20190610之前部署的sql记录

Conflicts:
	src/main/java/com/nis/web/controller/configuration/proxy/FileStrategyController.java

README.md

@@ -1 +1,3 @@
-在公共分组功能逻辑完善之前，此分支为ntc界面系统的全集上线升级分支合并版。
+610功能升级：
+系统需要支持对 生效中的配置 进行修改的功能；
+统计的时间修改为一个月，性能是否可以；

src/main/java/com/nis/web/controller/configuration/AppCfgController.java

@@ -1262,7 +1262,13 @@ public class AppCfgController extends BaseController {
 				entity.setAppCode(specificService.getSpecServiceCode());
 			}
 			appCfgService.saveOrUpdateAppSslCfg(entity);
-			addMessage(redirectAttributes, "success", "save_success");
+			//配置仅保存
+			if(StringUtil.isEmpty(entity.getIsValid()) || entity.getIsValid()!=1) {
+				addMessage(redirectAttributes, "success", "save_success");
+			}else {
+			//配置直接生效
+				addMessage(redirectAttributes, "success", "audit_success");
+			}
 		} catch (Exception e) {
 			e.printStackTrace();
 			logger.error("saveAppSslCfg failed", e);

src/main/java/com/nis/web/controller/configuration/ntc/AvController.java

@@ -311,7 +311,13 @@ public class AvController extends BaseController {
 			}
 
 			avCfgService.saveOrUpdateAvFileSample(entity, srcFile);
-			addMessage(redirectAttributes, "success", "save_success");
+			//配置仅保存
+			if(StringUtil.isEmpty(entity.getIsValid()) || entity.getIsValid()!=1) {
+				addMessage(redirectAttributes, "success", "save_success");
+			}else {
+			//配置直接生效
+				addMessage(redirectAttributes, "success", "audit_success");
+			}
 		} catch (Exception e) {
 			logger.error("文件上传失败", e);
 			e.printStackTrace();
@@ -339,7 +345,13 @@ public class AvController extends BaseController {
 			RedirectAttributes redirectAttributes, String ids, AvSignSampleCfg entity) {
 		try {
 			avCfgService.saveOrUpdateAvSignSample(entity);
-			addMessage(redirectAttributes, "success", "save_success");
+			//配置仅保存
+			if(StringUtil.isEmpty(entity.getIsValid()) || entity.getIsValid()!=1) {
+				addMessage(redirectAttributes, "success", "save_success");
+			}else {
+			//配置直接生效
+				addMessage(redirectAttributes, "success", "audit_success");
+			}
 		} catch (Exception e) {
 			logger.error("saveAudioSignSample failed", e);
 			e.printStackTrace();
@@ -591,7 +603,13 @@ public class AvController extends BaseController {
 				// if(!avSignSampleCfg.getAction().equals(avSignSampleCfg.getActionOld())||!avSignSampleCfg.getIsValid().equals(avSignSampleCfg.getIsValidOld())){
 				try {
 					avCfgService.auditAvSignSample(avSignSampleCfg);
-					addMessage(redirectAttributes, "success", "save_success");
+					//配置仅保存
+					if(StringUtil.isEmpty(avSignSampleCfg.getIsValid()) || avSignSampleCfg.getIsValid()!=1) {
+						addMessage(redirectAttributes, "success", "save_success");
+					}else {
+					//配置直接生效
+						addMessage(redirectAttributes, "success", "audit_success");
+					}
 				} catch (Exception e) {
 					e.printStackTrace();
 					if (e instanceof MaatConvertException) {

src/main/java/com/nis/web/controller/configuration/proxy/ControlPolicyController.java

@@ -157,7 +157,13 @@ public class ControlPolicyController extends BaseController{
 			,RedirectAttributes redirectAttributes){
 		try{
 			controlPolicyService.saveOrUpdate(cfg,areaCfgIds);
-			addMessage(redirectAttributes,"success","save_success");
+			//配置仅保存
+			if(StringUtil.isEmpty(cfg.getIsValid()) || cfg.getIsValid()!=1) {
+				addMessage(redirectAttributes, "success", "save_success");
+			}else {
+			//配置直接生效
+				addMessage(redirectAttributes, "success", "audit_success");
+			}
 		}catch(Exception e){
 			logger.error("信息保存失败",e);
 			if(e instanceof MaatConvertException) {

src/main/java/com/nis/web/controller/configuration/proxy/FileStrategyController.java

@@ -118,7 +118,13 @@ public class FileStrategyController extends CommonController {
 				cfg.setContentLength(file.length());//文件长度
  			}
 			proxyFileStrategyService.saveOrUpdate(cfg);
-			addMessage(redirectAttributes,"success","save_success");
+			//配置仅保存
+			if(StringUtil.isEmpty(cfg.getIsValid()) || cfg.getIsValid()!=1) {
+				addMessage(redirectAttributes, "success", "save_success");
+			}else {
+			//配置直接生效
+				addMessage(redirectAttributes, "success", "audit_success");
+			}			
 		}catch(Exception e){
 			logger.error("信息保存失败",e);
 			if(e instanceof MaatConvertException) {

src/main/java/com/nis/web/service/configuration/AppCfgService.java

@@ -960,6 +960,10 @@ public class AppCfgService extends BaseService {
 	public void saveOrUpdateAppSslCfg(AppSslCertCfg entity) throws Exception {
 		// 设置区域运营商信息
 		setAreaEffectiveIds(entity);
+		int isValid=0; 
+		if(!StringUtil.isEmpty(entity.getIsValid()) && entity.getIsValid()==1) {
+			isValid=1;
+		}
 		if (entity.getCfgId() == null) {
 			Integer compileId = 0;
 			try {
@@ -1011,6 +1015,12 @@ public class AppCfgService extends BaseService {
 			}
 
 		}
+		if(isValid==1) {
+			entity.setIsAudit(1);
+			entity.setIsValid(1);			
+			entity.setAuditTime(new Date());
+			auditAppSslCfg(entity, entity.getIsAudit());
+		}
 
 	}
 

src/main/resources/nis.properties

@@ -184,7 +184,7 @@ trafficIpActiveOneHour=v1/trafficIpActiveOneHour
 
 client_connect_timeout=500000
 client_read_timeout=500000
-log_time_interval=500000
+log_time_interval=300000
 logsearch_menu_id=152
 #use elasticsearch or not#
 isUseES=false
@@ -485,7 +485,7 @@ ntcCollectRadiusLog=v1/ntcCollectRadiusLogs
 ntcConnRecordLog=v1/ntcConnRecordLogs
 ntcConnRecordPercent=v1/ntcConnRecordPercent
 #\u5bfc\u51fa\u6700\u5927\u6761\u6570
-maxLogExportSize=2000
+maxLogExportSize=20000
 pxy_crtl_subscribe_id_region=PXY_CTRL_SUBSCRIBE_ID
 ntc_subscribe_id_region=NTC_SUBSCRIBE_ID
 ntcAsnRecord=v1/ntcAsnRecord

src/main/resources/sql/deploymentsql/20190508help_document.sql

@@ -0,0 +1,612 @@
+-- ----------------------------
+-- Table structure for help_document
+-- ----------------------------
+DROP TABLE IF EXISTS `help_document`;
+CREATE TABLE `help_document` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `file_name` varchar(100) DEFAULT '',
+  `file_comment` text DEFAULT NULL,
+  `back_file_comment` text DEFAULT NULL,
+  PRIMARY KEY (`id`),
+  KEY `INDEX_FILE_NAME` (`file_name`)
+) ENGINE=InnoDB AUTO_INCREMENT=45 DEFAULT CHARSET=utf8mb4;
+
+-- ----------------------------
+-- Records of help_document
+-- ----------------------------
+INSERT INTO `help_document` VALUES ('1', 'cache_policy.md', 'Cache Policy
+
+On National Proxy System, Individual Cache policy rules determine
+whether to cache or not based on traffic attributes, such as URL and
+Cookies. For cache action, the optimization parameters are:
+
+*A Cache key* -  is a unique string that lets the National Proxy System
+look for web content when requests hit them. It<49><74>s made up of a hostname,
+path, and cookie parts. By default, the Proxy use the entire URL as the
+cache key. Selecting the correct cache key will ensure maximum cache
+footprint and increase cache hits.
+
+*Ignore Query String in URL* -  in case the query strings doesn<73><6E>t
+actually indicate that the object need to be different then you could
+EXCLUDE them from the cache key. For example, after ignoring <20><>sqp<71><70> and
+<EFBFBD><EFBFBD>rs<EFBFBD><EFBFBD> of URL: <20><>https://example.com/pic.jpg?~~sqp=UAAI&rs=AOn4~~<7E><>.
+
+*Include Cookie Values* -  in case the server send different content for
+the same URL based on the cookie value, you can include that cookie
+value as a part of cache key. For example, the server may set a cookie
+at the client called "prefLang=ru" to record user preferred language,
+you could add "prefLang" to distinguish different web content.
+
+*Disable Revalidate* -  is an ON-OFF switch. The pragma-no-cache header
+in a client<6E><74>s request causes the proxy to re-fetch the entire object
+from the original server, even if the cached copy of the object is
+fresh. By default this option is switch OFF, which means a client<6E><74>s
+non-conditional request results in a conditional GET request sent to the
+original server if the object is already in cache. The conditional
+request allows the original server to return the 304 Not Modified
+response, if the content in cache is still fresh. Thereby, the
+server-side bandwidth and latency consumed are lesser as the full
+content is not retrieved again from the original server.
+
+*Cache Dynamic Content* -  is an ON-OFF switch. A URL is considered
+dynamic if it ends in <20><>.asp(x)<29><> or contains a question mark (?), a
+semicolon (;), or <20><>cgi<67><69>. *Ignore Query String* overrides this option
+(switch on).
+
+*Cache Cookied Content* -  is an ON-OFF switch. By default, the Proxy
+does NOT cache cookied content of any type. If this option is switch on,
+the system cache all cookied content except HTML.
+
+*Ignore Request no-cache Headers* -  is an ON-OFF switch. By default, the
+proxy strictly observes client Cache-Control: no-cache directives. As
+known as:
+
+i.  Authorization
+
+ii. WWW-Authenticate
+
+iii. Cache-Control: no-store
+
+iv. Cache-Control: no-cache
+
+If a requested object contains a no-cache header, then proxy forwards
+the request to the origin server even if it has a fresh copy in cache.
+You can configure proxy to ignore client no-cache directives such that
+it ignores no-cache headers from client requests and serves the object
+from its cache.
+
+*Ignore Response no-cache Headers* -  is an ON-OFF switch. By default, a
+response from an origin server with a no-cache header is not stored in
+the cache. As known as:
+
+i.  Cache-Control: no-store
+
+ii. Cache-Control: private
+
+iii. Set-Cookie
+
+iv. Cache-Control: no-cache
+
+v.  WWW-Authenticate
+
+vi. Expires header with a value of 0 (zero) or a past date.
+
+If you configure proxy to ignore no-cache headers, then proxy also
+ignores no-store headers. The default behavior of observing no-cache
+directives is appropriate in most cases.
+
+*Forcing Object Caching* -  is an ON-OFF switch. You can force Proxy to
+cache specific URLs (including dynamic URLs) for a specified duration,
+regardless of Cache-Control response headers.
+
+*Minimum Use* -  sets the number of times an item must be requested by
+clients before Proxy caches it. This is useful if the cache is
+constantly filling up, as it ensures that only the most frequently
+accessed items are added to the cache. By default, Proxy cache object at
+its first appearance. The counter resets in every 30 minutes. Note that
+the requests is counted independently on each processing unit.
+
+*Max Cache Object Size* -  sets the upper limit of an object size, larger
+object will not be cached. By default, Proxy does not cache object
+larger than 1 GB.
+
+*Cache Pinning Time* -  configures Proxy to keep certain objects in the
+cache for a specified time. You can use this option to ensure that the
+most popular objects are in cache when needed and to prevent cache
+manager from deleting important objects. Proxy observes Cache-Control
+headers and pins an object in the cache only if it is indeed cacheable.
+
+*Max Cache Size* -  sets the upper limit of the size of storage for a
+policy. By default, Proxy uses all available disk space. When the cache
+size reaches the limit, the cache manager removes the files that were
+least recently used to bring the cache size back under the limit.
+
+*Inactive Time* -  specifies how long an item can remain in the cache
+without being accessed. A file that has not been requested for this time
+is automatically deleted from the cache by the cache manager, regardless
+of whether or not it has expired.
+
+', null);
+INSERT INTO `help_document` VALUES ('2', 'control_policy.md', 'Control Policy
+
+On National Proxy System, Individual Control policy rules determine
+whether to allow, block, redirect or replace a session based on traffic
+attributes, such as URL, request header fields, request body keywords,
+response header fields, response body keywords, IP address, Subscribe ID
+and their combination. You could specify these attributes in the submenu
+of *Control Policy*.
+
+The attributes are detailed in following context:
+
+*URL* -  From proxy<78><79>s perspective, a HTTP URL consists of a hierarchical
+sequence of three components: URL = hostname/path[?query] . The URL path
+name can also be specified by the user in the local writing system. If
+not already encoded, it is converted to UTF-8, and any characters not
+part of the basic URL character set are escaped as hexadecimal using
+percent-encoding; for example, search keywords <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ܧڧۡ<DAA7> in Google
+produces URL<52><4C>
+
+https://www.google.com/search?q=%D1%80%D1%83%D1%81%D1%81%D0%BA%D0%B8%D0%B9
+
+To perform policy action on above URL, you could input the whole URL in
+the input box. Or, you could input original keywords and let the Proxy
+do the decoding, e.g. <20><>google.com/search<63><68> & <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ܧڧۡ<DAA7>. Note that the
+scheme string MUST be excluded from the URL, it<69><74>s <20><>https://<2F><> in this
+case.
+
+NOTE Maximum HTTP/HTTPS URL length is 1023 characters
+
+*Request Header* -  is used to set conditions on request header fields.
+Header fields are colon-separated key-value pairs in clear-text string
+format, terminated by a carriage return (CR) and line feed (LF)
+character sequence. For example, <20><>user-agent: Mozilla/5.0 (Windows NT
+10.0; Win64; x64)<29><> is a header filed in request header. The *Matching
+District* is used to configure the field<6C><64>s key, if the key was
+presented, the Proxy will search in the value for *Keywords*.
+
+*Response Header* -  is used to set conditions on response header fields.
+Its configuration is similar to *Request Header*.
+
+*Request Body* -  is used to set conditions on request<73><74>s body message.
+The Proxy searches the pre-configured *Keywords* in it. You can
+configure non-ASCII or non-utf8 keywords by turn on HEX.
+
+*Response Body* -  is used to set conditions on response<73><65>s body message.
+Its configuration is similar to *Request Body*.
+
+You could select one of the five actions for above attributes, as known
+as:
+
+*Monitor* -  the Proxy produce a log to record matched HTTP session
+information.
+
+*Block* -  the Proxy terminate matched HTTP session with an error page
+and produce a log. You MUST specify a *Response Code* and a *Response
+Content* to generate an error page.
+
+*Redirect*<2A><>the Proxy redirect matched HTTP session to a predefined URL.
+Since redirection need to be performed before delivering response to
+client, condition of response body is not applicable in this action. You
+MUST configure the redirect response via *Response Code* and *Response
+URL*. The Response URL MUST start with a scheme (http:// or https://).
+You SHOULD NOT select **301** as *Response Code* unless you exactly know
+what you are doing. This action produces a log.
+
+*Replace*<2A><>the Proxy *Searches in* a given HTTP part to *Find* a given
+string, and *Replace* any matches *with* another given string. If no
+match was found, the session remained untouched. For performance
+concerns, condition of request body and response body is not available
+in this action. For example, you can configure the Proxy to search in
+the response body of URL <20><>www.example.com/index.html<6D><6C>, find every
+<EFBFBD><EFBFBD>string1<EFBFBD><EFBFBD> and replace with <20><>string2<67><32>. This action produces a log.
+
+*Whitelist*<2A><>the Proxy pass-through the matched sessions and produce no
+log.
+
+National Proxy will enforce policy check on traffic attributes, policies
+have been created that there will be some that overlap or are subsets of
+the parameters that the policies use to determine which policy should be
+matched against the traffic. The execute order of policy is <20><>first
+match, first served<65><64>. In case of an incoming traffic attribute matches
+one more policy, the priority order is *Whitelist \> Block \>
+Redirect \> Replace \> Monitor*, action with higher priority overrides
+others. If multiple policies of same action are matched, policy with
+bigger ID number is precedence.
+', null);
+INSERT INTO `help_document` VALUES ('3', 'intercept_policy.md', 'Intercept Policy
+
+An Intercept policy rule allows you to define traffic that you want the
+National Proxy to decrypt and to define traffic that you choose to
+exclude from decryption because the traffic is personal or because of
+local regulations. A connection is intercepted/optimized based on
+traffic attributes, such as IP address, domain name (via SNI matching)
+and Subscribe ID. You could specify these attributes in *IP Intercept*
+and *Domain Intercept*.
+
+Both *IP intercept* and *Domain Intercept* are subject two actions:
+
+*Intercept*<2A><>the National Proxy System intercepts network traffic for
+further control policy and cache policy checking. Interception requires
+certificates to establish the National Proxy as a trusted third party.
+National Proxy deployed in transparent mode, which means the users don`t
+have any proxy settings in their browser. When a connection is set to
+intercept, the proxy terminates the connection and initiates a new
+connection between client and server. If the connection is SSL
+encrypted, the original certificate is replaced with a substitute one.
+
+*Bypass*<2A><>the Proxy passes through the network connection without apply
+an optimization or policy checking. You can also use bypass action when
+excluding servers from SSL decryption for technical reasons (the site
+breaks decryption for reasons such as certificate pinning, unsupported
+ciphers, or mutual authentication). Apple Store, WhatsApp, Telegram,
+Microsoft Windows Update are common SSL pinning application. In case of
+traffic matches one more policy, bypass overrides intercept.
+
+When *Intercept Related Domains* is enabled, domains that share one
+certificates with the specified domain are considered as the same. For
+example, if the intercept facebook.com with I*ntercept Related Domain*
+option, then \*.xx.fbcdn.net, fb.com, .messenger.com and etc. are also
+intercepted. There may be side effects that intercept undesired websites
+that share one certificate. For example, two websites hosted in a same
+CDN provider (Content Delivery Network) or different products of one
+company.
+
+*Key ring* determines which certificate will be used to generate
+substitute certificate. You could configure key ring through *Proxy
+Policy Object* page. If no key ring is specified, proxy will use the
+default one.
+
+Intercept policy produces no log. You can find out if the interception
+is successful by checking if the certificate is issued by your
+pre-configured Root CA. You need a PC which traffic has already directed
+to the Proxy, and a web browser to test the policy. For Chrome and
+Microsoft Internet Explorer, you could click the lock icon on the
+address bar to view certificate. For Firefox, after you clicking the
+lock icon, click <20><>\><3E><> button to show connection details, click <20><>more
+information<EFBFBD><EFBFBD>, and then click <20><>view certificate<74><65>. If the browser warning
+that the connection is not secure, one possible reason is you haven<65><6E>t
+install/trust the root certificate yet.
+
+**Note:** You should exercise caution because web applications may not
+cooperate with SSL interception. Reasons that sites break decryption
+technically include pinned certificates, mutual authentication,
+incomplete certificate chains, unsupported ciphers, and non-standard SSL
+implementation. If a site uses an incomplete certificate chain, the
+National Proxy doesn<73><6E>t automatically fix the chain as a browser would.
+You need to manually download the missing sub-CA certificates and load
+and deploy them onto the proxy.', null);
+INSERT INTO `help_document` VALUES ('4', 'proxy_policy_object.md', 'Proxy Policy Object
+
+A policy object is a single object or a collective unit that groups
+discrete identities such as IP addresses, URLs, applications, or users.
+With policy objects that are a collective unit, you can reference the
+object in policy instead of manually selecting multiple objects one at a
+time. Typically, when creating a policy object, you group objects that
+require similar permissions in policy.
+
+1.  Key Ring
+
+On National Proxy System, Key Ring is a pair of private key and public
+certificate. You can also import a certificate chain containing multiple
+certificates. Key Ring is a policy object, you can reference it in
+*Intercept Policy*.
+
+There are three *Certificate Type:*
+
+*End-entity Certificate*<2A><> is used for web servers to identify
+themselves. The *Public Key File* MUST be .p12 format that contains
+entire certificate chain. The Private Key File could be .pem, .key or
+.p12 format. This certificate type is not applicable to *Domain
+Intercept* for it cannot be used to sign other certificates. *Expire
+After* parameter is also not applicable to end-entity certificate for
+the same reason.
+
+*Intermedia Certificate* -  is used to sign other certificates. An
+intermediate certificate must be signed by another intermediate
+certificate, or a root certificate. The *Public Key File* MUST be .p12
+format that contains entire certificate chain. The *Expire After*
+parameter indicates the expiration of the substitute certificate that
+was issued by this intermedia certificate.
+
+*Root Certificate* -  is used to sign other certificates. The *Public Key
+File* could be .der, .cer, .crt or .pem format. The *Expire After*
+parameter has the same meaning as Intermedia Certificate.
+
+*CRL* -  or Certificate Revocation List, is a list of digital
+certificates that have been revoked by the issuing certificate authority
+(CA) before their scheduled expiration date and should no longer be
+trusted. On Key Ring settings, CRL is an HTTP URL that point to a valid
+.crl file. Invalid URL or .crl file may produce certificate warnings on
+some browser, i.e. Internet Explorer 11.
+
+Specification of certificate formats:
+
+*.pem* <20>C (Privacy-enhanced Electronic Mail) Base64 encoded DER
+certificate, enclosed between "-----BEGIN CERTIFICATE-----" and
+"-----END CERTIFICATE-----"
+
+*.cer, .crt, .der* <20>C usually in binary DER form, but Base64-encoded
+certificates are common too (see .pem above)
+
+*.p12* <20>C PKCS\#12, may contain certificate(s) (public) and private keys
+(without password protected)
+
+1.  Trusted Certificate
+
+National Proxy System has a build-in trusted certificate authorities
+list. When the original certificate is issued by a certificate authority
+that not in the list, the proxy will issued the substitute certificate
+with an untrusted root certificate, and so consequently, the browser
+could identify unsecure connections.
+
+You can add a custom certificate authority to the trusted certificate
+authorities of the system.
+
+The certificate MUST be PEM format.
+
+Following are the National Proxy System<65><6D>s default trusted certificate
+authorities:
+
+ACCVRAIZ1
+
+Actalis Authentication Root CA
+
+AddTrust External CA Root
+
+AffirmTrust Commercial
+
+AffirmTrust Networking
+
+AffirmTrust Premium
+
+AffirmTrust Premium ECC
+
+Amazon Root CA 1
+
+Amazon Root CA 2
+
+Amazon Root CA 3
+
+Amazon Root CA 4
+
+Atos TrustedRoot 2011
+
+Autoridad de Certificacion Firmaprofesional CIF A62634068
+
+Baltimore CyberTrust Root
+
+Buypass Class 2 Root CA
+
+Buypass Class 3 Root CA
+
+CA Disig Root R2
+
+CFCA EV ROOT
+
+COMODO Certification Authority
+
+COMODO ECC Certification Authority
+
+COMODO RSA Certification Authority
+
+Certigna
+
+Certinomis - Root CA
+
+Class 2 Primary CA
+
+Certplus Root CA G1
+
+Certplus Root CA G2
+
+Certum Trusted Network CA
+
+Certum Trusted Network CA 2
+
+Chambers of Commerce Root - 2008
+
+AAA Certificate Services
+
+Cybertrust Global Root
+
+D-TRUST Root Class 3 CA 2 2009
+
+D-TRUST Root Class 3 CA 2 EV 2009
+
+DST Root CA X3
+
+Deutsche Telekom Root CA 2
+
+DigiCert Assured ID Root CA
+
+DigiCert Assured ID Root G2
+
+DigiCert Assured ID Root G3
+
+DigiCert Global Root CA
+
+DigiCert Global Root G2
+
+DigiCert Global Root G3
+
+DigiCert High Assurance EV Root CA
+
+DigiCert Trusted Root G4
+
+E-Tugra Certification Authority
+
+EC-ACC
+
+EE Certification Centre Root CA
+
+Entrust.net Certification Authority (2048)
+
+Entrust Root Certification Authority
+
+Entrust Root Certification Authority - EC1
+
+Entrust Root Certification Authority - G2
+
+GDCA TrustAUTH R5 ROOT
+
+GeoTrust Global CA
+
+GeoTrust Primary Certification Authority
+
+GeoTrust Primary Certification Authority - G2
+
+GeoTrust Primary Certification Authority - G3
+
+GeoTrust Universal CA
+
+GeoTrust Universal CA 2
+
+GlobalSign
+
+GlobalSign
+
+GlobalSign Root CA
+
+GlobalSign
+
+GlobalSign
+
+Global Chambersign Root - 2008
+
+Go Daddy Root Certificate Authority - G2
+
+Hellenic Academic and Research Institutions ECC RootCA 2015
+
+Hellenic Academic and Research Institutions RootCA 2011
+
+Hellenic Academic and Research Institutions RootCA 2015
+
+Hongkong Post Root CA 1
+
+ISRG Root X1
+
+IdenTrust Commercial Root CA 1
+
+IdenTrust Public Sector Root CA 1
+
+Izenpe.com
+
+LuxTrust Global Root 2
+
+Microsec e-Szigno Root CA 2009
+
+NetLock Arany (Class Gold) F?tan<61><6E>s<EFBFBD><73>tv<74><76>ny
+
+Network Solutions Certificate Authority
+
+OISTE WISeKey Global Root GA CA
+
+OISTE WISeKey Global Root GB CA
+
+OpenTrust Root CA G1
+
+OpenTrust Root CA G2
+
+OpenTrust Root CA G3
+
+QuoVadis Root Certification Authority
+
+QuoVadis Root CA 1 G3
+
+QuoVadis Root CA 2
+
+QuoVadis Root CA 2 G3
+
+QuoVadis Root CA 3
+
+QuoVadis Root CA 3 G3
+
+SSL.com EV Root Certification Authority ECC
+
+SSL.com EV Root Certification Authority RSA R2
+
+SSL.com Root Certification Authority ECC
+
+SSL.com Root Certification Authority RSA
+
+SZAFIR ROOT CA2
+
+SecureSign RootCA11
+
+SecureTrust CA
+
+Secure Global CA
+
+Sonera Class2 CA
+
+Staat der Nederlanden EV Root CA
+
+Staat der Nederlanden Root CA - G2
+
+Staat der Nederlanden Root CA - G3
+
+Starfield Root Certificate Authority - G2
+
+Starfield Services Root Certificate Authority - G2
+
+SwissSign Gold CA - G2
+
+SwissSign Silver CA - G2
+
+T-TeleSec GlobalRoot Class 2
+
+T-TeleSec GlobalRoot Class 3
+
+TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1
+
+TWCA Global Root CA
+
+TWCA Root Certification Authority
+
+TeliaSonera Root CA v1
+
+TrustCor ECA-1
+
+TrustCor RootCert CA-1
+
+TrustCor RootCert CA-2
+
+T<EFBFBD><EFBFBD>RKTRUST Elektronik Sertifika Hizmet Sa?lay?c?s? H5
+
+USERTrust ECC Certification Authority
+
+USERTrust RSA Certification Authority
+
+VeriSign Class 3 Public Primary Certification Authority - G4
+
+VeriSign Class 3 Public Primary Certification Authority - G5
+
+VeriSign Universal Root Certification Authority
+
+VeriSign Class 3 Public Primary Certification Authority - G3
+
+Visa eCommerce Root
+
+XRamp Global Certification Authority
+
+thawte Primary Root CA
+
+thawte Primary Root CA - G2
+
+thawte Primary Root CA - G3
+
+Microsoft Root Authority
+
+Microsoft Root Certificate Authority
+
+Microsoft Root Certificate Authority 2010
+
+Microsoft Root Certificate Authority 2011
+
+Baltimore CyberTrust Root
+
+', null);
+
+commit;
+
+

src/main/resources/sql/deploymentsql/20190508other_sql.sql

@@ -0,0 +1,191 @@
+CREATE TABLE `inner_protection_list` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `keyword` varchar(500) NOT NULL COMMENT '<EFBFBD>ؼ<EFBFBD><EFBFBD><EFBFBD>',
+  `target_type` varchar(128) DEFAULT '' COMMENT '<EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
+  `description` varchar(200) DEFAULT '',
+  `is_valid` int(2) NOT NULL DEFAULT 0 COMMENT '-1ɾ<31><C9BE> 1<><31>Ч',
+  `create_time` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
+  `editor_id` int(11) DEFAULT NULL,
+  `creator_id` int(11) NOT NULL,
+  `edit_time` datetime DEFAULT NULL,
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB AUTO_INCREMENT=108 DEFAULT CHARSET=utf8mb4;
+INSERT INTO `inner_protection_list` VALUES ('104', '.com', 'domainCheck', 'protection domain', '1', '2019-03-26 13:54:28', '1', '1', '2019-04-02 11:16:36');
+INSERT INTO `inner_protection_list` VALUES ('106', '.com', 'urlCheck', 'protection url', '1', '2019-03-27 11:08:24', '1', '1', '2019-04-02 11:21:52');
+commit;
+
+
+DROP PROCEDURE IF EXISTS `proc_statistics_config`;
+delimiter ;;
+CREATE DEFINER=`root`@`%` PROCEDURE `proc_statistics_config`()
+BEGIN
+
+	DECLARE ntime VARCHAR(40);/*<EFBFBD><EFBFBD>ǰʱ<EFBFBD><EFBFBD>*/
+
+	DECLARE otime VARCHAR(40);/*<EFBFBD>ϴ<EFBFBD>ͳ<EFBFBD><EFBFBD>ʱ<EFBFBD><EFBFBD>*/
+
+	DECLARE nRow VARCHAR(40);/*<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͳ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>*/
+
+	DECLARE tabName VARCHAR(500);
+
+	DECLARE description VARCHAR(500);
+
+	DECLARE deleteSql VARCHAR(500);
+
+	DECLARE done INT;/*<EFBFBD>α<EFBFBD><EFBFBD><EFBFBD>ʶ*/
+
+	DECLARE flag INT;/*ѭ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʶ*/
+
+	DECLARE t_error INT;/*<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʶ*/
+
+	DECLARE proc_log_table VARCHAR(100);/*<EFBFBD>洢<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>־<EFBFBD><EFBFBD>*/
+
+	DECLARE proc_name VARCHAR(100);/*<EFBFBD>洢<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>*/
+
+	DECLARE icursor CURSOR FOR SELECT  tab_name FROM statistics_tables where is_valid=1;
+
+	DECLARE CONTINUE HANDLER FOR NOT found SET done=1;
+
+	DECLARE CONTINUE HANDLER FOR SQLEXCEPTION set t_error=1;
+
+	select max(statistic_time) into otime from cfg_num_statistics;
+
+	SET done=0;
+
+	SET t_error=0;
+
+	SET proc_log_table='proc_exec_log';
+
+	SET proc_name='proc_statistics_config';
+
+	SET ntime=DATE_FORMAT(SYSDATE(),'%Y-%m-%d %H:%i:%S');
+
+	OPEN icursor;
+
+		loop_iloop:LOOP
+
+			FETCH icursor INTO tabName;
+
+			SET description=tabName;
+
+			set @descriptionStart=concat(description,'<EFBFBD><EFBFBD>ͳ<EFBFBD><EFBFBD>start');
+
+			/*ͳ<EFBFBD>Ƶ<EFBFBD>ǰ<EFBFBD><EFBFBD><EFBFBD>ñ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݵ<EFBFBD>ͳ<EFBFBD>Ʊ<EFBFBD><EFBFBD><EFBFBD>start*/
+
+			set @v_log_sql1 := concat('insert into ',proc_log_table,'(proc_name,table_name,log_time,description) values(?,?,?,?)');
+
+			PREPARE  execs FROM @v_log_sql1;
+
+			EXECUTE   execs using proc_name,proc_log_table,ntime,@descriptionStart;
+
+			DEALLOCATE PREPARE execs;
+
+			COMMIT;
+
+
+			#20190328 <20><><EFBFBD>Ӷ<EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD><EFBFBD>is_audit=1 && (is_valid=1 || is_valid=0) <20><>Ϊapproved <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>cfg_state=4[is_valid=0 && is_audit=1],<2C><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>˹<EFBFBD><CBB9>ģ<EFBFBD><C4A3><EFBFBD><EFBFBD><EFBFBD>cfg_state=1<><31><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͨ<EFBFBD><CDA8><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ч<EFBFBD>ģ<EFBFBD><C4A3><EFBFBD><EFBFBD><EFBFBD>չʾ<D5B9><CABE>approvedֵʵ<D6B5>ʰ<EFBFBD><CAB0><EFBFBD>cfg_state=4<><34>cfg_state=1
+			set @insert_statistics_sql := concat('insert into cfg_num_statistics(statistic_time,audit_time,function_id,service_id,action,compile_id,cfg_state) select  ','''',ntime,'''',',','audit_time,function_id,service_id,action,compile_id,if(is_valid=-1,-1,if(is_valid=1,1,if(is_audit=0,0,if(is_audit=1,4,if(is_audit=2,2,if(is_audit=3,3,0)))))) cfg_state from ',tabName);
+
+
+			PREPARE  execs FROM @insert_statistics_sql;
+
+			EXECUTE   execs;
+
+			DEALLOCATE PREPARE execs;
+
+			COMMIT;
+
+
+
+			set @descriptionEnd=concat(description,'<EFBFBD><EFBFBD>ͳ<EFBFBD><EFBFBD>end');
+
+			set @v_log_sql2 := concat('insert into ',proc_log_table,'(proc_name,table_name,log_time,description) values(?,?,?,?)');
+
+			PREPARE  execs FROM @v_log_sql2;
+
+			EXECUTE   execs using proc_name,proc_log_table,ntime,@descriptionEnd;
+
+			DEALLOCATE PREPARE execs;
+
+			COMMIT;
+
+			/*<EFBFBD>쳣<EFBFBD>˳<EFBFBD>loop*/
+			IF t_error=1 THEN
+				LEAVE loop_iloop;
+			END IF;
+
+			/*ѭ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>˳<EFBFBD>loop*/
+			IF done=1 THEN
+
+				LEAVE loop_iloop;
+
+			ELSE
+
+				SET flag=0;
+
+			END IF;
+
+			IF flag=0 THEN
+
+				SET done=0;
+
+			END IF;
+
+		END LOOP loop_iloop;
+
+	CLOSE icursor;
+	 /*ȡ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͳ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>*/
+	SELECT count(statistic_time) INTO nRow from cfg_num_statistics where statistic_time=ntime;
+	
+
+	IF t_error=1 THEN    /*<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>쳣<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>*/
+		delete from cfg_num_statistics where statistic_time=ntime;
+		COMMIT;
+	ELSEIF nRow > 0 THEN /*<EFBFBD>жϱ<EFBFBD><EFBFBD><EFBFBD>ͳ<EFBFBD><EFBFBD><EFBFBD>Ƿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>¼<EFBFBD>룬<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɾ<EFBFBD><EFBFBD><EFBFBD>ϴ<EFBFBD>ͳ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݣ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>û<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ϴ<EFBFBD>ͳ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>*/
+
+		delete from cfg_num_statistics where statistic_time=otime;
+		COMMIT;
+	END IF;
+	COMMIT;
+END
+;;
+delimiter ;
+
+#ִ<>д洢<D0B4><E6B4A2><EFBFBD><EFBFBD>
+call exec_procs();
+
+-- ------------
+-- <20><>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>һ<EFBFBD><D2BB>type<70><65><EFBFBD>ԣ<EFBFBD><D4A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>޸ģ<DEB8><C4A3>޸<EFBFBD>ȫ<EFBFBD><C8AB>ͬ<EFBFBD><CDAC>״̬Ϊ3(<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>)
+-- ------------
+ALTER TABLE schedule_cfg ADD  type int(1) DEFAULT 1 COMMENT '1:<3A><>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD><EFBFBD>2<EFBFBD><32>ȫ<EFBFBD><C8AB>ͬ<EFBFBD><CDAC>ʱδִ<CEB4>е<EFBFBD><D0B5><EFBFBD><EFBFBD><EFBFBD>';
+update schedule_cfg set type=1;
+update sys_data_dictionary_item t set t.item_value=3  where t.dictionary_id=142;
+
+-- ------------
+-- ϵͳ<CFB5><CDB3><EFBFBD><EFBFBD>-><3E><><EFBFBD><EFBFBD>Ա<EFBFBD>û<EFBFBD>Ԥ<EFBFBD><D4A4>
+-- ------------
+INSERT INTO `sys_menu` (`parent_id`, `parent_ids`, `code`, `name`, `sort`, `href`, `target`, `icon`, `is_show`, `permission`, `create_by`, `create_date`, `update_by`, `update_date`, `remarks`, `del_flag`, `menu_bg`, `quick_action`, `is_top`, `function_id`) VALUES ('2', '0,1,2,', 'admin_user_warn', 'admin user warn', '5060', '/sys/warn/userWarnList', '', '', '1', 'sys:warnList:view', '1', '2019-03-28 10:06:26', '1', '2019-03-28 11:36:42', '', '1', NULL, '0', '0', NULL);
+
+CREATE TABLE `sys_user_warn` (
+  `service_id` int(11) NOT NULL COMMENT 'ҵ<EFBFBD><EFBFBD>ID',
+  `service_desc` varchar(255) DEFAULT '' COMMENT 'ҵ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
+  `interface_cfg_total` int(11) DEFAULT NULL COMMENT '<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
+  `system_cfg_total` int(11) DEFAULT NULL COMMENT '<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
+  `time` datetime DEFAULT NULL COMMENT '<EFBFBD><EFBFBD><EFBFBD>ݲ<EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><EFBFBD>',
+  `remark` varchar(255) DEFAULT NULL COMMENT '<EFBFBD><EFBFBD>ע',
+  PRIMARY KEY (`service_id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ա<EFBFBD>û<EFBFBD>Ԥ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>';
+-- <20><><EFBFBD>ñ<EFBFBD><C3B1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+INSERT INTO `sys_menu` (`parent_id`, `parent_ids`, `code`, `name`, `sort`, `href`, `target`, `icon`, `is_show`, `permission`, `create_by`, `create_date`, `update_by`, `update_date`, `remarks`, `del_flag`, `menu_bg`, `quick_action`, `is_top`, `function_id`) VALUES ('109', '0,1,109,', 'protection_list_manage', 'protection list manage', '5060', '/basics/innerProtectionList/list', '', 'fa fa-sticky-note-o', '1', 'basic:inner_protection_list:list', '1', '2019-03-25 15:28:34', '1', '2019-03-26 15:04:47', '', '1', NULL, '0', '0', NULL);
+	
+-- ------------
+-- <20><><EFBFBD>˲<EFBFBD><CBB2>·<EFBFBD><C2B7><EFBFBD><EFBFBD>ܣ<EFBFBD>ֻ<EFBFBD>н<EFBFBD><D0BD>˲˵<CBB2><CBB5><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>沢<EFBFBD>·<EFBFBD><C2B7>û<EFBFBD><C3BB>Ľ<EFBFBD>ɫ<EFBFBD><C9AB><EFBFBD>˽<EFBFBD>ɫ<EFBFBD>µ<EFBFBD><C2B5>û<EFBFBD><C3BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ÿ<EFBFBD>ֱ<EFBFBD><D6B1><EFBFBD>·<EFBFBD><C2B7><EFBFBD><EFBFBD>˰汾ע<E6B1BE><D7A2><EFBFBD><EFBFBD>ɫ<EFBFBD><C9AB><EFBFBD>䣩
+-- <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>˲<EFBFBD><CBB2>·<EFBFBD><C2B7>˵<EFBFBD>
+-- ------------
+INSERT INTO `sys_menu`(`parent_id`, `parent_ids`, `code`, `name`, `sort`, `href`, `target`, `icon`, `is_show`, `permission`, `create_by`, `create_date`, `update_by`, `update_date`, `remarks`, `del_flag`, `menu_bg`, `quick_action`, `is_top`, `function_id`) VALUES (86, '0,1,86,', 'save_and_audit', 'save and audit', 5060, '', '', '', 0, 'save:audit:permission', '1', '2019-04-08 11:30:31', '1', '2019-04-08 11:47:16', 'save_and_audit', 1, NULL, 0, 0, NULL);
+-- <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>˲<EFBFBD><CBB2>·<EFBFBD><C2B7><EFBFBD>ɫ
+INSERT INTO `sys_role`(`NAME`, `DATA_SCOPE`, `REMARK`, `STATUS`, `CREATE_TIME`, `ROLE_TYPE`) VALUES ('saveAndAudit', 1, '', 1, '2019-04-09 11:33:40', 'user');
+-- <20><><EFBFBD><EFBFBD>ΪsaveAndAudit<69><74>ɫ<EFBFBD><C9AB><EFBFBD><EFBFBD>save_and_audit<69>˵<EFBFBD><CBB5><EFBFBD>
+insert into  sys_privilege (PRIVILEGE_MASTER,PRIVILEGE_MASTER_VALUE,PRIVILEGE_ACCESS,PRIVILEGE_ACCESS_VALUE,PRIVILEGE_OPERATION )  select 'ROLE',r.id,1000,m.id,1 from sys_role r,sys_menu m where r.name='saveAndAudit' and m.code='save_and_audit'
+
+

src/main/resources/sql/deploymentsql/20190520extends_ip_port_pattern.sql

@@ -0,0 +1,104 @@
+#function_region_dict 对应ip_pattern，port_pattern的字段长度拓展一倍，使用分号分隔源/目的
+ALTER TABLE function_region_dict MODIFY config_ip_pattern VARCHAR(20) COMMENT "ip的格式 1:ip掩码;2:IP范围;3:IP;使用逗号分隔,源ip与目的IP使用;分隔";
+ALTER TABLE function_region_dict MODIFY config_port_pattern VARCHAR(20) COMMENT "端口的格式，1:port;2:port_mask;使用逗号分隔,源端口与目的端口使用;分隔";
+#各表修改ip_pattern，port_pattern
+#app_ip_cfg
+ALTER TABLE app_ip_cfg CHANGE ip_pattern src_ip_pattern INT COMMENT '源ip格式';
+ALTER TABLE app_ip_cfg ADD dest_ip_pattern INT COMMENT '目的ip格式';
+ALTER TABLE app_ip_cfg CHANGE port_pattern src_port_pattern INT COMMENT '源端口格式';
+ALTER TABLE app_ip_cfg ADD dest_port_pattern INT COMMENT '目的端口格式';
+#app_ip_range_cfg
+ALTER TABLE app_ip_range_cfg CHANGE ip_pattern src_ip_pattern INT COMMENT '源ip格式';
+ALTER TABLE app_ip_range_cfg ADD dest_ip_pattern INT COMMENT '目的ip格式';
+ALTER TABLE app_ip_range_cfg CHANGE port_pattern src_port_pattern INT COMMENT '源端口格式';
+ALTER TABLE app_ip_range_cfg ADD dest_port_pattern INT COMMENT '目的端口格式';
+#area_ip_cfg
+ALTER TABLE area_ip_cfg CHANGE ip_pattern src_ip_pattern INT COMMENT '源ip格式';
+ALTER TABLE area_ip_cfg ADD dest_ip_pattern INT COMMENT '目的ip格式';
+ALTER TABLE area_ip_cfg CHANGE port_pattern src_port_pattern INT COMMENT '源端口格式';
+ALTER TABLE area_ip_cfg ADD dest_port_pattern INT COMMENT '目的端口格式';
+#asn_ip_cfg
+ALTER TABLE asn_ip_cfg CHANGE ip_pattern src_ip_pattern INT COMMENT '源ip格式';
+ALTER TABLE asn_ip_cfg ADD dest_ip_pattern INT COMMENT '目的ip格式';
+ALTER TABLE asn_ip_cfg CHANGE port_pattern src_port_pattern INT COMMENT '源端口格式';
+ALTER TABLE asn_ip_cfg ADD dest_port_pattern INT COMMENT '目的端口格式';
+#av_cont_ip_cfg
+ALTER TABLE av_cont_ip_cfg change ip_pattern src_ip_pattern int COMMENT '源ip格式';
+ALTER TABLE av_cont_ip_cfg add dest_ip_pattern INT COMMENT '目的ip格式';
+ALTER TABLE av_cont_ip_cfg CHANGE port_pattern src_port_pattern INT COMMENT '源端口格式';
+ALTER TABLE av_cont_ip_cfg ADD dest_port_pattern INT COMMENT '目的端口格式';
+#av_pic_ip_cfg
+ALTER TABLE av_pic_ip_cfg CHANGE ip_pattern src_ip_pattern INT COMMENT '源ip格式';
+ALTER TABLE av_pic_ip_cfg ADD dest_ip_pattern INT COMMENT '目的ip格式';
+ALTER TABLE av_pic_ip_cfg CHANGE port_pattern src_port_pattern INT COMMENT '源端口格式';
+ALTER TABLE av_pic_ip_cfg ADD dest_port_pattern INT COMMENT '目的端口格式';
+#av_voip_ip_cfg
+ALTER TABLE av_voip_ip_cfg CHANGE ip_pattern src_ip_pattern INT COMMENT '源ip格式';
+ALTER TABLE av_voip_ip_cfg ADD dest_ip_pattern INT COMMENT '目的ip格式';
+ALTER TABLE av_voip_ip_cfg CHANGE port_pattern src_port_pattern INT COMMENT '源端口格式';
+ALTER TABLE av_voip_ip_cfg ADD dest_port_pattern INT COMMENT '目的端口格式';
+#ddos_ip_cfg
+ALTER TABLE ddos_ip_cfg CHANGE ip_pattern src_ip_pattern INT COMMENT '源ip格式';
+ALTER TABLE ddos_ip_cfg ADD dest_ip_pattern INT COMMENT '目的ip格式';
+ALTER TABLE ddos_ip_cfg CHANGE port_pattern src_port_pattern INT COMMENT '源端口格式';
+ALTER TABLE ddos_ip_cfg ADD dest_port_pattern INT COMMENT '目的端口格式';
+#dns_ip_cfg
+ALTER TABLE dns_ip_cfg CHANGE ip_pattern src_ip_pattern INT COMMENT '源ip格式';
+ALTER TABLE dns_ip_cfg ADD dest_ip_pattern INT COMMENT '目的ip格式';
+ALTER TABLE dns_ip_cfg CHANGE port_pattern src_port_pattern INT COMMENT '源端口格式';
+ALTER TABLE dns_ip_cfg ADD dest_port_pattern INT COMMENT '目的端口格式';
+#ip_port_cfg
+ALTER TABLE ip_port_cfg CHANGE ip_pattern src_ip_pattern INT COMMENT '源ip格式';
+ALTER TABLE ip_port_cfg ADD dest_ip_pattern INT COMMENT '目的ip格式';
+ALTER TABLE ip_port_cfg CHANGE port_pattern src_port_pattern INT COMMENT '源端口格式';
+ALTER TABLE ip_port_cfg ADD dest_port_pattern INT COMMENT '目的端口格式';
+#ip_reuse_ip_cfg
+ALTER TABLE ip_reuse_ip_cfg CHANGE ip_pattern src_ip_pattern INT COMMENT '源ip格式';
+ALTER TABLE ip_reuse_ip_cfg ADD dest_ip_pattern INT COMMENT '目的ip格式';
+ALTER TABLE ip_reuse_ip_cfg CHANGE port_pattern src_port_pattern INT COMMENT '源端口格式';
+ALTER TABLE ip_reuse_ip_cfg ADD dest_port_pattern INT COMMENT '目的端口格式';
+#ip_reuse_policy_cfg
+ALTER TABLE ip_reuse_policy_cfg CHANGE ip_pattern src_ip_pattern INT COMMENT '源ip格式';
+ALTER TABLE ip_reuse_policy_cfg ADD dest_ip_pattern INT COMMENT '目的ip格式';
+#修改字典的值
+UPDATE function_region_dict SET config_ip_pattern ="1,2,3;1,2,3" WHERE config_ip_pattern="1,2,3";
+UPDATE function_region_dict SET config_ip_pattern ="1;1" WHERE config_ip_pattern="1";
+UPDATE function_region_dict SET config_ip_pattern ="3;3" WHERE config_ip_pattern="3";
+UPDATE function_region_dict SET config_ip_pattern ="1,3;1,3" WHERE config_ip_pattern="1,3";
+
+UPDATE function_region_dict SET config_port_pattern ="1;1" WHERE config_port_pattern="1";
+UPDATE function_region_dict SET config_port_pattern ="1,2;1,2" WHERE config_port_pattern="1,2";
+#Spoofing IP修改只显示目的IP
+UPDATE function_region_dict SET config_ip_port_show=3 WHERE function_id=401;
+#ASN IP修改只显示目的IP
+UPDATE function_region_dict SET config_ip_port_show=3 WHERE function_id=600;
+#sql 更新字段语句
+UPDATE app_ip_cfg c SET c.dest_ip_pattern =(SELECT b.src_ip_pattern FROM ( SELECT a.src_ip_pattern,a.`cfg_id` FROM app_ip_cfg a) b WHERE b.cfg_id=c.`cfg_id`);
+UPDATE app_ip_cfg c SET c.dest_port_pattern =(SELECT b.src_port_pattern FROM ( SELECT a.src_port_pattern,a.`cfg_id` FROM app_ip_cfg a) b WHERE b.cfg_id=c.`cfg_id`);
+
+UPDATE app_ip_range_cfg c SET c.dest_ip_pattern =(SELECT b.src_ip_pattern FROM ( SELECT a.src_ip_pattern,a.`cfg_id` FROM app_ip_range_cfg a) b WHERE b.cfg_id=c.`cfg_id`);
+UPDATE app_ip_range_cfg c SET c.dest_port_pattern =(SELECT b.src_port_pattern FROM ( SELECT a.src_port_pattern,a.`cfg_id` FROM app_ip_range_cfg a) b WHERE b.cfg_id=c.`cfg_id`);
+
+UPDATE area_ip_cfg c SET c.dest_ip_pattern =(SELECT b.src_ip_pattern FROM ( SELECT a.src_ip_pattern,a.`cfg_id` FROM area_ip_cfg a) b WHERE b.cfg_id=c.`cfg_id`);
+UPDATE area_ip_cfg c SET c.dest_port_pattern =(SELECT b.src_port_pattern FROM ( SELECT a.src_port_pattern,a.`cfg_id` FROM area_ip_cfg a) b WHERE b.cfg_id=c.`cfg_id`);
+
+UPDATE asn_ip_cfg c SET c.dest_ip_pattern =(SELECT b.src_ip_pattern FROM ( SELECT a.src_ip_pattern,a.`cfg_id` FROM asn_ip_cfg a) b WHERE b.cfg_id=c.`cfg_id`);
+UPDATE asn_ip_cfg c SET c.dest_port_pattern =(SELECT b.src_port_pattern FROM ( SELECT a.src_port_pattern,a.`cfg_id` FROM asn_ip_cfg a) b WHERE b.cfg_id=c.`cfg_id`);
+
+UPDATE av_cont_ip_cfg c SET c.dest_ip_pattern =(SELECT b.src_ip_pattern FROM ( SELECT a.src_ip_pattern,a.`cfg_id` FROM av_cont_ip_cfg a) b WHERE b.cfg_id=c.`cfg_id`);
+UPDATE av_cont_ip_cfg c SET c.dest_port_pattern =(SELECT b.src_port_pattern FROM ( SELECT a.src_port_pattern,a.`cfg_id` FROM av_cont_ip_cfg a) b WHERE b.cfg_id=c.`cfg_id`);
+
+UPDATE av_pic_ip_cfg c SET c.dest_ip_pattern =(SELECT b.src_ip_pattern FROM ( SELECT a.src_ip_pattern,a.`cfg_id` FROM av_pic_ip_cfg a) b WHERE b.cfg_id=c.`cfg_id`);
+UPDATE av_pic_ip_cfg c SET c.dest_port_pattern =(SELECT b.src_port_pattern FROM ( SELECT a.src_port_pattern,a.`cfg_id` FROM av_pic_ip_cfg a) b WHERE b.cfg_id=c.`cfg_id`);
+
+UPDATE av_voip_ip_cfg c SET c.dest_ip_pattern =(SELECT b.src_ip_pattern FROM ( SELECT a.src_ip_pattern,a.`cfg_id` FROM av_voip_ip_cfg a) b WHERE b.cfg_id=c.`cfg_id`);
+UPDATE av_voip_ip_cfg c SET c.dest_port_pattern =(SELECT b.src_port_pattern FROM ( SELECT a.src_port_pattern,a.`cfg_id` FROM av_voip_ip_cfg a) b WHERE b.cfg_id=c.`cfg_id`);
+
+UPDATE ddos_ip_cfg c SET c.dest_ip_pattern =(SELECT b.src_ip_pattern FROM ( SELECT a.src_ip_pattern,a.`cfg_id` FROM ddos_ip_cfg a) b WHERE b.cfg_id=c.`cfg_id`);
+UPDATE ddos_ip_cfg c SET c.dest_port_pattern =(SELECT b.src_port_pattern FROM ( SELECT a.src_port_pattern,a.`cfg_id` FROM ddos_ip_cfg a) b WHERE b.cfg_id=c.`cfg_id`);
+
+UPDATE dns_ip_cfg c SET c.dest_ip_pattern =(SELECT b.src_ip_pattern FROM ( SELECT a.src_ip_pattern,a.`cfg_id` FROM dns_ip_cfg a) b WHERE b.cfg_id=c.`cfg_id`);
+UPDATE dns_ip_cfg c SET c.dest_port_pattern =(SELECT b.src_port_pattern FROM ( SELECT a.src_port_pattern,a.`cfg_id` FROM dns_ip_cfg a) b WHERE b.cfg_id=c.`cfg_id`);
+
+UPDATE ip_port_cfg c SET c.dest_ip_pattern =(SELECT b.src_ip_pattern FROM ( SELECT a.src_ip_pattern,a.`cfg_id` FROM ip_port_cfg a) b WHERE b.cfg_id=c.`cfg_id`);
+UPDATE ip_port_cfg c SET c.dest_port_pattern =(SELECT b.src_port_pattern FROM ( SELECT a.src_port_pattern,a.`cfg_id` FROM ip_port_cfg a) b WHERE b.cfg_id=c.`cfg_id`);

src/main/webapp/WEB-INF/tags/sys/delRow.tag

@@ -209,10 +209,10 @@ function update(url){
 		return;
 	} */
 	if($(checkboxes).filter(":checked").length==1){
-		if(cked.val()==1){
+		/* if(cked.val()==1){
 			top.$.jBox.tip("<spring:message code='has_approved'/>", "<spring:message code='info'/>");
 			return;
-		}/*else if(cked.val()==3){
+		} *//*else if(cked.val()==3){
 			 top.$.jBox.tip("<spring:message code='cancel_approved'/>", "<spring:message code='info'/>");
 			return;
 		}*/

src/main/webapp/WEB-INF/views/cfg/app/appPolicyCfgForm.jsp

@@ -59,14 +59,15 @@ $(function(){
 		submitHandler: function(form){
 			var flag = true;
 			//代表所有业务都隐藏了，提示必须增加一种业务数据
-			/* if($(".boxSolid").length ==$(".boxSolid.hidden").length){
+			if($("[name=action]:checked").val()==1&&$(".boxSolid").length ==$(".boxSolid.hidden").length){
 				top.$.jBox.tip("<spring:message code='one_more'/>", "<spring:message code='info'/>");
 				return;
-			} */
+			}
+			/*
 			if($("[name=action]:checked").val()==1&&$(".ipPortAdd").parents(".form-section").next(".boxSolid").is(":hidden")){
 				 top.$.jBox.tip("<spring:message code='ip_must_select'/>", "<spring:message code='info'/>");
 				 return false;
-			}
+			}*/
 			$(".boxSolid:visible").find("input[name$='cfgKeywords']").each(function(){
 				if($(this).val()==''){
 					$(this).parents(".form-group").find(

src/main/webapp/WEB-INF/views/cfg/app/appSslCfgForm.jsp

@@ -95,6 +95,8 @@ function changeDistrict(obj){
                        	<input type="hidden" name="compileId" value="${_cfg.compileId}">
                        	<input type="hidden" name="functionId" value="${_cfg.functionId}">
                        	<input type="hidden" id="serviceId" name="serviceId" value="${_cfg.serviceId}">
+                       	<input type="hidden" name="isValid" value="${_cfg.isValid}">
+							<input type="hidden" name="isAudit" value="${_cfg.isAudit}">
                        	<input type="hidden" id="appCode" name="appCode" value="${_cfg.appCode}">
                        	<input type="hidden" id="behavCode" name="behavCode" value="${_cfg.behavCode}">
                        	<!-- 配置域类型 -->
@@ -434,18 +436,36 @@ function changeDistrict(obj){
                           	<%--  <%@include file="/WEB-INF/include/form/basicInfo.jsp" %> --%>
                           </div>
                           <div class="form-actions">
-                              <div class="row">
-                                  <div class="col-md-6">
-                                      <div class="row">
-                                          <div class="col-md-offset-3 col-md-8">
-                                              <button id="save" type="submit" class="btn green"><spring:message code="submit"/></button>
-                                              <button id="cancel" type="button" class="btn default"><spring:message code="cancel"/></button>
-                                          </div>
-                                      </div>
-                                  </div>
-                                  <div class="col-md-6"> </div>
-                              </div>
-                          </div>
+									<div class="row">
+										<div class="col-md-6">
+											<div class="row">
+												<div class="col-md-offset-3 col-md-8">
+													<c:set var="auditPermission" value="false"></c:set>
+													<!-- 拥有配置新增直接生效的功能权限 -->
+													<shiro:hasPermission name="save:audit:permission">
+														<c:set var="auditPermission" value="true"></c:set>
+													</shiro:hasPermission>
+													<c:choose>
+														<c:when test="${!(fns:getUser().isAdmin()) && auditPermission}">
+															<button id="audit" type="submit" class="btn green">
+															<spring:message code="submit" />
+														</button>
+														</c:when>
+														<c:otherwise>
+															<button id="save" type="submit" class="btn green">
+																<spring:message code="submit" />
+															</button>
+														</c:otherwise>
+													</c:choose>
+													<button id="cancel" type="button" class="btn default">
+														<spring:message code="cancel" />
+													</button>
+												</div>
+											</div>
+										</div>
+										<div class="col-md-6"></div>
+									</div>
+								</div>
                       </form>
                       <!-- END FORM-->
                   </div>

src/main/webapp/WEB-INF/views/cfg/basicprotocol/form.jsp

@@ -66,11 +66,16 @@ $(function(){
 				return;
 			}
 			 */
-			 var flag = true;
+			//代表所有业务都隐藏了，提示必须增加一种业务数据
+			if($("[name=action]:checked").val()==1&&$(".boxSolid").length ==$(".boxSolid.hidden").length) {
+				top.$.jBox.tip("<spring:message code='one_more'/>", "<spring:message code='info'/>");
+				return;
+			}
+			 /*
 			 if($("[name=action]:checked").val()==1&&$(".ipPortAdd").parents(".form-section").next(".boxSolid").is(":hidden")){
 				 top.$.jBox.tip("<spring:message code='ip_must_select'/>", "<spring:message code='info'/>");
 				 return false;
-			 }
+			 }*/
 			 $(".boxSolid:visible").find("input[name$='cfgKeywords']").each(function(){
 					
 					if($(this).val()==''){

src/main/webapp/WEB-INF/views/cfg/encryptedtunnelbehav/form.jsp

@@ -50,6 +50,11 @@ $(function(){
 		},
 		submitHandler: function(form){
 			var flag = true;
+			//代表所有业务都隐藏了，提示必须增加一种业务数据
+			if($("[name=action]:checked").val()==1&&$(".boxSolid").length ==$(".boxSolid.hidden").length){
+				top.$.jBox.tip("<spring:message code='one_more'/>", "<spring:message code='info'/>");
+				return;
+			}
 			$(".boxSolid:visible").find("input[name$='cfgKeywords']").each(function(){
 				if($(this).val()==''){
 					$(this).parents(".form-group").find(

src/main/webapp/WEB-INF/views/cfg/fileTransfer/fileDigestForm.jsp

@@ -15,7 +15,8 @@
 			sampleFileValidate();
 			
 		});
-		hiddenlevel($("select[name='cfdsLevel']").val());
+		//hiddenlevel($("select[name='cfdsLevel']").val());
+		hiddenlevel(null);
 		$(".action").on("change", function() {
 			$("#serviceId").val($(this).attr("serviceId"));
 			$("#protocolId").val($(this).attr("protocolId"));

src/main/webapp/static/global/scripts/ipRegion.js

@@ -71,15 +71,17 @@ var processPattern=function(selector,pattern){
  * ip默认选项处理
  */
 var initCommIpVal=function(){
-	var action,regionCode,serviceType,ipPortShow,ipType,
+	var action,regionCode,ipPortShow,ipType,serviceId,
 	srcIpPattern,destIpPattern,srcPortPattern,destPortPattern,
 	direction,protocol,regionType;
 	if($("input[name$='action']:checked").length>0){
 		regionCode=$("input[name$='action']:checked").attr("regionCode");
 		action=$("input[name$='action']:checked").val();
+		serviceId=$("input[name$='action']:checked").attr("serviceId");
 	}else{
 		regionCode=$("input[name$='action']").attr("regionCode");
 		action=$("input[name$='action']").val();
+		serviceId=$("input[name$='action']").attr("serviceId");
 	}
 	if(regionCode){
 		if(regionCode.indexOf(",")==-1){
@@ -102,6 +104,10 @@ var initCommIpVal=function(){
 		}
 	}
 	if(regionCode){//IP域大于1个，根据action获取ip属性
+
+		if(serviceId==149||serviceId==37){//ASN比较特殊，action与ip的相同但是service id不同，这里调用regionCode=5的话会导致获取不到正确的属性
+			regionCode=$("input[name$='action'][value='"+action+"'][serviceId!='"+serviceId+"']").attr("regionCode");
+		}
 		ipPortShow=$("input[name$='cfgRegionCode'][value='"+regionCode+"']").attr("ipPortShow"),
 		ipType=$("input[name$='cfgRegionCode'][value='"+regionCode+"']").attr("ipType"),
 		srcIpPattern=$("input[name$='cfgRegionCode'][value='"+regionCode+"']").attr("srcIpPattern"),
@@ -230,7 +236,7 @@ var changeIPVal=function(obj){
 	}
 	if(regionCode){
 		if(regionCode.indexOf(",")==-1){
-			$("#cfgRegionCode"+regionCode).attr("name","cfgRegionCode");	
+			$("#cfgRegionCode"+regionCode).attr("name","cfgRegionCode");
 			$("#cfgType"+regionCode).attr("name","cfgType");
 		}else{
 			var _region='';
@@ -327,7 +333,7 @@ var changeIPVal=function(obj){
 					o.find("select[name$='ipType']").selectpicker("refresh");
 				}
 			}
-			
+
 		}
 		//源ip格式处理
 		changePattern(o,"srcIpPattern",srcIpPattern);