审计日志修改

securitycontrol-auth/src/main/java/com/securitycontrol/auth/service/SysLoginService.java

@@ -7,6 +7,7 @@ import com.securitycontrol.common.core.enums.UserStatus;
 import com.securitycontrol.common.core.exception.ServiceException;
 import com.securitycontrol.common.core.utils.ServletUtils;
 import com.securitycontrol.common.core.utils.StringUtils;
+import com.securitycontrol.common.core.utils.aes.StringHelper;
 import com.securitycontrol.common.core.utils.ip.IpUtils;
 import com.securitycontrol.common.redis.service.RedisService;
 import com.securitycontrol.system.api.RemoteUserService;
@@ -80,22 +81,28 @@ public class SysLoginService
             recordLogService.recordLogininfor(username,null,"用户登录","对不起，您的账号：" + username + " 已锁定",1,0,"username="+username,startTime);
             throw new ServiceException("对不起，您的账号：" + username + " 已锁定",201);
         }
-        if(StringUtils.isEmpty(loginType) && !user.getLoginType().contains(Constant.BACK_LOGIN)){
+
-            recordLogService.recordLogininfor(username,null,"用户登录","账号无权限",1,0,"username="+username,startTime);
+        if(StringHelper.isEmpty(loginType)){
+            if(!user.getLoginType().contains(Constant.BACK_LOGIN)){
+                recordLogService.recordLogininfor(username,null,"用户登录","无登录后台权限",1,0,"username="+username,startTime);
                 throw new ServiceException("对不起，您的账号：" + username + " 无登录后台权限",201);
             }
-        if(StringUtils.isNotEmpty(loginType) && !user.getLoginType().contains(Constant.SC_SCREEN)){
+        }else if(Constant.SC_SCREEN.equals(loginType)){
-            recordLogService.recordLogininfor(username,null,"省侧大屏用户登录","账号无权限",1,0,"username="+username,startTime);
+            if(!user.getLoginType().contains(Constant.SC_SCREEN)){
+                recordLogService.recordLogininfor(username,null,"省侧大屏用户登录","无登录省侧大屏权限",1,0,"username="+username,startTime);
                 throw new ServiceException("对不起，您的账号：" + username + " 无登录省侧大屏权限",201);
             }
-        if(StringUtils.isEmpty(loginType) && !user.getLoginType().contains(Constant.SG_SCREEN)){
+        }else if(Constant.SG_SCREEN.equals(loginType)){
-            recordLogService.recordLogininfor(username,null,"施工大屏用户登录","账号无权限",1,0,"username="+username,startTime);
+            if(!user.getLoginType().contains(Constant.SG_SCREEN)){
+                recordLogService.recordLogininfor(username,null,"施工大屏用户登录","无登录施工大屏权限",1,0,"username="+username,startTime);
                 throw new ServiceException("对不起，您的账号：" + username + " 无登录施工大屏权限",201);
             }
-        if(StringUtils.isEmpty(loginType) && !user.getLoginType().contains(Constant.APP_LOGIN)){
+        }else if(Constant.APP_LOGIN.equals(loginType)){
-            recordLogService.recordLogininfor(username,null,"APP用户登录","账号无权限",1,0,"username="+username,startTime);
+            if(!user.getLoginType().contains(Constant.APP_LOGIN)){
+                recordLogService.recordLogininfor(username,null,"APP用户登录","无登录APP权限",1,0,"username="+username,startTime);
                 throw new ServiceException("对不起，您的账号：" + username + " 无登录APP权限",201);
             }
+        }
         passwordService.validate(user, password);
         Result<List<SysMenu>> menu = remoteUserService.getAllMenuList(user.getUserId()+"", SecurityConstants.INNER);
         list = handleMenuList(menu.getData(),loginType);
@@ -105,7 +112,7 @@ public class SysLoginService
         if(ip.equals(hisIp)){
             redisUtil.set("username",ip,times);
         }else{
-            recordLogService.errorLogs(username,null,"用户登录","IP异常",1,0,"username="+username,startTime);
+            recordLogService.errorLogs(username,user.getUserId(),"用户登录","IP异常",1,1,"username="+username,startTime);
         }
         recordLogService.recordLogininfor(username,user.getUserId(), "用户登录", "登录成功",1,1,"username="+username,startTime);
         remoteUserService.updateUserLogin(user.getUserId(),SecurityConstants.INNER);

securitycontrol-auth/src/main/java/com/securitycontrol/auth/service/SysPasswordService.java

@@ -10,6 +10,8 @@ import com.securitycontrol.common.redis.service.RedisService;
 import com.securitycontrol.common.security.utils.SecurityUtils;
 import com.securitycontrol.system.api.domain.SysUser;
 
+import javax.annotation.Resource;
+
 /**
  * 登录密码方法
  *
@@ -18,9 +20,13 @@ import com.securitycontrol.system.api.domain.SysUser;
 @Component
 public class SysPasswordService
 {
-    @Autowired
+    @Resource
     private RedisService redisService;
 
+    public  int ERROR_TIMES=5;
+
+    public  int LOCK_TIMES=5*60;
+
     private int maxRetryCount = CacheConstants.PASSWORD_MAX_RETRY_COUNT;
 
     private Long lockTime = CacheConstants.PASSWORD_LOCK_TIME;
@@ -41,21 +47,28 @@ public class SysPasswordService
 
     public void validate(SysUser user, String password)
     {
+        long startTime = System.currentTimeMillis();
         String username = user.getUserName();
-        Integer retryCount = redisService.getCacheObject(getCacheKey(username));
+        Integer retryCount=redisService.getIntVal(username);
-        if (retryCount == null) {
+        if(retryCount>ERROR_TIMES){
-            retryCount = 0;
+            long time=redisService.getExpireTimes(username);
-        }
+            recordLogService.recordLogininfor(username,user.getUserId(),"用户登录","账号被锁定",1,0,"username="+username,startTime);
+            throw new ServiceException("账号已锁定,请"+time+"分钟后重试",201);
+        }else{
             if (!matches(user, password)) {
                 retryCount = retryCount + 1;
-            recordLogService.recordLogininfor(username,user.getUserId(),"用户登录", String.format("密码输入错误%s次", retryCount),1,0,"username="+username);
+                recordLogService.recordLogininfor(username,user.getUserId(),"用户登录", String.format("密码输入错误%s次", retryCount),1,0,"username="+username,startTime);
-            redisService.setCacheObject(getCacheKey(username), retryCount, lockTime, TimeUnit.MINUTES);
+                redisService.set(username, retryCount, LOCK_TIMES);
                 throw new ServiceException("用户不存在/密码错误",201);
+
             } else {
+                redisService.deleteObject(username);
                 clearLoginRecordCache(username);
             }
         }
 
+    }
+
     public boolean matches(SysUser user, String rawPassword)
     {
         return SecurityUtils.matchesPassword(rawPassword, user.getPassword());

securitycontrol-commons/securitycontrol-commons-core/src/main/java/com/securitycontrol/common/core/constant/Constant.java

@@ -44,8 +44,18 @@ public class Constant {
 
     public final static String SG_SCREEN = "2";
     public final static String SG_SCREEN_NAME = "施工大屏";
+    /**
+     *
+     */
     public final static String SC_SCREEN = "1";
+    /**
+     * APP
+     */
+
     public final static String APP_LOGIN = "3";
+    /**
+     * 后台
+     */
     public final static String BACK_LOGIN = "4";
     public final static String SC_SCREEN_NAME = "省侧大屏";
     public final static String ADMINISTRATORS = "administrators";

securitycontrol-commons/securitycontrol-commons-entity/src/main/java/com/securitycontrol/entity/system/SystemGlobal.java

@@ -14,6 +14,9 @@ public class SystemGlobal {
      * 线路工程类型
      */
     public final static  String LINE_TYPE="线路";
+
+    public final static  String ERR_NUM="NAN";
+
     /**
      * 预案类型
      */

securitycontrol-commons/securitycontrol-commons-log/src/main/java/com/securitycontrol/common/log/aspect/OperLogAspect.java

@@ -97,7 +97,7 @@ public class OperLogAspect {
 
     @AfterThrowing(pointcut = "operExceptionLogPointCut()", throwing = "e")
     public void logAfterThrowing(JoinPoint joinPoint, Exception e) {
-        handleLog(joinPoint, e, null, null);
+     //   handleLog(joinPoint, e, null, null);
     }
 
     protected void handleLog(final JoinPoint joinPoint, final Exception e, Object jsonResult, Long time) {
@@ -207,7 +207,9 @@ public class OperLogAspect {
             sysLog.setOperTime(DateTimeHelper.getNowTime());
             sysLog.setLogType(3);
         }
-
+        if(log==null){
+            return ;
+        }
         // 是否需要保存request，参数和值
         if (log.isSaveRequestData()) {
             // 获取参数的信息，传入到数据库中。

securitycontrol-commons/securitycontrol-commons-redis/src/main/java/com/securitycontrol/common/redis/service/RedisService.java

@@ -8,6 +8,7 @@ import java.util.Set;
 import java.util.concurrent.TimeUnit;
 
 import lombok.extern.slf4j.Slf4j;
+import org.omg.CORBA.INTERNAL;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.redis.core.BoundSetOperations;
 import org.springframework.data.redis.core.HashOperations;
@@ -91,6 +92,34 @@ public class RedisService
         return redisTemplate.getExpire(key);
     }
 
+
+    /**
+     * 获取有效时间
+     *
+     * @param key Redis键
+     * @return 有效时间
+     */
+    public long  getExpireTimes(final String key) {
+        try{
+            long time= redisTemplate.getExpire(key);
+            if(time>240){
+                return 5;
+            }else if(time>180){
+                return 4;
+            }else if(time>120){
+                return 3;
+            }else if(time>60){
+                return 2;
+            }else{
+                return 1;
+            }
+        }catch (Exception e){
+            log.error(e.toString(),e);
+        }
+            return 0;
+    }
+
+
     /**
      * 判断 key是否存在
      *
@@ -337,7 +366,22 @@ public class RedisService
         }
         return "";
     }
-
+    /**
+     * 普通缓存获取
+     * @param key 键
+     * @return 值
+     */
+    public Integer getIntVal(String key){
+        try{
+            Object  object=redisTemplate.opsForValue().get(key);
+            if(object!=null){
+                return  (Integer) object;
+            }
+        }catch (Exception e){
+            log.error(e.toString());
+        }
+        return 0;
+    }
 
     /**
      * 获取指定key的缓存

securitycontrol-commons/securitycontrol-commons-security/src/main/java/com/securitycontrol/common/security/interceptor/ParamSecureHandler.java

@@ -52,9 +52,16 @@ public class ParamSecureHandler implements AsyncHandlerInterceptor {
      * 放权的请求 -公共的请求
      */
     public static String WHITE_URL="/sys/select/";
-
+    /**
+     * 白名单路径
+     */
     public  static String[] WHITE_URLS= new String[]{"/sys/sysLog/addLogs"};
 
+    /**
+     * 大屏路径拦截
+     */
+    public  static String[] SC_URL= new String[]{"/largeScreen/xcIndex/"};
+
 
     private final String whiteURL = "http://127.0.0.1:18080/";
 
@@ -151,7 +158,7 @@ public class ParamSecureHandler implements AsyncHandlerInterceptor {
         }*/
         try{
             if (!checkIsYq(request, requestWrapper)) {
-                returnJson(response, "越权访问,接口未授权", 500);
+                returnJson(response, "越权访问,接口未授权", 401);
                 return false;
             }
         }catch (Exception e){
@@ -180,8 +187,8 @@ public class ParamSecureHandler implements AsyncHandlerInterceptor {
      */
     private boolean checkIsYq(HttpServletRequest request, XssRequestWrapper requestWrapper) throws Exception {
         String requestUri = request.getRequestURI();
-        if(Arrays.binarySearch(WHITE_URLS,requestUri)>0){
+        if(Arrays.asList(WHITE_URLS).contains(requestUri)){
-            return false;
+            return true;
         }
         String[] urls=requestUri.split(ur);
         if(urls.length>4){
@@ -189,7 +196,9 @@ public class ParamSecureHandler implements AsyncHandlerInterceptor {
         }else {
            String selected=ur+urls[1]+ur+urls[2]+ur;
             if(selected.equals(WHITE_URL)){
-                return false;
+                return true;
+            }else  if(Arrays.asList(SC_URL).contains(selected)){
+                  requestUri=selected;
             }
         }
         Boolean result = false;

securitycontrol-gateway/src/main/resources/bootstrap.yml

@@ -49,5 +49,5 @@ endpoints:
   env:
     enable: false
 system:
-  jm: false
+  jm: true
 

securitycontrol-model/securitycontrol-screen/src/main/java/com/securitycontrol/screen/controller/PersonnelControlController.java

@@ -21,7 +21,7 @@ import java.util.ArrayList;
 import java.util.List;
 
 /**
- * 作业环境
+ * 人员管控
  * @author jjLv
  */
 @RestController

securitycontrol-model/securitycontrol-system/src/main/java/com/securitycontrol/system/base/controller/SysLogController.java

@@ -166,13 +166,13 @@ public class SysLogController extends BaseController {
     }
 
 
-    @ApiOperation(value = "查询日志溶剂")
+    @ApiOperation(value = "查询日志统计分析")
     @PostMapping("getLogStatistics")
     @Log(title = "审计日志", menu = "审计日志->日志分析", grade = OperationType.QUERY_BUSINESS, details = "查询日志分析", type = "系统日志")
     public Result<Map<String,Object>> getLogStatistics(@RequestBody SysLog dto) {
         return  service.getLogStatistics(dto);
     }
-    @ApiOperation(value = "查询日志溶剂")
+    @ApiOperation(value = "查询日志告警")
     @PostMapping("logWarn")
     public Result<Map<String,Object>> logWarn() {
         return  service.logWarn();

securitycontrol-model/securitycontrol-system/src/main/java/com/securitycontrol/system/base/mapper/ISysLogMapper.java

@@ -98,4 +98,12 @@ public interface ISysLogMapper {
      * @return
      */
     String getModuleName(SysLog sysLog);
+
+    /**
+     * 检查模块是否存在
+     * @param sysLog
+     * @return
+     */
+    String getModuleIsc(SysLog sysLog);
+
 }

securitycontrol-model/securitycontrol-system/src/main/java/com/securitycontrol/system/base/service/impl/SysLogServiceImpl.java

@@ -6,13 +6,16 @@ import com.securitycontrol.common.core.utils.aes.DateTimeHelper;
 import com.securitycontrol.common.core.utils.aes.ListHelper;
 import com.securitycontrol.common.core.utils.aes.StringHelper;
 import com.securitycontrol.common.core.utils.ip.IpUtils;
+import com.securitycontrol.common.core.utils.uuid.IdUtils;
 import com.securitycontrol.common.core.web.domain.AjaxResult;
 import com.securitycontrol.common.security.utils.SecurityUtils;
 import com.securitycontrol.entity.system.SystemGlobal;
 import com.securitycontrol.system.api.domain.SysLog;
+import com.securitycontrol.system.api.model.LoginUser;
 import com.securitycontrol.system.base.mapper.ISysLogMapper;
 import com.securitycontrol.system.base.service.ISysLogService;
 import lombok.extern.slf4j.Slf4j;
+import org.bouncycastle.est.CACertsResponse;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.transaction.interceptor.TransactionAspectSupport;
@@ -72,6 +75,7 @@ public class SysLogServiceImpl implements ISysLogService {
     public void addLogs(SysLog sysLog, HttpServletRequest request) {
             try{
                 sysLog.setFruit("失败");
+                sysLog.setLogId(IdUtils.getuid());
                 sysLog.setIp(IpUtils.getIpAddr(request));
                 sysLog.setGrade("高");
                 sysLog.setErrType("越权访问");
@@ -79,13 +83,21 @@ public class SysLogServiceImpl implements ISysLogService {
                 sysLog.setOperType("查询");
                 sysLog.setOperateDetail("查看页面");
                 String module=mapper.getModuleName(sysLog);
-                sysLog.setLogType(1);
+                sysLog.setLogType(2);
                 sysLog.setResult(0);
                 sysLog.setOperTime(DateTimeHelper.getNowTime());
                 sysLog.setModel(module);
-                sysLog.setUserId(SecurityUtils.getUserId());
+                LoginUser user= SecurityUtils.getLoginUser();
-                sysLog.setOperaUserName(SecurityUtils.getUsername());
+                sysLog.setUserId(user.getUserid());
+                sysLog.setOperaUserName(user.getUsername());
+
+                String modules=mapper.getModuleIsc(sysLog);
+                if(StringHelper.isNotEmpty(module)){
+                    if(StringHelper.isEmpty(module)){
+                        sysLog.setModel(modules);
+                    }
                     mapper.saveLogs(sysLog);
+                }
             }catch (Exception e){
                 log.error(e.toString(),e);
             }
@@ -134,6 +146,14 @@ public class SysLogServiceImpl implements ISysLogService {
     @Override
     public Result<String> setLogsSet(String capacity) {
         try{
+            if(StringHelper.isNotEmpty(capacity)){
+                if(SystemGlobal.ERR_NUM.equals(capacity.toUpperCase())){
+                    return Result.fail("请输入数字");
+                }
+            }else{
+                  return Result.fail("日志容量最低是1024Mb");
+            }
+
             Double cap=Double.parseDouble(capacity);
             if(cap<SystemGlobal.LOG_DEFEAT){
                 return Result.fail("日志容量最低是1024Mb");
@@ -153,7 +173,7 @@ public class SysLogServiceImpl implements ISysLogService {
             log.error(e.toString(),e);
             return Result.fail("系统异常");
         }
-        return  Result.ok("设置成功");
+        return  Result.ok("设置成功","'设置成功'");
     }
 
     /**
@@ -177,8 +197,9 @@ public class SysLogServiceImpl implements ISysLogService {
             List<SysLog> all=mapper.getAllLogs(dto);
            if(ListHelper.isNotEmpty(all)){
                int allNum= all.stream().mapToInt(SysLog::getNum).sum();
+               map.put("allNum",allNum);
                all.forEach(vo->{
-                   if(SUCCESS.equals(vo.getResult())){
+                   if(SUCCESS.equals(vo.getFruit())){
                        map.put("sNum",vo.getNum());
                    }else {
                        map.put("eNum",vo.getNum());

securitycontrol-model/securitycontrol-system/src/main/resources/mapper/base/SysLogMapper.xml

@@ -56,23 +56,32 @@
                 oper_time operTime,method,params,result fruit,
                 operate_detail operateDetail,oper_type operType,oper_uri  operUri,
                 log_type logType,failure_reason failureReason,grade,
-                err_type errType,method_type methodType
+                err_type errType,method_type methodType,times
                 from sys_logs
             where    log_type=#{logType}
             <if test="operaUserName!=null and operaUserName!=''">
-                and opera_user_name LIKE CONCTA('%',#{operaUserName},'%')
+                and opera_user_name LIKE concat('%',#{operaUserName},'%')
             </if>
             <if test="model!=null and model!=''">
-                and model LIKE CONCTA('%',#{model},'%')
+                and model LIKE concat('%',#{model},'%')
+            </if>
+            <if test="operType!=null and operType!=''">
+                 and oper_type LIKE concat('%',#{operType},'%')
             </if>
             <if test="params!=null and params!=''">
-                and params LIKE CONCTA('%',#{params},'%')
+                and params LIKE concat('%',#{params},'%')
             </if>
-            <if test="result!=null and result!=''">
+            <if test="fruit!=null and fruit!=''">
-                and result =#{result}
+                and result =#{fruit}
+            </if>
+            <if test="errType!=null and errType!=''">
+                and err_type=#{errType}
+            </if>
+            <if test="grade!=null and grade!=''">
+                and grade=#{grade}
             </if>
             <if test="endTime!=null and endTime!=''">
-                and  oper_time  BETWEEN CONCAT(#{startTime}, ' 00:00:00') AND CONCAT(#{endTime},' 23:59:59')
+                and  oper_time  BETWEEN concat(#{startTime}, ' 00:00:00') AND concat(#{endTime},' 23:59:59')
             </if>
             <if test="ip!=null and ip!=''">
                 and ip=#{ip}
@@ -111,7 +120,7 @@
             FROM sys_logs
             where  log_type=#{logType}
             <if test="endTime!=null and endTime!=''">
-                and  oper_time  BETWEEN CONCAT(#{startTime}, ' 00:00:00') AND CONCAT(#{endTime},' 23:59:59')
+                and  oper_time  BETWEEN concat(#{startTime}, ' 00:00:00') AND CONCAT(#{endTime},' 23:59:59')
             </if>
     </select>
     <select id="getLogsList" resultType="com.securitycontrol.system.api.domain.SysLog">
@@ -146,7 +155,7 @@
     </select>
 
     <select id="getAllLogs" resultType="com.securitycontrol.system.api.domain.SysLog">
-        select count(1) num,result
+        select count(1) num,result fruit
                 from sys_logs
                  where   oper_time  BETWEEN CONCAT(#{startTime}, ' 00:00:00') AND CONCAT(#{endTime},' 23:59:59')
                 GROUP BY result
@@ -159,4 +168,11 @@
             where sm2.menu_url=#{operUri}
             limit 1
     </select>
+
+    <select id="getModuleIsc" resultType="java.lang.String">
+        select menu_name
+        from  sys_menu  sm
+         where sm.menu_url=#{operUri}
+        limit 1
+    </select>
 </mapper>