sqlSessionFactory=SpringContextHolder.getBean(SqlSessionFactory.class); - SqlSession batchSqlSession = null; - List configCompileList = new ArrayList(); - List callbackIpList = new ArrayList(); - try{ - batchSqlSession = sqlSessionFactory.openSession(ExecutorType.BATCH, false); - for(int index = 0; index < list.size();index++){ - BaseIpCfg _cfg = list.get(index); - batchSqlSession.getMapper(IpCfgDao.class).insertForBatch(_cfg); - if(send) { - if(regionDict.getIsMaat().intValue()==1) { - MaatCfg maatCfg=convertMaatCfg(_cfg,1); - //userregion处理 - if(regionDict.getFunctionId()==212) { - String userRegion=Constants.REPLACE_ZONE_KEY+"="+_cfg.getUserRegion1(); - String substitute=""; - String userRegion2=StringUtil.isEmpty(_cfg.getUserRegion2()) ? "":_cfg.getUserRegion2(); - substitute="/"; - userRegion2 = BaseService.replaceContentEscape(userRegion2); - substitute=substitute+userRegion2; - - String userRegion3=StringUtil.isEmpty(_cfg.getUserRegion3()) ? "":_cfg.getUserRegion3(); - userRegion3 = BaseService.replaceContentEscape(userRegion3); - substitute=substitute+"/"+userRegion3; - - userRegion=userRegion+";"+Constants.REPLACE_SUBSTITUTE_KEY+"="+substitute; - maatCfg.setUserRegion(userRegion); + if(data!=null&&!data.isEmpty()) { + List configCompileList = new ArrayList(); + if(data.get(0) instanceof BaseIpCfg) { + for (int index = 0; index < data.size(); index++) { + BaseIpCfg cfg =(BaseIpCfg)data.get(index); + ipCfgDao.insertForBatch(cfg); + if (send) { + if(regionDict.getIsMaat().intValue()==1) { + MaatCfg maatCfg=convertMaatCfg(cfg,1); + //userregion处理 + if(regionDict.getFunctionId()==212) { + String userRegion=Constants.REPLACE_ZONE_KEY+"="+cfg.getUserRegion1(); + String substitute=""; + String userRegion2=StringUtil.isEmpty(cfg.getUserRegion2()) ? "":cfg.getUserRegion2(); + substitute="/"; + userRegion2 = BaseService.replaceContentEscape(userRegion2); + substitute=substitute+userRegion2; + + String userRegion3=StringUtil.isEmpty(cfg.getUserRegion3()) ? "":cfg.getUserRegion3(); + userRegion3 = BaseService.replaceContentEscape(userRegion3); + substitute=substitute+"/"+userRegion3; + + userRegion=userRegion+";"+Constants.REPLACE_SUBSTITUTE_KEY+"="+substitute; + maatCfg.setUserRegion(userRegion); + }else if(regionDict.getFunctionId()==200) { + //监测 需要发keyring_id + if(cfg.getAction().equals(Constants.MONIT_ACTION)){ + cfg.setUserRegion1(StringUtil.isEmpty(cfg.getUserRegion1()) ? "0":cfg.getUserRegion1()); + maatCfg.setUserRegion(Constants.INTERCEPT_IP_MONIT_USER_REGION_KEY+"="+cfg.getUserRegion1()); + //监测的域名需下发拦截强度 + cfg.setUserRegion5(StringUtil.isEmpty(cfg.getUserRegion5()) ? "1":cfg.getUserRegion5()); + if(StringUtil.isEmpty(maatCfg.getUserRegion())) { + maatCfg.setUserRegion(Constants.INTERCEPT_DOMAN_INTENSITY_USER_REGION_KEY+"="+cfg.getUserRegion5()); + }else { + maatCfg.setUserRegion(maatCfg.getUserRegion()+";"+Constants.INTERCEPT_DOMAN_INTENSITY_USER_REGION_KEY+"="+cfg.getUserRegion5()); + } } - configCompileList.add(maatCfg); - }else { - //根据具体情况判断 - callbackIpList.add(this.convertCallBackIp(_cfg,_cfg.getDnsStrategyId())); - } - } - } - long start=System.currentTimeMillis(); - long end=System.currentTimeMillis(); - if (send) { - if(configCompileList.size() > 0) { - ToMaatBean maatBean = new ToMaatBean(); - maatBean.setConfigCompileList(configCompileList); - maatBean.setAuditTime(new Date()); - maatBean.setCreatorName(UserUtils.getUser().getName()); - maatBean.setVersion(Constants.MAAT_VERSION); - maatBean.setOpAction(Constants.INSERT_ACTION); - start=System.currentTimeMillis(); - // 调用服务接口下发配置数据 - String json = BaseService.gsonToJson(maatBean); - if(configCompileList.size()>10) { - logger.info("IP 配置下发配置条数:" + configCompileList.size()); - }else { - logger.info("IP 配置下发配置参数:" + json); - } - // 调用服务接口下发配置 - - ToMaatResult result = ConfigServiceUtil.postMaatCfg(json); - logger.info("IP 配置下发响应信息:" + result.getMsg()); - end=System.currentTimeMillis(); - logger.info("IP 配置下发配置耗时:" + (end-start)); - }else { - //调用服务接口下发配置数据 - String json=gsonToJson(callbackIpList); - logger.info("IP配置下发配置参数:"+json); - //调用服务接口下发配置 - try { - ToMaatResult result = ConfigServiceUtil.postCallbackCfg(json); - if(result!=null){ - logger.info("IP配置配置下发响应信息:"+result.getMsg()); + //限速 需要发Droprate=0.001 ,暂不支持Bandwidth=200kbps + if(cfg.getAction().equals(Constants.RATELIMIT_ACTION)){ + if(cfg.getUserRegion1().equals("0")){//丢包率 + cfg.setUserRegion2(StringUtil.isEmpty(cfg.getUserRegion2()) ? "":cfg.getUserRegion2()); + maatCfg.setUserRegion(Constants.INTERCEPT_IP_RATELIMIT_DROPRATE_USER_REGION_KEY+"="+cfg.getUserRegion2()); + }else if(cfg.getUserRegion1().equals("1")){//带宽 + cfg.setUserRegion3(StringUtil.isEmpty(cfg.getUserRegion3()) ? "":cfg.getUserRegion3()); + maatCfg.setUserRegion(Constants.INTERCEPT_IP_RATELIMIT_BANDWITH_USER_REGION_KEY+"="+cfg.getUserRegion3()); + } } - } catch (Exception e) { - logger.error("IP配置配置下发失败",e); - throw e; } - } + configCompileList.add(maatCfg); + } } - batchSqlSession.commit(); - }finally { - if(batchSqlSession != null){ - batchSqlSession.close(); - } - } + } + }else if(data.get(0) instanceof BaseStringCfg) { + for (int index = 0; index < data.size(); index++) { + BaseStringCfg cfg = (BaseStringCfg)data.get(index); + if(cfg.getCfgKeywords()!=null && !"".equals(cfg.getCfgKeywords())){ + if(regionDict.getDictId().intValue() == 56){ + cfg.setTableName("http_url_cfg"); + } + stringCfgDao.saveStringCfgBatch(cfg); + } + if (send) { + if(regionDict.getIsMaat().intValue()==1) { + MaatCfg maatCfg=convertMaatCfg(cfg,2); + //userregion处理 + if(regionDict.getFunctionId()==200) {// Domain Intercept + String userRegion = Constants.USERREGION_DOMAIN_ID+"="+cfg.getCompileId()+";"+Constants.USERREGION_DOMAIN_STR+"="+cfg.getCfgKeywords(); + if(cfg.getAction().equals(Constants.MONIT_ACTION)) {// 监测 需要发keyring_id、拦截强度 + userRegion = Constants.INTERCEPT_IP_MONIT_USER_REGION_KEY+"=0"+";"+Constants.INTERCEPT_DOMAN_INTENSITY_USER_REGION_KEY+"="+cfg.getUserRegion5()+";" + userRegion; + }else if(cfg.getAction().equals(Constants.RATELIMIT_ACTION)) {// 限速 需要发Droprate + userRegion = Constants.INTERCEPT_IP_RATELIMIT_DROPRATE_USER_REGION_KEY+"="+cfg.getUserRegion2()+";" + userRegion; + } + maatCfg.setUserRegion(userRegion); + } + configCompileList.add(maatCfg); + } + + } + } } + if (send && configCompileList.size() > 0) { + ToMaatBean maatBean = new ToMaatBean(); + maatBean.setConfigCompileList(configCompileList); + maatBean.setAuditTime(new Date()); + maatBean.setCreatorName(UserUtils.getUser().getName()); + maatBean.setVersion(Constants.MAAT_VERSION); + maatBean.setOpAction(Constants.INSERT_ACTION); + long start=System.currentTimeMillis(); + // 调用服务接口下发配置数据 + String json = BaseService.gsonToJson(maatBean); + if(configCompileList.size()>10) { + logger.info("intercept IP/DNS配置下发配置条数:" + configCompileList.size()); + }else { + logger.info("intercept IP/DNS配置下发配置参数:" + json); + } + // 调用服务接口下发配置 + ToMaatResult result = ConfigServiceUtil.postMaatCfg(json); + logger.info("intercept IP/DNS配置下发响应信息:" + result.getMsg()); + long end=System.currentTimeMillis(); + logger.info("intercept IP/DNS配置下发配置耗时:" + (end-start)); + + } + } + } /** * 处理IpSpoofing配置导入 diff --git a/src/main/webapp/WEB-INF/views/cfg/ddosIpCfgList.jsp b/src/main/webapp/WEB-INF/views/cfg/ddosIpCfgList.jsp index ffa09a39c..4a8658cee 100644 --- a/src/main/webapp/WEB-INF/views/cfg/ddosIpCfgList.jsp +++ b/src/main/webapp/WEB-INF/views/cfg/ddosIpCfgList.jsp @@ -521,6 +521,7 @@ + <%@include file="/WEB-INF/include/excel/importModal.jsp" %>