(1)验证调整,IPV6的IP/掩码格式掩码必须为2的指数幂,小于等于128
(2)域名白名单审核提交
This commit is contained in:
wangxin
@@ -198,12 +198,12 @@ public class WhiteListController extends BaseController{
|
||||
List<BaseStringCfg> beans=stringCfgService.getListByCfgId(HttpUrlCfg.getTablename(),ids);
|
||||
Date date=new Date();
|
||||
for(BaseStringCfg bean:beans){
|
||||
bean.setTableName(IpPortCfg.getTablename());
|
||||
bean.setTableName(HttpUrlCfg.getTablename());
|
||||
bean.setAuditorId(bean.getCurrentUser().getId());
|
||||
bean.setAuditTime(date);
|
||||
bean.setIsAudit(cfg.getIsAudit());
|
||||
bean.setIsValid(cfg.getIsValid());
|
||||
stringCfgService.auditWhiteDomain(cfg);
|
||||
stringCfgService.auditWhiteDomain(bean);
|
||||
}
|
||||
addMessage(redirectAttributes,"audit_success");
|
||||
}catch(Exception e){
|
||||
|
||||
@@ -3,8 +3,10 @@ package com.nis.web.service.configuration;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Date;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.beans.BeanUtils;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Service;
|
||||
import org.springframework.transaction.annotation.Transactional;
|
||||
@@ -13,7 +15,14 @@ import com.nis.domain.configuration.BaseIpCfg;
|
||||
import com.nis.domain.configuration.BaseStringCfg;
|
||||
import com.nis.domain.configuration.HttpUrlCfg;
|
||||
import com.nis.domain.configuration.IpPortCfg;
|
||||
import com.nis.domain.maat.MaatCfg;
|
||||
import com.nis.domain.maat.ToMaatBean;
|
||||
import com.nis.domain.maat.ToMaatResult;
|
||||
import com.nis.domain.maat.MaatCfg.DigestCfg;
|
||||
import com.nis.domain.maat.MaatCfg.GroupCfg;
|
||||
import com.nis.domain.maat.MaatCfg.IpCfg;
|
||||
import com.nis.domain.maat.MaatCfg.NumBoundaryCfg;
|
||||
import com.nis.domain.maat.MaatCfg.StringCfg;
|
||||
import com.nis.exceptions.MaatConvertException;
|
||||
import com.nis.util.ConfigServiceUtil;
|
||||
import com.nis.util.Constants;
|
||||
@@ -93,9 +102,40 @@ public class StringCfgService extends CrudService<StringCfgDao,BaseStringCfg> {
|
||||
List<BaseStringCfg> beans=new ArrayList<>();
|
||||
beans.add(cfg);
|
||||
this.auditBatch(beans, StringCfgDao.class);
|
||||
List<MaatCfg> configCompileList = new ArrayList();
|
||||
List<GroupCfg> groupRelationList = new ArrayList();
|
||||
List<IpCfg> ipRegionList = new ArrayList();
|
||||
List<StringCfg> strRegionList = new ArrayList();
|
||||
List<NumBoundaryCfg> numRegionList = new ArrayList();
|
||||
List<DigestCfg> digestRegionList = new ArrayList();
|
||||
List<IpCfg> areaIpRegionList = new ArrayList();
|
||||
ToMaatBean maatBean = new ToMaatBean();
|
||||
MaatCfg maatCfg = new MaatCfg();
|
||||
maatCfg.initDefaultValue();
|
||||
BeanUtils.copyProperties(cfg, maatCfg);
|
||||
if(cfg.getIsAudit()==1){
|
||||
maatBean.setOpAction(Constants.INSERT_ACTION);
|
||||
Map<String,List> map = cfgConvert(strRegionList,beans,2,cfg,groupRelationList);
|
||||
groupRelationList=map.get("groupList");
|
||||
ipRegionList=map.get("dstList");
|
||||
maatCfg.setAreaEffectiveIds("0");
|
||||
maatCfg.setUserRegion(cfg.getCompileId()+"");
|
||||
maatCfg.setAction(cfg.getAction());
|
||||
maatCfg.setAuditTime(cfg.getAuditTime());
|
||||
maatCfg.setIpRegionList(ipRegionList);
|
||||
maatCfg.setStrRegionList(strRegionList);
|
||||
maatCfg.setNumRegionList(numRegionList);
|
||||
maatCfg.setDigestRegionList(digestRegionList);
|
||||
maatCfg.setGroupRelationList(groupRelationList);
|
||||
maatCfg.setGroupNum(groupRelationList.size());
|
||||
maatCfg.setAreaIpRegionList(areaIpRegionList);
|
||||
configCompileList.add(maatCfg);
|
||||
maatBean.setConfigCompileList(configCompileList);
|
||||
maatBean.setAuditTime(cfg.getAuditTime());
|
||||
maatBean.setCreatorName(cfg.getCurrentUser().getName());
|
||||
maatBean.setVersion(Constants.MAAT_VERSION);
|
||||
//调用服务接口下发配置数据
|
||||
String json=gsonToJson(beans);
|
||||
String json=gsonToJson(maatBean);
|
||||
logger.info("文件样例下发配置参数:"+json);
|
||||
//调用服务接口下发配置
|
||||
try {
|
||||
@@ -107,6 +147,15 @@ public class StringCfgService extends CrudService<StringCfgDao,BaseStringCfg> {
|
||||
throw new MaatConvertException("<spring:message code=\"request_service_failed\"/>:"+e.getMessage());
|
||||
}
|
||||
}else if(cfg.getIsAudit()==3){
|
||||
maatCfg.setCompileId(cfg.getCompileId());
|
||||
maatCfg.setServiceId(cfg.getServiceId());
|
||||
maatCfg.setIsValid(0);//无效
|
||||
configCompileList.add(maatCfg);
|
||||
maatBean.setConfigCompileList(configCompileList);
|
||||
maatBean.setAuditTime(cfg.getAuditTime());
|
||||
maatBean.setCreatorName(cfg.getCurrentUser().getName());
|
||||
maatBean.setVersion(Constants.MAAT_VERSION);
|
||||
maatBean.setOpAction(Constants.UPDATE_ACTION);
|
||||
//调用服务接口取消配置
|
||||
String json=gsonToJson(beans);
|
||||
logger.info("IP白名单配置参数:"+json);
|
||||
|
||||
@@ -119,21 +119,19 @@
|
||||
</shiro:hasPermission>
|
||||
<!-- <button type="button" class="btn btn-default">
|
||||
<i class="fa fa-download"></i> 导出</button> -->
|
||||
<c:if test="${audit==1}">
|
||||
<shiro:hasPermission name="cfg:string:audit">
|
||||
<shiro:hasPermission name="whitelist:config">
|
||||
<div class="btn-group">
|
||||
<button type="button" class="btn btn-default dropdown-toggle" data-toggle="dropdown">
|
||||
<i class="fa fa-wrench"></i> <spring:message code="examine"></spring:message>
|
||||
<i class="fa fa-angle-down"></i>
|
||||
</button>
|
||||
<ul class="dropdown-menu pull-right">
|
||||
<li><sys:delRow url="${ctx}/ntc/whitelist/auditDomain?isAudit=1&isValid=1" id="contentTable" label="approved"></sys:delRow></li>
|
||||
<li><sys:delRow url="${ctx}/ntc/whitelist/auditDomain?isAudit=2&isValid=0" id="contentTable" label="unapproved"></sys:delRow></li>
|
||||
<li><sys:delRow url="${ctx}/ntc/whitelist/auditDomain?isAudit=3&isValid=0" id="contentTable" label="cancelPass"></sys:delRow></li>
|
||||
<li><sys:delRow url="${ctx}/ntc/whitelist/auditDomain?isAudit=1&isValid=1&functionId=${cfg.functionId}" id="contentTable" label="approved"></sys:delRow></li>
|
||||
<li><sys:delRow url="${ctx}/ntc/whitelist/auditDomain?isAudit=2&isValid=0&functionId=${cfg.functionId}" id="contentTable" label="unapproved"></sys:delRow></li>
|
||||
<li><sys:delRow url="${ctx}/ntc/whitelist/auditDomain?isAudit=3&isValid=0&functionId=${cfg.functionId}" id="contentTable" label="cancelPass"></sys:delRow></li>
|
||||
</ul>
|
||||
</div>
|
||||
</shiro:hasPermission>
|
||||
</c:if>
|
||||
<a class="btn btn-icon-only btn-default setfields tooltips"
|
||||
data-container="body" data-placement="top" data-original-title=<spring:message code="custom_columns"/> href="javascript:;">
|
||||
<i class="icon-wrench"></i>
|
||||
|
||||
@@ -223,14 +223,38 @@ jQuery.validator.addMethod("ipCheck",function(value, element) {
|
||||
}
|
||||
}else if(typeInt==6){
|
||||
if(ipPattern==1){//ip/掩码格式
|
||||
return this.optional(element)||(/^\s*((([0-9A-Fa-f]{1,4}:){7}(([0-9A-Fa-f]{1,4})|:))|(([0-9A-Fa-f]{1,4}:){6}(:|((25[0-5]|2[0-4]\d|[01]?\d{1,2})(\.(25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})|(:[0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){5}((:((25[0-5]|2[0-4]\d|[01]?\d{1,2})(\.(25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|((:[0-9A-Fa-f]{1,4}){1,2})))|(([0-9A-Fa-f]{1,4}:){4}(:[0-9A-Fa-f]{1,4}){0,1}((:((25[0-5]|2[0-4]\d|[01]?\d{1,2})(\.(25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|((:[0-9A-Fa-f]{1,4}){1,2})))|(([0-9A-Fa-f]{1,4}:){3}(:[0-9A-Fa-f]{1,4}){0,2}((:((25[0-5]|2[0-4]\d|[01]?\d{1,2})(\.(25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|((:[0-9A-Fa-f]{1,4}){1,2})))|(([0-9A-Fa-f]{1,4}:){2}(:[0-9A-Fa-f]{1,4}){0,3}((:((25[0-5]|2[0-4]\d|[01]?\d{1,2})(\.(25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|((:[0-9A-Fa-f]{1,4}){1,2})))|(([0-9A-Fa-f]{1,4}:)(:[0-9A-Fa-f]{1,4}){0,4}((:((25[0-5]|2[0-4]\d|[01]?\d{1,2})(\.(25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|((:[0-9A-Fa-f]{1,4}){1,2})))|(:(:[0-9A-Fa-f]{1,4}){0,5}((:((25[0-5]|2[0-4]\d|[01]?\d{1,2})(\.(25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|((:[0-9A-Fa-f]{1,4}){1,2})))|(((25[0-5]|2[0-4]\d|[01]?\d{1,2})(\.(25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})))(%.+)?\s*\/([0-9]|([1-6][0-4]))$/.test(value));
|
||||
if(this.optional(element)||(/^\s*((([0-9A-Fa-f]{1,4}:){7}(([0-9A-Fa-f]{1,4})|:))|(([0-9A-Fa-f]{1,4}:){6}(:|((25[0-5]|2[0-4]\d|[01]?\d{1,2})(\.(25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})|(:[0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){5}((:((25[0-5]|2[0-4]\d|[01]?\d{1,2})(\.(25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|((:[0-9A-Fa-f]{1,4}){1,2})))|(([0-9A-Fa-f]{1,4}:){4}(:[0-9A-Fa-f]{1,4}){0,1}((:((25[0-5]|2[0-4]\d|[01]?\d{1,2})(\.(25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|((:[0-9A-Fa-f]{1,4}){1,2})))|(([0-9A-Fa-f]{1,4}:){3}(:[0-9A-Fa-f]{1,4}){0,2}((:((25[0-5]|2[0-4]\d|[01]?\d{1,2})(\.(25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|((:[0-9A-Fa-f]{1,4}){1,2})))|(([0-9A-Fa-f]{1,4}:){2}(:[0-9A-Fa-f]{1,4}){0,3}((:((25[0-5]|2[0-4]\d|[01]?\d{1,2})(\.(25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|((:[0-9A-Fa-f]{1,4}){1,2})))|(([0-9A-Fa-f]{1,4}:)(:[0-9A-Fa-f]{1,4}){0,4}((:((25[0-5]|2[0-4]\d|[01]?\d{1,2})(\.(25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|((:[0-9A-Fa-f]{1,4}){1,2})))|(:(:[0-9A-Fa-f]{1,4}){0,5}((:((25[0-5]|2[0-4]\d|[01]?\d{1,2})(\.(25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|((:[0-9A-Fa-f]{1,4}){1,2})))|(((25[0-5]|2[0-4]\d|[01]?\d{1,2})(\.(25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})))(%.+)?\s*\/(0|2|4|8|16|32|64|128)$/.test(value))){
|
||||
return true;
|
||||
}else if(value.indexOf("/")==-1){
|
||||
$.validator.messages.ipCheck=$.validator.messages.ipMask;
|
||||
return false;
|
||||
}else{
|
||||
var ipMaskArr=value.split("/");
|
||||
if(ipMaskArr.length!=2){
|
||||
$.validator.messages.ipCheck=$.validator.messages.ipMask;
|
||||
return false;
|
||||
}else{
|
||||
if(!/^\s*((([0-9A-Fa-f]{1,4}:){7}(([0-9A-Fa-f]{1,4})|:))|(([0-9A-Fa-f]{1,4}:){6}(:|((25[0-5]|2[0-4]\d|[01]?\d{1,2})(\.(25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})|(:[0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){5}((:((25[0-5]|2[0-4]\d|[01]?\d{1,2})(\.(25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|((:[0-9A-Fa-f]{1,4}){1,2})))|(([0-9A-Fa-f]{1,4}:){4}(:[0-9A-Fa-f]{1,4}){0,1}((:((25[0-5]|2[0-4]\d|[01]?\d{1,2})(\.(25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|((:[0-9A-Fa-f]{1,4}){1,2})))|(([0-9A-Fa-f]{1,4}:){3}(:[0-9A-Fa-f]{1,4}){0,2}((:((25[0-5]|2[0-4]\d|[01]?\d{1,2})(\.(25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|((:[0-9A-Fa-f]{1,4}){1,2})))|(([0-9A-Fa-f]{1,4}:){2}(:[0-9A-Fa-f]{1,4}){0,3}((:((25[0-5]|2[0-4]\d|[01]?\d{1,2})(\.(25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|((:[0-9A-Fa-f]{1,4}){1,2})))|(([0-9A-Fa-f]{1,4}:)(:[0-9A-Fa-f]{1,4}){0,4}((:((25[0-5]|2[0-4]\d|[01]?\d{1,2})(\.(25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|((:[0-9A-Fa-f]{1,4}){1,2})))|(:(:[0-9A-Fa-f]{1,4}){0,5}((:((25[0-5]|2[0-4]\d|[01]?\d{1,2})(\.(25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|((:[0-9A-Fa-f]{1,4}){1,2})))|(((25[0-5]|2[0-4]\d|[01]?\d{1,2})(\.(25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})))(%.+)?\s*$/.test(ipMaskArr[0])){
|
||||
$.validator.messages.ipCheck=$.validator.messages.ipPart;
|
||||
return false;
|
||||
}else if(!/^(0|2|4|8|16|32|64|128)$/.test(ipMaskArr[1])){
|
||||
$.validator.messages.ipCheck=$.validator.messages.ipv6MaskPart;
|
||||
return false;
|
||||
} else{
|
||||
$.validator.messages.ipCheck=$.validator.messages.ipMask;
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
}else if(ipPattern==2){//ip range
|
||||
$.validator.messages.ipCheck=$.validator.messages.ipRange;
|
||||
var _exp="\s*((([0-9A-Fa-f]{1,4}:){7}(([0-9A-Fa-f]{1,4})|:))|(([0-9A-Fa-f]{1,4}:){6}(:|((25[0-5]|2[0-4]\d|[01]?\d{1,2})(\.(25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})|(:[0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){5}((:((25[0-5]|2[0-4]\d|[01]?\d{1,2})(\.(25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|((:[0-9A-Fa-f]{1,4}){1,2})))|(([0-9A-Fa-f]{1,4}:){4}(:[0-9A-Fa-f]{1,4}){0,1}((:((25[0-5]|2[0-4]\d|[01]?\d{1,2})(\.(25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|((:[0-9A-Fa-f]{1,4}){1,2})))|(([0-9A-Fa-f]{1,4}:){3}(:[0-9A-Fa-f]{1,4}){0,2}((:((25[0-5]|2[0-4]\d|[01]?\d{1,2})(\.(25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|((:[0-9A-Fa-f]{1,4}){1,2})))|(([0-9A-Fa-f]{1,4}:){2}(:[0-9A-Fa-f]{1,4}){0,3}((:((25[0-5]|2[0-4]\d|[01]?\d{1,2})(\.(25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|((:[0-9A-Fa-f]{1,4}){1,2})))|(([0-9A-Fa-f]{1,4}:)(:[0-9A-Fa-f]{1,4}){0,4}((:((25[0-5]|2[0-4]\d|[01]?\d{1,2})(\.(25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|((:[0-9A-Fa-f]{1,4}){1,2})))|(:(:[0-9A-Fa-f]{1,4}){0,5}((:((25[0-5]|2[0-4]\d|[01]?\d{1,2})(\.(25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|((:[0-9A-Fa-f]{1,4}){1,2})))|(((25[0-5]|2[0-4]\d|[01]?\d{1,2})(\.(25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})))(%.+)?\s*";
|
||||
var exp=new RegExp("^"+_exp+"-"+_exp+"$","");
|
||||
if(exp.test(value)){
|
||||
var ipArr=value.split("-");
|
||||
var startIp=fillIp(ipArr[0]);
|
||||
var endIp=fillIp(ipArr[1]);
|
||||
//默认比较前64位
|
||||
var exp1=/^[0-9A-Fa-f]*:[0-9A-Fa-f]*:[0-9A-Fa-f]*:[0-9A-Fa-f]*/;
|
||||
var startPre=String(startIp.match(exp1));
|
||||
var endPre=String(endIp.match(exp1));
|
||||
|
||||
@@ -24,6 +24,8 @@
|
||||
noBlankSpace:"can not be space",
|
||||
ipCheck:"Please enter a correct IP address",
|
||||
ipMask:"Please enter a correct IP/mask",
|
||||
ipPart:"Invalid IP part",
|
||||
ipv6MaskPart:"Mask must be exponent of 2,not greater than 128",
|
||||
ipMaskRange:"IP mask must between 0 and 32",
|
||||
ipRange:"Wrong IP format or start IP and end IP in two subnet",
|
||||
ipRange1:"start IP should smaller than end IP",
|
||||
|
||||
@@ -23,6 +23,8 @@
|
||||
min: $.validator.format("Пожалуйста, введите число, большее или равное {0}."),
|
||||
ipCheck: $.validator.format(" Пожалуйста, введите правильный IP - адрес."),
|
||||
ipMask:"Please enter a correct IP/mask",
|
||||
ipPart:"Invalid IP part",
|
||||
ipv6MaskPart:"Mask must be exponent of 2,not greater than 128",
|
||||
ipMaskRange:"IP mask must between 0 and 32",
|
||||
ipRange:"Wrong IP format or start IP and end IP in two subnet",
|
||||
ipRange1:"start IP should smaller than end IP",
|
||||
|
||||
@@ -25,6 +25,8 @@
|
||||
noBlankSpace:"不能为空格",
|
||||
ipCheck:"请填写正确的IP地址",
|
||||
ipMask:"请填写正确的IP地址/掩码",
|
||||
ipPart:"IP部分格式错误",
|
||||
ipv6MaskPart:"掩码为不大于128的2的指数幂",
|
||||
portCheck:"请填写正确的端口",
|
||||
notStartZero:"请填写正确的数值",
|
||||
ipMaskRange:"掩码范围0到32",
|
||||
|
||||
Reference in New Issue
Block a user