20190610之前部署的sql记录

时间间隔默认5分钟，日志导出最大条数修改为2万
修复审核通过配置修改成功提示信息bug
2019-07-03 15:01:25 +08:00 · 2019-06-03 17:07:53 +08:00 · 2019-05-29 14:01:14 +08:00 · 2019-05-28 19:51:46 +08:00 · 2019-05-28 19:51:01 +08:00 · 2019-05-27 10:17:42 +08:00
17 changed files with 1025 additions and 32 deletions
--- a/README.md
+++ b/README.md
@@ -1 +1,3 @@
-在公共分组功能逻辑完善之前，此分支为ntc界面系统的全集上线升级分支合并版。
+610功能升级：
 系统需要支持对 生效中的配置 进行修改的功能；
 统计的时间修改为一个月，性能是否可以；
--- a/src/main/java/com/nis/web/controller/configuration/AppCfgController.java
+++ b/src/main/java/com/nis/web/controller/configuration/AppCfgController.java
@@ -1262,7 +1262,13 @@ public class AppCfgController extends BaseController {
 				entity.setAppCode(specificService.getSpecServiceCode());
 			}
 			appCfgService.saveOrUpdateAppSslCfg(entity);
-			addMessage(redirectAttributes, "success", "save_success");
+			//配置仅保存
 			if(StringUtil.isEmpty(entity.getIsValid()) || entity.getIsValid()!=1) {
 				addMessage(redirectAttributes, "success", "save_success");
 			}else {
 			//配置直接生效
 				addMessage(redirectAttributes, "success", "audit_success");
 			}
 		} catch (Exception e) {
 			e.printStackTrace();
 			logger.error("saveAppSslCfg failed", e);
--- a/src/main/java/com/nis/web/controller/configuration/ntc/AvController.java
+++ b/src/main/java/com/nis/web/controller/configuration/ntc/AvController.java
@@ -311,7 +311,13 @@ public class AvController extends BaseController {
 			}
 			avCfgService.saveOrUpdateAvFileSample(entity, srcFile);
-			addMessage(redirectAttributes, "success", "save_success");
+			//配置仅保存
 			if(StringUtil.isEmpty(entity.getIsValid()) || entity.getIsValid()!=1) {
 				addMessage(redirectAttributes, "success", "save_success");
 			}else {
 			//配置直接生效
 				addMessage(redirectAttributes, "success", "audit_success");
 			}
 		} catch (Exception e) {
 			logger.error("文件上传失败", e);
 			e.printStackTrace();
@@ -339,7 +345,13 @@ public class AvController extends BaseController {
 			RedirectAttributes redirectAttributes, String ids, AvSignSampleCfg entity) {
 		try {
 			avCfgService.saveOrUpdateAvSignSample(entity);
-			addMessage(redirectAttributes, "success", "save_success");
+			//配置仅保存
 			if(StringUtil.isEmpty(entity.getIsValid()) || entity.getIsValid()!=1) {
 				addMessage(redirectAttributes, "success", "save_success");
 			}else {
 			//配置直接生效
 				addMessage(redirectAttributes, "success", "audit_success");
 			}
 		} catch (Exception e) {
 			logger.error("saveAudioSignSample failed", e);
 			e.printStackTrace();
@@ -591,7 +603,13 @@ public class AvController extends BaseController {
 				// if(!avSignSampleCfg.getAction().equals(avSignSampleCfg.getActionOld())||!avSignSampleCfg.getIsValid().equals(avSignSampleCfg.getIsValidOld())){
 				try {
 					avCfgService.auditAvSignSample(avSignSampleCfg);
-					addMessage(redirectAttributes, "success", "save_success");
+					//配置仅保存
 					if(StringUtil.isEmpty(avSignSampleCfg.getIsValid()) || avSignSampleCfg.getIsValid()!=1) {
 						addMessage(redirectAttributes, "success", "save_success");
 					}else {
 					//配置直接生效
 						addMessage(redirectAttributes, "success", "audit_success");
 					}
 				} catch (Exception e) {
 					e.printStackTrace();
 					if (e instanceof MaatConvertException) {
--- a/src/main/java/com/nis/web/controller/configuration/proxy/ControlPolicyController.java
+++ b/src/main/java/com/nis/web/controller/configuration/proxy/ControlPolicyController.java
@@ -157,7 +157,13 @@ public class ControlPolicyController extends BaseController{
 			,RedirectAttributes redirectAttributes){
 		try{
 			controlPolicyService.saveOrUpdate(cfg,areaCfgIds);
-			addMessage(redirectAttributes,"success","save_success");
+			//配置仅保存
 			if(StringUtil.isEmpty(cfg.getIsValid()) || cfg.getIsValid()!=1) {
 				addMessage(redirectAttributes, "success", "save_success");
 			}else {
 			//配置直接生效
 				addMessage(redirectAttributes, "success", "audit_success");
 			}
 		}catch(Exception e){
 			logger.error("信息保存失败",e);
 			if(e instanceof MaatConvertException) {
--- a/src/main/java/com/nis/web/controller/configuration/proxy/FileStrategyController.java
+++ b/src/main/java/com/nis/web/controller/configuration/proxy/FileStrategyController.java
@@ -118,7 +118,13 @@ public class FileStrategyController extends CommonController {
 				cfg.setContentLength(file.length());//文件长度
 			}
 			proxyFileStrategyService.saveOrUpdate(cfg);
-			addMessage(redirectAttributes,"success","save_success");
+			//配置仅保存
 			if(StringUtil.isEmpty(cfg.getIsValid()) || cfg.getIsValid()!=1) {
 				addMessage(redirectAttributes, "success", "save_success");
 			}else {
 			//配置直接生效
 				addMessage(redirectAttributes, "success", "audit_success");
 			}			
 		}catch(Exception e){
 			logger.error("信息保存失败",e);
 			if(e instanceof MaatConvertException) {
--- a/src/main/java/com/nis/web/service/configuration/AppCfgService.java
+++ b/src/main/java/com/nis/web/service/configuration/AppCfgService.java
@@ -960,6 +960,10 @@ public class AppCfgService extends BaseService {
 	public void saveOrUpdateAppSslCfg(AppSslCertCfg entity) throws Exception {
 		// 设置区域运营商信息
 		setAreaEffectiveIds(entity);
 		int isValid=0; 
 		if(!StringUtil.isEmpty(entity.getIsValid()) && entity.getIsValid()==1) {
 			isValid=1;
 		}
 		if (entity.getCfgId() == null) {
 			Integer compileId = 0;
 			try {
@@ -1011,6 +1015,12 @@ public class AppCfgService extends BaseService {
 			}
 		}
 		if(isValid==1) {
 			entity.setIsAudit(1);
 			entity.setIsValid(1);			
 			entity.setAuditTime(new Date());
 			auditAppSslCfg(entity, entity.getIsAudit());
 		}
 	}
--- a/src/main/resources/nis.properties
+++ b/src/main/resources/nis.properties
@@ -184,7 +184,7 @@ trafficIpActiveOneHour=v1/trafficIpActiveOneHour
 client_connect_timeout=500000
 client_read_timeout=500000
-log_time_interval=500000
+log_time_interval=300000
 logsearch_menu_id=152
 #use elasticsearch or not#
 isUseES=false
@@ -485,7 +485,7 @@ ntcCollectRadiusLog=v1/ntcCollectRadiusLogs
 ntcConnRecordLog=v1/ntcConnRecordLogs
 ntcConnRecordPercent=v1/ntcConnRecordPercent
 #\u5bfc\u51fa\u6700\u5927\u6761\u6570
-maxLogExportSize=2000
+maxLogExportSize=20000
 pxy_crtl_subscribe_id_region=PXY_CTRL_SUBSCRIBE_ID
 ntc_subscribe_id_region=NTC_SUBSCRIBE_ID
 ntcAsnRecord=v1/ntcAsnRecord
--- a/src/main/resources/sql/deploymentsql/20190508help_document.sql
+++ b/src/main/resources/sql/deploymentsql/20190508help_document.sql
@@ -0,0 +1,612 @@
 -- ----------------------------
 -- Table structure for help_document
 -- ----------------------------
 DROP TABLE IF EXISTS `help_document`;
 CREATE TABLE `help_document` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `file_name` varchar(100) DEFAULT '',
  `file_comment` text DEFAULT NULL,
  `back_file_comment` text DEFAULT NULL,
  PRIMARY KEY (`id`),
  KEY `INDEX_FILE_NAME` (`file_name`)
 ) ENGINE=InnoDB AUTO_INCREMENT=45 DEFAULT CHARSET=utf8mb4;
 -- ----------------------------
 -- Records of help_document
 -- ----------------------------
 INSERT INTO `help_document` VALUES ('1', 'cache_policy.md', 'Cache Policy
 On National Proxy System, Individual Cache policy rules determine
 whether to cache or not based on traffic attributes, such as URL and
 Cookies. For cache action, the optimization parameters are:
 *A Cache key* -  is a unique string that lets the National Proxy System
 look for web content when requests hit them. It<49><74>s made up of a hostname,
 path, and cookie parts. By default, the Proxy use the entire URL as the
 cache key. Selecting the correct cache key will ensure maximum cache
 footprint and increase cache hits.
 *Ignore Query String in URL* -  in case the query strings doesn<73><6E>t
 actually indicate that the object need to be different then you could
 EXCLUDE them from the cache key. For example, after ignoring <20><>sqp<71><70> and
 <EFBFBD><EFBFBD>rs<EFBFBD><EFBFBD> of URL: <20><>https://example.com/pic.jpg?~~sqp=UAAI&rs=AOn4~~<7E><>.
 *Include Cookie Values* -  in case the server send different content for
 the same URL based on the cookie value, you can include that cookie
 value as a part of cache key. For example, the server may set a cookie
 at the client called "prefLang=ru" to record user preferred language,
 you could add "prefLang" to distinguish different web content.
 *Disable Revalidate* -  is an ON-OFF switch. The pragma-no-cache header
 in a client<6E><74>s request causes the proxy to re-fetch the entire object
 from the original server, even if the cached copy of the object is
 fresh. By default this option is switch OFF, which means a client<6E><74>s
 non-conditional request results in a conditional GET request sent to the
 original server if the object is already in cache. The conditional
 request allows the original server to return the 304 Not Modified
 response, if the content in cache is still fresh. Thereby, the
 server-side bandwidth and latency consumed are lesser as the full
 content is not retrieved again from the original server.
 *Cache Dynamic Content* -  is an ON-OFF switch. A URL is considered
 dynamic if it ends in <20><>.asp(x)<29><> or contains a question mark (?), a
 semicolon (;), or <20><>cgi<67><69>. *Ignore Query String* overrides this option
 (switch on).
 *Cache Cookied Content* -  is an ON-OFF switch. By default, the Proxy
 does NOT cache cookied content of any type. If this option is switch on,
 the system cache all cookied content except HTML.
 *Ignore Request no-cache Headers* -  is an ON-OFF switch. By default, the
 proxy strictly observes client Cache-Control: no-cache directives. As
 known as:
 i.  Authorization
 ii. WWW-Authenticate
 iii. Cache-Control: no-store
 iv. Cache-Control: no-cache
 If a requested object contains a no-cache header, then proxy forwards
 the request to the origin server even if it has a fresh copy in cache.
 You can configure proxy to ignore client no-cache directives such that
 it ignores no-cache headers from client requests and serves the object
 from its cache.
 *Ignore Response no-cache Headers* -  is an ON-OFF switch. By default, a
 response from an origin server with a no-cache header is not stored in
 the cache. As known as:
 i.  Cache-Control: no-store
 ii. Cache-Control: private
 iii. Set-Cookie
 iv. Cache-Control: no-cache
 v.  WWW-Authenticate
 vi. Expires header with a value of 0 (zero) or a past date.
 If you configure proxy to ignore no-cache headers, then proxy also
 ignores no-store headers. The default behavior of observing no-cache
 directives is appropriate in most cases.
 *Forcing Object Caching* -  is an ON-OFF switch. You can force Proxy to
 cache specific URLs (including dynamic URLs) for a specified duration,
 regardless of Cache-Control response headers.
 *Minimum Use* -  sets the number of times an item must be requested by
 clients before Proxy caches it. This is useful if the cache is
 constantly filling up, as it ensures that only the most frequently
 accessed items are added to the cache. By default, Proxy cache object at
 its first appearance. The counter resets in every 30 minutes. Note that
 the requests is counted independently on each processing unit.
 *Max Cache Object Size* -  sets the upper limit of an object size, larger
 object will not be cached. By default, Proxy does not cache object
 larger than 1 GB.
 *Cache Pinning Time* -  configures Proxy to keep certain objects in the
 cache for a specified time. You can use this option to ensure that the
 most popular objects are in cache when needed and to prevent cache
 manager from deleting important objects. Proxy observes Cache-Control
 headers and pins an object in the cache only if it is indeed cacheable.
 *Max Cache Size* -  sets the upper limit of the size of storage for a
 policy. By default, Proxy uses all available disk space. When the cache
 size reaches the limit, the cache manager removes the files that were
 least recently used to bring the cache size back under the limit.
 *Inactive Time* -  specifies how long an item can remain in the cache
 without being accessed. A file that has not been requested for this time
 is automatically deleted from the cache by the cache manager, regardless
 of whether or not it has expired.
 ', null);
 INSERT INTO `help_document` VALUES ('2', 'control_policy.md', 'Control Policy
 On National Proxy System, Individual Control policy rules determine
 whether to allow, block, redirect or replace a session based on traffic
 attributes, such as URL, request header fields, request body keywords,
 response header fields, response body keywords, IP address, Subscribe ID
 and their combination. You could specify these attributes in the submenu
 of *Control Policy*.
 The attributes are detailed in following context:
 *URL* -  From proxy<78><79>s perspective, a HTTP URL consists of a hierarchical
 sequence of three components: URL = hostname/path[?query] . The URL path
 name can also be specified by the user in the local writing system. If
 not already encoded, it is converted to UTF-8, and any characters not
 part of the basic URL character set are escaped as hexadecimal using
 percent-encoding; for example, search keywords <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ܧڧۡ<DAA7> in Google
 produces URL<52><4C>
 https://www.google.com/search?q=%D1%80%D1%83%D1%81%D1%81%D0%BA%D0%B8%D0%B9
 To perform policy action on above URL, you could input the whole URL in
 the input box. Or, you could input original keywords and let the Proxy
 do the decoding, e.g. <20><>google.com/search<63><68> & <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ܧڧۡ<DAA7>. Note that the
 scheme string MUST be excluded from the URL, it<69><74>s <20><>https://<2F><> in this
 case.
 NOTE Maximum HTTP/HTTPS URL length is 1023 characters
 *Request Header* -  is used to set conditions on request header fields.
 Header fields are colon-separated key-value pairs in clear-text string
 format, terminated by a carriage return (CR) and line feed (LF)
 character sequence. For example, <20><>user-agent: Mozilla/5.0 (Windows NT
 10.0; Win64; x64)<29><> is a header filed in request header. The *Matching
 District* is used to configure the field<6C><64>s key, if the key was
 presented, the Proxy will search in the value for *Keywords*.
 *Response Header* -  is used to set conditions on response header fields.
 Its configuration is similar to *Request Header*.
 *Request Body* -  is used to set conditions on request<73><74>s body message.
 The Proxy searches the pre-configured *Keywords* in it. You can
 configure non-ASCII or non-utf8 keywords by turn on HEX.
 *Response Body* -  is used to set conditions on response<73><65>s body message.
 Its configuration is similar to *Request Body*.
 You could select one of the five actions for above attributes, as known
 as:
 *Monitor* -  the Proxy produce a log to record matched HTTP session
 information.
 *Block* -  the Proxy terminate matched HTTP session with an error page
 and produce a log. You MUST specify a *Response Code* and a *Response
 Content* to generate an error page.
 *Redirect*<2A><>the Proxy redirect matched HTTP session to a predefined URL.
 Since redirection need to be performed before delivering response to
 client, condition of response body is not applicable in this action. You
 MUST configure the redirect response via *Response Code* and *Response
 URL*. The Response URL MUST start with a scheme (http:// or https://).
 You SHOULD NOT select **301** as *Response Code* unless you exactly know
 what you are doing. This action produces a log.
 *Replace*<2A><>the Proxy *Searches in* a given HTTP part to *Find* a given
 string, and *Replace* any matches *with* another given string. If no
 match was found, the session remained untouched. For performance
 concerns, condition of request body and response body is not available
 in this action. For example, you can configure the Proxy to search in
 the response body of URL <20><>www.example.com/index.html<6D><6C>, find every
 <EFBFBD><EFBFBD>string1<EFBFBD><EFBFBD> and replace with <20><>string2<67><32>. This action produces a log.
 *Whitelist*<2A><>the Proxy pass-through the matched sessions and produce no
 log.
 National Proxy will enforce policy check on traffic attributes, policies
 have been created that there will be some that overlap or are subsets of
 the parameters that the policies use to determine which policy should be
 matched against the traffic. The execute order of policy is <20><>first
 match, first served<65><64>. In case of an incoming traffic attribute matches
 one more policy, the priority order is *Whitelist \> Block \>
 Redirect \> Replace \> Monitor*, action with higher priority overrides
 others. If multiple policies of same action are matched, policy with
 bigger ID number is precedence.
 ', null);
 INSERT INTO `help_document` VALUES ('3', 'intercept_policy.md', 'Intercept Policy
 An Intercept policy rule allows you to define traffic that you want the
 National Proxy to decrypt and to define traffic that you choose to
 exclude from decryption because the traffic is personal or because of
 local regulations. A connection is intercepted/optimized based on
 traffic attributes, such as IP address, domain name (via SNI matching)
 and Subscribe ID. You could specify these attributes in *IP Intercept*
 and *Domain Intercept*.
 Both *IP intercept* and *Domain Intercept* are subject two actions:
 *Intercept*<2A><>the National Proxy System intercepts network traffic for
 further control policy and cache policy checking. Interception requires
 certificates to establish the National Proxy as a trusted third party.
 National Proxy deployed in transparent mode, which means the users don`t
 have any proxy settings in their browser. When a connection is set to
 intercept, the proxy terminates the connection and initiates a new
 connection between client and server. If the connection is SSL
 encrypted, the original certificate is replaced with a substitute one.
 *Bypass*<2A><>the Proxy passes through the network connection without apply
 an optimization or policy checking. You can also use bypass action when
 excluding servers from SSL decryption for technical reasons (the site
 breaks decryption for reasons such as certificate pinning, unsupported
 ciphers, or mutual authentication). Apple Store, WhatsApp, Telegram,
 Microsoft Windows Update are common SSL pinning application. In case of
 traffic matches one more policy, bypass overrides intercept.
 When *Intercept Related Domains* is enabled, domains that share one
 certificates with the specified domain are considered as the same. For
 example, if the intercept facebook.com with I*ntercept Related Domain*
 option, then \*.xx.fbcdn.net, fb.com, .messenger.com and etc. are also
 intercepted. There may be side effects that intercept undesired websites
 that share one certificate. For example, two websites hosted in a same
 CDN provider (Content Delivery Network) or different products of one
 company.
 *Key ring* determines which certificate will be used to generate
 substitute certificate. You could configure key ring through *Proxy
 Policy Object* page. If no key ring is specified, proxy will use the
 default one.
 Intercept policy produces no log. You can find out if the interception
 is successful by checking if the certificate is issued by your
 pre-configured Root CA. You need a PC which traffic has already directed
 to the Proxy, and a web browser to test the policy. For Chrome and
 Microsoft Internet Explorer, you could click the lock icon on the
 address bar to view certificate. For Firefox, after you clicking the
 lock icon, click <20><>\><3E><> button to show connection details, click <20><>more
 information<EFBFBD><EFBFBD>, and then click <20><>view certificate<74><65>. If the browser warning
 that the connection is not secure, one possible reason is you haven<65><6E>t
 install/trust the root certificate yet.
 **Note:** You should exercise caution because web applications may not
 cooperate with SSL interception. Reasons that sites break decryption
 technically include pinned certificates, mutual authentication,
 incomplete certificate chains, unsupported ciphers, and non-standard SSL
 implementation. If a site uses an incomplete certificate chain, the
 National Proxy doesn<73><6E>t automatically fix the chain as a browser would.
 You need to manually download the missing sub-CA certificates and load
 and deploy them onto the proxy.', null);
 INSERT INTO `help_document` VALUES ('4', 'proxy_policy_object.md', 'Proxy Policy Object
 A policy object is a single object or a collective unit that groups
 discrete identities such as IP addresses, URLs, applications, or users.
 With policy objects that are a collective unit, you can reference the
 object in policy instead of manually selecting multiple objects one at a
 time. Typically, when creating a policy object, you group objects that
 require similar permissions in policy.
 1.  Key Ring
 On National Proxy System, Key Ring is a pair of private key and public
 certificate. You can also import a certificate chain containing multiple
 certificates. Key Ring is a policy object, you can reference it in
 *Intercept Policy*.
 There are three *Certificate Type:*
 *End-entity Certificate*<2A><> is used for web servers to identify
 themselves. The *Public Key File* MUST be .p12 format that contains
 entire certificate chain. The Private Key File could be .pem, .key or
 .p12 format. This certificate type is not applicable to *Domain
 Intercept* for it cannot be used to sign other certificates. *Expire
 After* parameter is also not applicable to end-entity certificate for
 the same reason.
 *Intermedia Certificate* -  is used to sign other certificates. An
 intermediate certificate must be signed by another intermediate
 certificate, or a root certificate. The *Public Key File* MUST be .p12
 format that contains entire certificate chain. The *Expire After*
 parameter indicates the expiration of the substitute certificate that
 was issued by this intermedia certificate.
 *Root Certificate* -  is used to sign other certificates. The *Public Key
 File* could be .der, .cer, .crt or .pem format. The *Expire After*
 parameter has the same meaning as Intermedia Certificate.
 *CRL* -  or Certificate Revocation List, is a list of digital
 certificates that have been revoked by the issuing certificate authority
 (CA) before their scheduled expiration date and should no longer be
 trusted. On Key Ring settings, CRL is an HTTP URL that point to a valid
 .crl file. Invalid URL or .crl file may produce certificate warnings on
 some browser, i.e. Internet Explorer 11.
 Specification of certificate formats:
 *.pem* <20>C (Privacy-enhanced Electronic Mail) Base64 encoded DER
 certificate, enclosed between "-----BEGIN CERTIFICATE-----" and
 "-----END CERTIFICATE-----"
 *.cer, .crt, .der* <20>C usually in binary DER form, but Base64-encoded
 certificates are common too (see .pem above)
 *.p12* <20>C PKCS\#12, may contain certificate(s) (public) and private keys
 (without password protected)
 1.  Trusted Certificate
 National Proxy System has a build-in trusted certificate authorities
 list. When the original certificate is issued by a certificate authority
 that not in the list, the proxy will issued the substitute certificate
 with an untrusted root certificate, and so consequently, the browser
 could identify unsecure connections.
 You can add a custom certificate authority to the trusted certificate
 authorities of the system.
 The certificate MUST be PEM format.
 Following are the National Proxy System<65><6D>s default trusted certificate
 authorities:
 ACCVRAIZ1
 Actalis Authentication Root CA
 AddTrust External CA Root
 AffirmTrust Commercial
 AffirmTrust Networking
 AffirmTrust Premium
 AffirmTrust Premium ECC
 Amazon Root CA 1
 Amazon Root CA 2
 Amazon Root CA 3
 Amazon Root CA 4
 Atos TrustedRoot 2011
 Autoridad de Certificacion Firmaprofesional CIF A62634068
 Baltimore CyberTrust Root
 Buypass Class 2 Root CA
 Buypass Class 3 Root CA
 CA Disig Root R2
 CFCA EV ROOT
 COMODO Certification Authority
 COMODO ECC Certification Authority
 COMODO RSA Certification Authority
 Certigna
 Certinomis - Root CA
 Class 2 Primary CA
 Certplus Root CA G1
 Certplus Root CA G2
 Certum Trusted Network CA
 Certum Trusted Network CA 2
 Chambers of Commerce Root - 2008
 AAA Certificate Services
 Cybertrust Global Root
 D-TRUST Root Class 3 CA 2 2009
 D-TRUST Root Class 3 CA 2 EV 2009
 DST Root CA X3
 Deutsche Telekom Root CA 2
 DigiCert Assured ID Root CA
 DigiCert Assured ID Root G2
 DigiCert Assured ID Root G3
 DigiCert Global Root CA
 DigiCert Global Root G2
 DigiCert Global Root G3
 DigiCert High Assurance EV Root CA
 DigiCert Trusted Root G4
 E-Tugra Certification Authority
 EC-ACC
 EE Certification Centre Root CA
 Entrust.net Certification Authority (2048)
 Entrust Root Certification Authority
 Entrust Root Certification Authority - EC1
 Entrust Root Certification Authority - G2
 GDCA TrustAUTH R5 ROOT
 GeoTrust Global CA
 GeoTrust Primary Certification Authority
 GeoTrust Primary Certification Authority - G2
 GeoTrust Primary Certification Authority - G3
 GeoTrust Universal CA
 GeoTrust Universal CA 2
 GlobalSign
 GlobalSign
 GlobalSign Root CA
 GlobalSign
 GlobalSign
 Global Chambersign Root - 2008
 Go Daddy Root Certificate Authority - G2
 Hellenic Academic and Research Institutions ECC RootCA 2015
 Hellenic Academic and Research Institutions RootCA 2011
 Hellenic Academic and Research Institutions RootCA 2015
 Hongkong Post Root CA 1
 ISRG Root X1
 IdenTrust Commercial Root CA 1
 IdenTrust Public Sector Root CA 1
 Izenpe.com
 LuxTrust Global Root 2
 Microsec e-Szigno Root CA 2009
 NetLock Arany (Class Gold) F?tan<61><6E>s<EFBFBD><73>tv<74><76>ny
 Network Solutions Certificate Authority
 OISTE WISeKey Global Root GA CA
 OISTE WISeKey Global Root GB CA
 OpenTrust Root CA G1
 OpenTrust Root CA G2
 OpenTrust Root CA G3
 QuoVadis Root Certification Authority
 QuoVadis Root CA 1 G3
 QuoVadis Root CA 2
 QuoVadis Root CA 2 G3
 QuoVadis Root CA 3
 QuoVadis Root CA 3 G3
 SSL.com EV Root Certification Authority ECC
 SSL.com EV Root Certification Authority RSA R2
 SSL.com Root Certification Authority ECC
 SSL.com Root Certification Authority RSA
 SZAFIR ROOT CA2
 SecureSign RootCA11
 SecureTrust CA
 Secure Global CA
 Sonera Class2 CA
 Staat der Nederlanden EV Root CA
 Staat der Nederlanden Root CA - G2
 Staat der Nederlanden Root CA - G3
 Starfield Root Certificate Authority - G2
 Starfield Services Root Certificate Authority - G2
 SwissSign Gold CA - G2
 SwissSign Silver CA - G2
 T-TeleSec GlobalRoot Class 2
 T-TeleSec GlobalRoot Class 3
 TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1
 TWCA Global Root CA
 TWCA Root Certification Authority
 TeliaSonera Root CA v1
 TrustCor ECA-1
 TrustCor RootCert CA-1
 TrustCor RootCert CA-2
 T<EFBFBD><EFBFBD>RKTRUST Elektronik Sertifika Hizmet Sa?lay?c?s? H5
 USERTrust ECC Certification Authority
 USERTrust RSA Certification Authority
 VeriSign Class 3 Public Primary Certification Authority - G4
 VeriSign Class 3 Public Primary Certification Authority - G5
 VeriSign Universal Root Certification Authority
 VeriSign Class 3 Public Primary Certification Authority - G3
 Visa eCommerce Root
 XRamp Global Certification Authority
 thawte Primary Root CA
 thawte Primary Root CA - G2
 thawte Primary Root CA - G3
 Microsoft Root Authority
 Microsoft Root Certificate Authority
 Microsoft Root Certificate Authority 2010
 Microsoft Root Certificate Authority 2011
 Baltimore CyberTrust Root
 ', null);
 commit;
--- a/src/main/resources/sql/deploymentsql/20190508other_sql.sql
+++ b/src/main/resources/sql/deploymentsql/20190508other_sql.sql
@@ -0,0 +1,191 @@
 CREATE TABLE `inner_protection_list` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `keyword` varchar(500) NOT NULL COMMENT '<EFBFBD>ؼ<EFBFBD><EFBFBD><EFBFBD>',
  `target_type` varchar(128) DEFAULT '' COMMENT '<EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
  `description` varchar(200) DEFAULT '',
  `is_valid` int(2) NOT NULL DEFAULT 0 COMMENT '-1ɾ<31><C9BE> 1<><31>Ч',
  `create_time` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
  `editor_id` int(11) DEFAULT NULL,
  `creator_id` int(11) NOT NULL,
  `edit_time` datetime DEFAULT NULL,
  PRIMARY KEY (`id`)
 ) ENGINE=InnoDB AUTO_INCREMENT=108 DEFAULT CHARSET=utf8mb4;
 INSERT INTO `inner_protection_list` VALUES ('104', '.com', 'domainCheck', 'protection domain', '1', '2019-03-26 13:54:28', '1', '1', '2019-04-02 11:16:36');
 INSERT INTO `inner_protection_list` VALUES ('106', '.com', 'urlCheck', 'protection url', '1', '2019-03-27 11:08:24', '1', '1', '2019-04-02 11:21:52');
 commit;
 DROP PROCEDURE IF EXISTS `proc_statistics_config`;
 delimiter ;;
 CREATE DEFINER=`root`@`%` PROCEDURE `proc_statistics_config`()
 BEGIN
 	DECLARE ntime VARCHAR(40);/*<EFBFBD><EFBFBD>ǰʱ<EFBFBD><EFBFBD>*/
 	DECLARE otime VARCHAR(40);/*<EFBFBD>ϴ<EFBFBD>ͳ<EFBFBD><EFBFBD>ʱ<EFBFBD><EFBFBD>*/
 	DECLARE nRow VARCHAR(40);/*<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͳ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>*/
 	DECLARE tabName VARCHAR(500);
 	DECLARE description VARCHAR(500);
 	DECLARE deleteSql VARCHAR(500);
 	DECLARE done INT;/*<EFBFBD>α<EFBFBD><EFBFBD><EFBFBD>ʶ*/
 	DECLARE flag INT;/*ѭ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʶ*/
 	DECLARE t_error INT;/*<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʶ*/
 	DECLARE proc_log_table VARCHAR(100);/*<EFBFBD>洢<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>־<EFBFBD><EFBFBD>*/
 	DECLARE proc_name VARCHAR(100);/*<EFBFBD>洢<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>*/
 	DECLARE icursor CURSOR FOR SELECT  tab_name FROM statistics_tables where is_valid=1;
 	DECLARE CONTINUE HANDLER FOR NOT found SET done=1;
 	DECLARE CONTINUE HANDLER FOR SQLEXCEPTION set t_error=1;
 	select max(statistic_time) into otime from cfg_num_statistics;
 	SET done=0;
 	SET t_error=0;
 	SET proc_log_table='proc_exec_log';
 	SET proc_name='proc_statistics_config';
 	SET ntime=DATE_FORMAT(SYSDATE(),'%Y-%m-%d %H:%i:%S');
 	OPEN icursor;
 		loop_iloop:LOOP
 			FETCH icursor INTO tabName;
 			SET description=tabName;
 			set @descriptionStart=concat(description,'<EFBFBD><EFBFBD>ͳ<EFBFBD><EFBFBD>start');
 			/*ͳ<EFBFBD>Ƶ<EFBFBD>ǰ<EFBFBD><EFBFBD><EFBFBD>ñ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݵ<EFBFBD>ͳ<EFBFBD>Ʊ<EFBFBD><EFBFBD><EFBFBD>start*/
 			set @v_log_sql1 := concat('insert into ',proc_log_table,'(proc_name,table_name,log_time,description) values(?,?,?,?)');
 			PREPARE  execs FROM @v_log_sql1;
 			EXECUTE   execs using proc_name,proc_log_table,ntime,@descriptionStart;
 			DEALLOCATE PREPARE execs;
 			COMMIT;
 			#20190328 <20><><EFBFBD>Ӷ<EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD><EFBFBD>is_audit=1 && (is_valid=1 || is_valid=0) <20><>Ϊapproved <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>cfg_state=4[is_valid=0 && is_audit=1],<2C><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>˹<EFBFBD><CBB9>ģ<EFBFBD><C4A3><EFBFBD><EFBFBD><EFBFBD>cfg_state=1<><31><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͨ<EFBFBD><CDA8><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ч<EFBFBD>ģ<EFBFBD><C4A3><EFBFBD><EFBFBD><EFBFBD>չʾ<D5B9><CABE>approvedֵʵ<D6B5>ʰ<EFBFBD><CAB0><EFBFBD>cfg_state=4<><34>cfg_state=1
 			set @insert_statistics_sql := concat('insert into cfg_num_statistics(statistic_time,audit_time,function_id,service_id,action,compile_id,cfg_state) select  ','''',ntime,'''',',','audit_time,function_id,service_id,action,compile_id,if(is_valid=-1,-1,if(is_valid=1,1,if(is_audit=0,0,if(is_audit=1,4,if(is_audit=2,2,if(is_audit=3,3,0)))))) cfg_state from ',tabName);
 			PREPARE  execs FROM @insert_statistics_sql;
 			EXECUTE   execs;
 			DEALLOCATE PREPARE execs;
 			COMMIT;
 			set @descriptionEnd=concat(description,'<EFBFBD><EFBFBD>ͳ<EFBFBD><EFBFBD>end');
 			set @v_log_sql2 := concat('insert into ',proc_log_table,'(proc_name,table_name,log_time,description) values(?,?,?,?)');
 			PREPARE  execs FROM @v_log_sql2;
 			EXECUTE   execs using proc_name,proc_log_table,ntime,@descriptionEnd;
 			DEALLOCATE PREPARE execs;
 			COMMIT;
 			/*<EFBFBD>쳣<EFBFBD>˳<EFBFBD>loop*/
 			IF t_error=1 THEN
 				LEAVE loop_iloop;
 			END IF;
 			/*ѭ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>˳<EFBFBD>loop*/
 			IF done=1 THEN
 				LEAVE loop_iloop;
 			ELSE
 				SET flag=0;
 			END IF;
 			IF flag=0 THEN
 				SET done=0;
 			END IF;
 		END LOOP loop_iloop;
 	CLOSE icursor;
 	 /*ȡ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͳ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>*/
 	SELECT count(statistic_time) INTO nRow from cfg_num_statistics where statistic_time=ntime;
 	IF t_error=1 THEN    /*<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>쳣<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>*/
 		delete from cfg_num_statistics where statistic_time=ntime;
 		COMMIT;
 	ELSEIF nRow > 0 THEN /*<EFBFBD>жϱ<EFBFBD><EFBFBD><EFBFBD>ͳ<EFBFBD><EFBFBD><EFBFBD>Ƿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>¼<EFBFBD>룬<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɾ<EFBFBD><EFBFBD><EFBFBD>ϴ<EFBFBD>ͳ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݣ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>û<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ϴ<EFBFBD>ͳ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>*/
 		delete from cfg_num_statistics where statistic_time=otime;
 		COMMIT;
 	END IF;
 	COMMIT;
 END
 ;;
 delimiter ;
 #ִ<>д洢<D0B4><E6B4A2><EFBFBD><EFBFBD>
 call exec_procs();
 -- ------------
 -- <20><>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>һ<EFBFBD><D2BB>type<70><65><EFBFBD>ԣ<EFBFBD><D4A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>޸ģ<DEB8><C4A3>޸<EFBFBD>ȫ<EFBFBD><C8AB>ͬ<EFBFBD><CDAC>״̬Ϊ3(<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>)
 -- ------------
 ALTER TABLE schedule_cfg ADD  type int(1) DEFAULT 1 COMMENT '1:<3A><>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD><EFBFBD>2<EFBFBD><32>ȫ<EFBFBD><C8AB>ͬ<EFBFBD><CDAC>ʱδִ<CEB4>е<EFBFBD><D0B5><EFBFBD><EFBFBD><EFBFBD>';
 update schedule_cfg set type=1;
 update sys_data_dictionary_item t set t.item_value=3  where t.dictionary_id=142;
 -- ------------
 -- ϵͳ<CFB5><CDB3><EFBFBD><EFBFBD>-><3E><><EFBFBD><EFBFBD>Ա<EFBFBD>û<EFBFBD>Ԥ<EFBFBD><D4A4>
 -- ------------
 INSERT INTO `sys_menu` (`parent_id`, `parent_ids`, `code`, `name`, `sort`, `href`, `target`, `icon`, `is_show`, `permission`, `create_by`, `create_date`, `update_by`, `update_date`, `remarks`, `del_flag`, `menu_bg`, `quick_action`, `is_top`, `function_id`) VALUES ('2', '0,1,2,', 'admin_user_warn', 'admin user warn', '5060', '/sys/warn/userWarnList', '', '', '1', 'sys:warnList:view', '1', '2019-03-28 10:06:26', '1', '2019-03-28 11:36:42', '', '1', NULL, '0', '0', NULL);
 CREATE TABLE `sys_user_warn` (
  `service_id` int(11) NOT NULL COMMENT 'ҵ<EFBFBD><EFBFBD>ID',
  `service_desc` varchar(255) DEFAULT '' COMMENT 'ҵ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
  `interface_cfg_total` int(11) DEFAULT NULL COMMENT '<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
  `system_cfg_total` int(11) DEFAULT NULL COMMENT '<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>',
  `time` datetime DEFAULT NULL COMMENT '<EFBFBD><EFBFBD><EFBFBD>ݲ<EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><EFBFBD>',
  `remark` varchar(255) DEFAULT NULL COMMENT '<EFBFBD><EFBFBD>ע',
  PRIMARY KEY (`service_id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ա<EFBFBD>û<EFBFBD>Ԥ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>';
 -- <20><><EFBFBD>ñ<EFBFBD><C3B1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
 INSERT INTO `sys_menu` (`parent_id`, `parent_ids`, `code`, `name`, `sort`, `href`, `target`, `icon`, `is_show`, `permission`, `create_by`, `create_date`, `update_by`, `update_date`, `remarks`, `del_flag`, `menu_bg`, `quick_action`, `is_top`, `function_id`) VALUES ('109', '0,1,109,', 'protection_list_manage', 'protection list manage', '5060', '/basics/innerProtectionList/list', '', 'fa fa-sticky-note-o', '1', 'basic:inner_protection_list:list', '1', '2019-03-25 15:28:34', '1', '2019-03-26 15:04:47', '', '1', NULL, '0', '0', NULL);
 -- ------------
 -- <20><><EFBFBD>˲<EFBFBD><CBB2>·<EFBFBD><C2B7><EFBFBD><EFBFBD>ܣ<EFBFBD>ֻ<EFBFBD>н<EFBFBD><D0BD>˲˵<CBB2><CBB5><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>沢<EFBFBD>·<EFBFBD><C2B7>û<EFBFBD><C3BB>Ľ<EFBFBD>ɫ<EFBFBD><C9AB><EFBFBD>˽<EFBFBD>ɫ<EFBFBD>µ<EFBFBD><C2B5>û<EFBFBD><C3BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ÿ<EFBFBD>ֱ<EFBFBD><D6B1><EFBFBD>·<EFBFBD><C2B7><EFBFBD><EFBFBD>˰汾ע<E6B1BE><D7A2><EFBFBD><EFBFBD>ɫ<EFBFBD><C9AB><EFBFBD>䣩
 -- <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>˲<EFBFBD><CBB2>·<EFBFBD><C2B7>˵<EFBFBD>
 -- ------------
 INSERT INTO `sys_menu`(`parent_id`, `parent_ids`, `code`, `name`, `sort`, `href`, `target`, `icon`, `is_show`, `permission`, `create_by`, `create_date`, `update_by`, `update_date`, `remarks`, `del_flag`, `menu_bg`, `quick_action`, `is_top`, `function_id`) VALUES (86, '0,1,86,', 'save_and_audit', 'save and audit', 5060, '', '', '', 0, 'save:audit:permission', '1', '2019-04-08 11:30:31', '1', '2019-04-08 11:47:16', 'save_and_audit', 1, NULL, 0, 0, NULL);
 -- <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>˲<EFBFBD><CBB2>·<EFBFBD><C2B7><EFBFBD>ɫ
 INSERT INTO `sys_role`(`NAME`, `DATA_SCOPE`, `REMARK`, `STATUS`, `CREATE_TIME`, `ROLE_TYPE`) VALUES ('saveAndAudit', 1, '', 1, '2019-04-09 11:33:40', 'user');
 -- <20><><EFBFBD><EFBFBD>ΪsaveAndAudit<69><74>ɫ<EFBFBD><C9AB><EFBFBD><EFBFBD>save_and_audit<69>˵<EFBFBD><CBB5><EFBFBD>
 insert into  sys_privilege (PRIVILEGE_MASTER,PRIVILEGE_MASTER_VALUE,PRIVILEGE_ACCESS,PRIVILEGE_ACCESS_VALUE,PRIVILEGE_OPERATION )  select 'ROLE',r.id,1000,m.id,1 from sys_role r,sys_menu m where r.name='saveAndAudit' and m.code='save_and_audit'
--- a/src/main/resources/sql/deploymentsql/20190520extends_ip_port_pattern.sql
+++ b/src/main/resources/sql/deploymentsql/20190520extends_ip_port_pattern.sql
@@ -0,0 +1,104 @@
 #function_region_dict 对应ip_pattern，port_pattern的字段长度拓展一倍，使用分号分隔源/目的
 ALTER TABLE function_region_dict MODIFY config_ip_pattern VARCHAR(20) COMMENT "ip的格式 1:ip掩码;2:IP范围;3:IP;使用逗号分隔,源ip与目的IP使用;分隔";
 ALTER TABLE function_region_dict MODIFY config_port_pattern VARCHAR(20) COMMENT "端口的格式，1:port;2:port_mask;使用逗号分隔,源端口与目的端口使用;分隔";
 #各表修改ip_pattern，port_pattern
 #app_ip_cfg
 ALTER TABLE app_ip_cfg CHANGE ip_pattern src_ip_pattern INT COMMENT '源ip格式';
 ALTER TABLE app_ip_cfg ADD dest_ip_pattern INT COMMENT '目的ip格式';
 ALTER TABLE app_ip_cfg CHANGE port_pattern src_port_pattern INT COMMENT '源端口格式';
 ALTER TABLE app_ip_cfg ADD dest_port_pattern INT COMMENT '目的端口格式';
 #app_ip_range_cfg
 ALTER TABLE app_ip_range_cfg CHANGE ip_pattern src_ip_pattern INT COMMENT '源ip格式';
 ALTER TABLE app_ip_range_cfg ADD dest_ip_pattern INT COMMENT '目的ip格式';
 ALTER TABLE app_ip_range_cfg CHANGE port_pattern src_port_pattern INT COMMENT '源端口格式';
 ALTER TABLE app_ip_range_cfg ADD dest_port_pattern INT COMMENT '目的端口格式';
 #area_ip_cfg
 ALTER TABLE area_ip_cfg CHANGE ip_pattern src_ip_pattern INT COMMENT '源ip格式';
 ALTER TABLE area_ip_cfg ADD dest_ip_pattern INT COMMENT '目的ip格式';
 ALTER TABLE area_ip_cfg CHANGE port_pattern src_port_pattern INT COMMENT '源端口格式';
 ALTER TABLE area_ip_cfg ADD dest_port_pattern INT COMMENT '目的端口格式';
 #asn_ip_cfg
 ALTER TABLE asn_ip_cfg CHANGE ip_pattern src_ip_pattern INT COMMENT '源ip格式';
 ALTER TABLE asn_ip_cfg ADD dest_ip_pattern INT COMMENT '目的ip格式';
 ALTER TABLE asn_ip_cfg CHANGE port_pattern src_port_pattern INT COMMENT '源端口格式';
 ALTER TABLE asn_ip_cfg ADD dest_port_pattern INT COMMENT '目的端口格式';
 #av_cont_ip_cfg
 ALTER TABLE av_cont_ip_cfg change ip_pattern src_ip_pattern int COMMENT '源ip格式';
 ALTER TABLE av_cont_ip_cfg add dest_ip_pattern INT COMMENT '目的ip格式';
 ALTER TABLE av_cont_ip_cfg CHANGE port_pattern src_port_pattern INT COMMENT '源端口格式';
 ALTER TABLE av_cont_ip_cfg ADD dest_port_pattern INT COMMENT '目的端口格式';
 #av_pic_ip_cfg
 ALTER TABLE av_pic_ip_cfg CHANGE ip_pattern src_ip_pattern INT COMMENT '源ip格式';
 ALTER TABLE av_pic_ip_cfg ADD dest_ip_pattern INT COMMENT '目的ip格式';
 ALTER TABLE av_pic_ip_cfg CHANGE port_pattern src_port_pattern INT COMMENT '源端口格式';
 ALTER TABLE av_pic_ip_cfg ADD dest_port_pattern INT COMMENT '目的端口格式';
 #av_voip_ip_cfg
 ALTER TABLE av_voip_ip_cfg CHANGE ip_pattern src_ip_pattern INT COMMENT '源ip格式';
 ALTER TABLE av_voip_ip_cfg ADD dest_ip_pattern INT COMMENT '目的ip格式';
 ALTER TABLE av_voip_ip_cfg CHANGE port_pattern src_port_pattern INT COMMENT '源端口格式';
 ALTER TABLE av_voip_ip_cfg ADD dest_port_pattern INT COMMENT '目的端口格式';
 #ddos_ip_cfg
 ALTER TABLE ddos_ip_cfg CHANGE ip_pattern src_ip_pattern INT COMMENT '源ip格式';
 ALTER TABLE ddos_ip_cfg ADD dest_ip_pattern INT COMMENT '目的ip格式';
 ALTER TABLE ddos_ip_cfg CHANGE port_pattern src_port_pattern INT COMMENT '源端口格式';
 ALTER TABLE ddos_ip_cfg ADD dest_port_pattern INT COMMENT '目的端口格式';
 #dns_ip_cfg
 ALTER TABLE dns_ip_cfg CHANGE ip_pattern src_ip_pattern INT COMMENT '源ip格式';
 ALTER TABLE dns_ip_cfg ADD dest_ip_pattern INT COMMENT '目的ip格式';
 ALTER TABLE dns_ip_cfg CHANGE port_pattern src_port_pattern INT COMMENT '源端口格式';
 ALTER TABLE dns_ip_cfg ADD dest_port_pattern INT COMMENT '目的端口格式';
 #ip_port_cfg
 ALTER TABLE ip_port_cfg CHANGE ip_pattern src_ip_pattern INT COMMENT '源ip格式';
 ALTER TABLE ip_port_cfg ADD dest_ip_pattern INT COMMENT '目的ip格式';
 ALTER TABLE ip_port_cfg CHANGE port_pattern src_port_pattern INT COMMENT '源端口格式';
 ALTER TABLE ip_port_cfg ADD dest_port_pattern INT COMMENT '目的端口格式';
 #ip_reuse_ip_cfg
 ALTER TABLE ip_reuse_ip_cfg CHANGE ip_pattern src_ip_pattern INT COMMENT '源ip格式';
 ALTER TABLE ip_reuse_ip_cfg ADD dest_ip_pattern INT COMMENT '目的ip格式';
 ALTER TABLE ip_reuse_ip_cfg CHANGE port_pattern src_port_pattern INT COMMENT '源端口格式';
 ALTER TABLE ip_reuse_ip_cfg ADD dest_port_pattern INT COMMENT '目的端口格式';
 #ip_reuse_policy_cfg
 ALTER TABLE ip_reuse_policy_cfg CHANGE ip_pattern src_ip_pattern INT COMMENT '源ip格式';
 ALTER TABLE ip_reuse_policy_cfg ADD dest_ip_pattern INT COMMENT '目的ip格式';
 #修改字典的值
 UPDATE function_region_dict SET config_ip_pattern ="1,2,3;1,2,3" WHERE config_ip_pattern="1,2,3";
 UPDATE function_region_dict SET config_ip_pattern ="1;1" WHERE config_ip_pattern="1";
 UPDATE function_region_dict SET config_ip_pattern ="3;3" WHERE config_ip_pattern="3";
 UPDATE function_region_dict SET config_ip_pattern ="1,3;1,3" WHERE config_ip_pattern="1,3";
 UPDATE function_region_dict SET config_port_pattern ="1;1" WHERE config_port_pattern="1";
 UPDATE function_region_dict SET config_port_pattern ="1,2;1,2" WHERE config_port_pattern="1,2";
 #Spoofing IP修改只显示目的IP
 UPDATE function_region_dict SET config_ip_port_show=3 WHERE function_id=401;
 #ASN IP修改只显示目的IP
 UPDATE function_region_dict SET config_ip_port_show=3 WHERE function_id=600;
 #sql 更新字段语句
 UPDATE app_ip_cfg c SET c.dest_ip_pattern =(SELECT b.src_ip_pattern FROM ( SELECT a.src_ip_pattern,a.`cfg_id` FROM app_ip_cfg a) b WHERE b.cfg_id=c.`cfg_id`);
 UPDATE app_ip_cfg c SET c.dest_port_pattern =(SELECT b.src_port_pattern FROM ( SELECT a.src_port_pattern,a.`cfg_id` FROM app_ip_cfg a) b WHERE b.cfg_id=c.`cfg_id`);
 UPDATE app_ip_range_cfg c SET c.dest_ip_pattern =(SELECT b.src_ip_pattern FROM ( SELECT a.src_ip_pattern,a.`cfg_id` FROM app_ip_range_cfg a) b WHERE b.cfg_id=c.`cfg_id`);
 UPDATE app_ip_range_cfg c SET c.dest_port_pattern =(SELECT b.src_port_pattern FROM ( SELECT a.src_port_pattern,a.`cfg_id` FROM app_ip_range_cfg a) b WHERE b.cfg_id=c.`cfg_id`);
 UPDATE area_ip_cfg c SET c.dest_ip_pattern =(SELECT b.src_ip_pattern FROM ( SELECT a.src_ip_pattern,a.`cfg_id` FROM area_ip_cfg a) b WHERE b.cfg_id=c.`cfg_id`);
 UPDATE area_ip_cfg c SET c.dest_port_pattern =(SELECT b.src_port_pattern FROM ( SELECT a.src_port_pattern,a.`cfg_id` FROM area_ip_cfg a) b WHERE b.cfg_id=c.`cfg_id`);
 UPDATE asn_ip_cfg c SET c.dest_ip_pattern =(SELECT b.src_ip_pattern FROM ( SELECT a.src_ip_pattern,a.`cfg_id` FROM asn_ip_cfg a) b WHERE b.cfg_id=c.`cfg_id`);
 UPDATE asn_ip_cfg c SET c.dest_port_pattern =(SELECT b.src_port_pattern FROM ( SELECT a.src_port_pattern,a.`cfg_id` FROM asn_ip_cfg a) b WHERE b.cfg_id=c.`cfg_id`);
 UPDATE av_cont_ip_cfg c SET c.dest_ip_pattern =(SELECT b.src_ip_pattern FROM ( SELECT a.src_ip_pattern,a.`cfg_id` FROM av_cont_ip_cfg a) b WHERE b.cfg_id=c.`cfg_id`);
 UPDATE av_cont_ip_cfg c SET c.dest_port_pattern =(SELECT b.src_port_pattern FROM ( SELECT a.src_port_pattern,a.`cfg_id` FROM av_cont_ip_cfg a) b WHERE b.cfg_id=c.`cfg_id`);
 UPDATE av_pic_ip_cfg c SET c.dest_ip_pattern =(SELECT b.src_ip_pattern FROM ( SELECT a.src_ip_pattern,a.`cfg_id` FROM av_pic_ip_cfg a) b WHERE b.cfg_id=c.`cfg_id`);
 UPDATE av_pic_ip_cfg c SET c.dest_port_pattern =(SELECT b.src_port_pattern FROM ( SELECT a.src_port_pattern,a.`cfg_id` FROM av_pic_ip_cfg a) b WHERE b.cfg_id=c.`cfg_id`);
 UPDATE av_voip_ip_cfg c SET c.dest_ip_pattern =(SELECT b.src_ip_pattern FROM ( SELECT a.src_ip_pattern,a.`cfg_id` FROM av_voip_ip_cfg a) b WHERE b.cfg_id=c.`cfg_id`);
 UPDATE av_voip_ip_cfg c SET c.dest_port_pattern =(SELECT b.src_port_pattern FROM ( SELECT a.src_port_pattern,a.`cfg_id` FROM av_voip_ip_cfg a) b WHERE b.cfg_id=c.`cfg_id`);
 UPDATE ddos_ip_cfg c SET c.dest_ip_pattern =(SELECT b.src_ip_pattern FROM ( SELECT a.src_ip_pattern,a.`cfg_id` FROM ddos_ip_cfg a) b WHERE b.cfg_id=c.`cfg_id`);
 UPDATE ddos_ip_cfg c SET c.dest_port_pattern =(SELECT b.src_port_pattern FROM ( SELECT a.src_port_pattern,a.`cfg_id` FROM ddos_ip_cfg a) b WHERE b.cfg_id=c.`cfg_id`);
 UPDATE dns_ip_cfg c SET c.dest_ip_pattern =(SELECT b.src_ip_pattern FROM ( SELECT a.src_ip_pattern,a.`cfg_id` FROM dns_ip_cfg a) b WHERE b.cfg_id=c.`cfg_id`);
 UPDATE dns_ip_cfg c SET c.dest_port_pattern =(SELECT b.src_port_pattern FROM ( SELECT a.src_port_pattern,a.`cfg_id` FROM dns_ip_cfg a) b WHERE b.cfg_id=c.`cfg_id`);
 UPDATE ip_port_cfg c SET c.dest_ip_pattern =(SELECT b.src_ip_pattern FROM ( SELECT a.src_ip_pattern,a.`cfg_id` FROM ip_port_cfg a) b WHERE b.cfg_id=c.`cfg_id`);
 UPDATE ip_port_cfg c SET c.dest_port_pattern =(SELECT b.src_port_pattern FROM ( SELECT a.src_port_pattern,a.`cfg_id` FROM ip_port_cfg a) b WHERE b.cfg_id=c.`cfg_id`);
--- a/src/main/webapp/WEB-INF/tags/sys/delRow.tag
+++ b/src/main/webapp/WEB-INF/tags/sys/delRow.tag
@@ -209,10 +209,10 @@ function update(url){
 		return;
 	} */
 	if($(checkboxes).filter(":checked").length==1){
-		if(cked.val()==1){
+		/* if(cked.val()==1){
 			top.$.jBox.tip("<spring:message code='has_approved'/>", "<spring:message code='info'/>");
 			return;
-		}/*else if(cked.val()==3){
+		} *//*else if(cked.val()==3){
 			 top.$.jBox.tip("<spring:message code='cancel_approved'/>", "<spring:message code='info'/>");
 			return;
 		}*/
--- a/src/main/webapp/WEB-INF/views/cfg/app/appPolicyCfgForm.jsp
+++ b/src/main/webapp/WEB-INF/views/cfg/app/appPolicyCfgForm.jsp
@@ -59,14 +59,15 @@ $(function(){
 		submitHandler: function(form){
 			var flag = true;
 			//代表所有业务都隐藏了，提示必须增加一种业务数据
-			/* if($(".boxSolid").length ==$(".boxSolid.hidden").length){
+			if($("[name=action]:checked").val()==1&&$(".boxSolid").length ==$(".boxSolid.hidden").length){
 				top.$.jBox.tip("<spring:message code='one_more'/>", "<spring:message code='info'/>");
 				return;
-			} */
+			}
 			/*
 			if($("[name=action]:checked").val()==1&&$(".ipPortAdd").parents(".form-section").next(".boxSolid").is(":hidden")){
 				 top.$.jBox.tip("<spring:message code='ip_must_select'/>", "<spring:message code='info'/>");
 				 return false;
-			}
+			}*/
 			$(".boxSolid:visible").find("input[name$='cfgKeywords']").each(function(){
 				if($(this).val()==''){
 					$(this).parents(".form-group").find(
--- a/src/main/webapp/WEB-INF/views/cfg/app/appSslCfgForm.jsp
+++ b/src/main/webapp/WEB-INF/views/cfg/app/appSslCfgForm.jsp
@@ -95,6 +95,8 @@ function changeDistrict(obj){
                       	<input type="hidden" name="compileId" value="${_cfg.compileId}">
                       	<input type="hidden" name="functionId" value="${_cfg.functionId}">
                       	<input type="hidden" id="serviceId" name="serviceId" value="${_cfg.serviceId}">
                       	<input type="hidden" name="isValid" value="${_cfg.isValid}">
 							<input type="hidden" name="isAudit" value="${_cfg.isAudit}">
                       	<input type="hidden" id="appCode" name="appCode" value="${_cfg.appCode}">
                       	<input type="hidden" id="behavCode" name="behavCode" value="${_cfg.behavCode}">
                       	<!-- 配置域类型 -->
@@ -434,18 +436,36 @@ function changeDistrict(obj){
                          	<%--  <%@include file="/WEB-INF/include/form/basicInfo.jsp" %> --%>
                          </div>
                          <div class="form-actions">
-                              <div class="row">
+									<div class="row">
-                                  <div class="col-md-6">
+										<div class="col-md-6">
-                                      <div class="row">
+											<div class="row">
-                                          <div class="col-md-offset-3 col-md-8">
+												<div class="col-md-offset-3 col-md-8">
-                                              <button id="save" type="submit" class="btn green"><spring:message code="submit"/></button>
+													<c:set var="auditPermission" value="false"></c:set>
-                                              <button id="cancel" type="button" class="btn default"><spring:message code="cancel"/></button>
+													<!-- 拥有配置新增直接生效的功能权限 -->
-                                          </div>
+													<shiro:hasPermission name="save:audit:permission">
-                                      </div>
+														<c:set var="auditPermission" value="true"></c:set>
-                                  </div>
+													</shiro:hasPermission>
-                                  <div class="col-md-6"> </div>
+													<c:choose>
-                              </div>
+														<c:when test="${!(fns:getUser().isAdmin()) && auditPermission}">
-                          </div>
+															<button id="audit" type="submit" class="btn green">
 															<spring:message code="submit" />
 														</button>
 														</c:when>
 														<c:otherwise>
 															<button id="save" type="submit" class="btn green">
 																<spring:message code="submit" />
 															</button>
 														</c:otherwise>
 													</c:choose>
 													<button id="cancel" type="button" class="btn default">
 														<spring:message code="cancel" />
 													</button>
 												</div>
 											</div>
 										</div>
 										<div class="col-md-6"></div>
 									</div>
 								</div>
                      </form>
                      <!-- END FORM-->
                  </div>
--- a/src/main/webapp/WEB-INF/views/cfg/basicprotocol/form.jsp
+++ b/src/main/webapp/WEB-INF/views/cfg/basicprotocol/form.jsp
@@ -66,11 +66,16 @@ $(function(){
 				return;
 			}
 			 */
-			 var flag = true;
+			//代表所有业务都隐藏了，提示必须增加一种业务数据
 			if($("[name=action]:checked").val()==1&&$(".boxSolid").length ==$(".boxSolid.hidden").length) {
 				top.$.jBox.tip("<spring:message code='one_more'/>", "<spring:message code='info'/>");
 				return;
 			}
 			 /*
 			 if($("[name=action]:checked").val()==1&&$(".ipPortAdd").parents(".form-section").next(".boxSolid").is(":hidden")){
 				 top.$.jBox.tip("<spring:message code='ip_must_select'/>", "<spring:message code='info'/>");
 				 return false;
-			 }
+			 }*/
 			 $(".boxSolid:visible").find("input[name$='cfgKeywords']").each(function(){
 					if($(this).val()==''){
--- a/src/main/webapp/WEB-INF/views/cfg/encryptedtunnelbehav/form.jsp
+++ b/src/main/webapp/WEB-INF/views/cfg/encryptedtunnelbehav/form.jsp
@@ -50,6 +50,11 @@ $(function(){
 		},
 		submitHandler: function(form){
 			var flag = true;
 			//代表所有业务都隐藏了，提示必须增加一种业务数据
 			if($("[name=action]:checked").val()==1&&$(".boxSolid").length ==$(".boxSolid.hidden").length){
 				top.$.jBox.tip("<spring:message code='one_more'/>", "<spring:message code='info'/>");
 				return;
 			}
 			$(".boxSolid:visible").find("input[name$='cfgKeywords']").each(function(){
 				if($(this).val()==''){
 					$(this).parents(".form-group").find(
--- a/src/main/webapp/WEB-INF/views/cfg/fileTransfer/fileDigestForm.jsp
+++ b/src/main/webapp/WEB-INF/views/cfg/fileTransfer/fileDigestForm.jsp
@@ -15,7 +15,8 @@
 			sampleFileValidate();
 		});
-		hiddenlevel($("select[name='cfdsLevel']").val());
+		//hiddenlevel($("select[name='cfdsLevel']").val());
 		hiddenlevel(null);
 		$(".action").on("change", function() {
 			$("#serviceId").val($(this).attr("serviceId"));
 			$("#protocolId").val($(this).attr("protocolId"));
--- a/src/main/webapp/static/global/scripts/ipRegion.js
+++ b/src/main/webapp/static/global/scripts/ipRegion.js
@@ -71,15 +71,17 @@ var processPattern=function(selector,pattern){
 * ip默认选项处理
 */
 var initCommIpVal=function(){
-	var action,regionCode,serviceType,ipPortShow,ipType,
+	var action,regionCode,ipPortShow,ipType,serviceId,
 	srcIpPattern,destIpPattern,srcPortPattern,destPortPattern,
 	direction,protocol,regionType;
 	if($("input[name$='action']:checked").length>0){
 		regionCode=$("input[name$='action']:checked").attr("regionCode");
 		action=$("input[name$='action']:checked").val();
 		serviceId=$("input[name$='action']:checked").attr("serviceId");
 	}else{
 		regionCode=$("input[name$='action']").attr("regionCode");
 		action=$("input[name$='action']").val();
 		serviceId=$("input[name$='action']").attr("serviceId");
 	}
 	if(regionCode){
 		if(regionCode.indexOf(",")==-1){
@@ -102,6 +104,10 @@ var initCommIpVal=function(){
 		}
 	}
 	if(regionCode){//IP域大于1个，根据action获取ip属性
 		if(serviceId==149||serviceId==37){//ASN比较特殊，action与ip的相同但是service id不同，这里调用regionCode=5的话会导致获取不到正确的属性
 			regionCode=$("input[name$='action'][value='"+action+"'][serviceId!='"+serviceId+"']").attr("regionCode");
 		}
 		ipPortShow=$("input[name$='cfgRegionCode'][value='"+regionCode+"']").attr("ipPortShow"),
 		ipType=$("input[name$='cfgRegionCode'][value='"+regionCode+"']").attr("ipType"),
 		srcIpPattern=$("input[name$='cfgRegionCode'][value='"+regionCode+"']").attr("srcIpPattern"),
@@ -230,7 +236,7 @@ var changeIPVal=function(obj){
 	}
 	if(regionCode){
 		if(regionCode.indexOf(",")==-1){
-			$("#cfgRegionCode"+regionCode).attr("name","cfgRegionCode");	
+			$("#cfgRegionCode"+regionCode).attr("name","cfgRegionCode");
 			$("#cfgType"+regionCode).attr("name","cfgType");
 		}else{
 			var _region='';
@@ -327,7 +333,7 @@ var changeIPVal=function(obj){
 					o.find("select[name$='ipType']").selectpicker("refresh");
 				}
 			}
-			
+
 		}
 		//源ip格式处理
 		changePattern(o,"srcIpPattern",srcIpPattern);
Author	SHA1	Message	Date
段冬梅	bb7197f098	20190610之前部署的sql记录	2019-07-03 15:01:25 +08:00
duandongmei	de1eb563a3	时间间隔默认5分钟，日志导出最大条数修改为2万	2019-06-03 17:07:53 +08:00
wangwei	af28efc76d	修复审核通过配置修改成功提示信息bug Conflicts: src/main/java/com/nis/web/controller/configuration/proxy/FileStrategyController.java	2019-05-29 14:01:14 +08:00
wangxin	973f071897	删除无必要的判断	2019-05-28 19:51:46 +08:00
wangxin	e8e948ce7d	修复packet ip address asn切换到ip配置时，没有正确获取到配置属性的bug	2019-05-28 19:51:01 +08:00
wangwei	df9665376f	完善修改配置数据时提示信息问题	2019-05-27 10:17:42 +08:00
wangwei	2858e643ac	修复文件摘要修改功能请求服务接口失败	2019-05-27 10:15:59 +08:00
wangxin	8d2e30b952	Steam三个菜单的form表单当action 为monit的时候ip和账号必选一个	2019-05-23 10:22:24 +08:00
duandongmei	19c8492cc8	热修改功能打开	2019-05-20 15:57:52 +08:00
段冬梅	328f266046	Update README.md	2019-05-20 15:48:57 +08:00