审计日志修改
This commit is contained in:
parent
55762491ce
commit
47f9e0a593
|
|
@ -7,6 +7,7 @@ import com.securitycontrol.common.core.enums.UserStatus;
|
|||
import com.securitycontrol.common.core.exception.ServiceException;
|
||||
import com.securitycontrol.common.core.utils.ServletUtils;
|
||||
import com.securitycontrol.common.core.utils.StringUtils;
|
||||
import com.securitycontrol.common.core.utils.aes.StringHelper;
|
||||
import com.securitycontrol.common.core.utils.ip.IpUtils;
|
||||
import com.securitycontrol.common.redis.service.RedisService;
|
||||
import com.securitycontrol.system.api.RemoteUserService;
|
||||
|
|
@ -80,22 +81,28 @@ public class SysLoginService
|
|||
recordLogService.recordLogininfor(username,null,"用户登录","对不起,您的账号:" + username + " 已锁定",1,0,"username="+username,startTime);
|
||||
throw new ServiceException("对不起,您的账号:" + username + " 已锁定",201);
|
||||
}
|
||||
if(StringUtils.isEmpty(loginType) && !user.getLoginType().contains(Constant.BACK_LOGIN)){
|
||||
recordLogService.recordLogininfor(username,null,"用户登录","账号无权限",1,0,"username="+username,startTime);
|
||||
|
||||
if(StringHelper.isEmpty(loginType)){
|
||||
if(!user.getLoginType().contains(Constant.BACK_LOGIN)){
|
||||
recordLogService.recordLogininfor(username,null,"用户登录","无登录后台权限",1,0,"username="+username,startTime);
|
||||
throw new ServiceException("对不起,您的账号:" + username + " 无登录后台权限",201);
|
||||
}
|
||||
if(StringUtils.isNotEmpty(loginType) && !user.getLoginType().contains(Constant.SC_SCREEN)){
|
||||
recordLogService.recordLogininfor(username,null,"省侧大屏用户登录","账号无权限",1,0,"username="+username,startTime);
|
||||
}else if(Constant.SC_SCREEN.equals(loginType)){
|
||||
if(!user.getLoginType().contains(Constant.SC_SCREEN)){
|
||||
recordLogService.recordLogininfor(username,null,"省侧大屏用户登录","无登录省侧大屏权限",1,0,"username="+username,startTime);
|
||||
throw new ServiceException("对不起,您的账号:" + username + " 无登录省侧大屏权限",201);
|
||||
}
|
||||
if(StringUtils.isEmpty(loginType) && !user.getLoginType().contains(Constant.SG_SCREEN)){
|
||||
recordLogService.recordLogininfor(username,null,"施工大屏用户登录","账号无权限",1,0,"username="+username,startTime);
|
||||
}else if(Constant.SG_SCREEN.equals(loginType)){
|
||||
if(!user.getLoginType().contains(Constant.SG_SCREEN)){
|
||||
recordLogService.recordLogininfor(username,null,"施工大屏用户登录","无登录施工大屏权限",1,0,"username="+username,startTime);
|
||||
throw new ServiceException("对不起,您的账号:" + username + " 无登录施工大屏权限",201);
|
||||
}
|
||||
if(StringUtils.isEmpty(loginType) && !user.getLoginType().contains(Constant.APP_LOGIN)){
|
||||
recordLogService.recordLogininfor(username,null,"APP用户登录","账号无权限",1,0,"username="+username,startTime);
|
||||
}else if(Constant.APP_LOGIN.equals(loginType)){
|
||||
if(!user.getLoginType().contains(Constant.APP_LOGIN)){
|
||||
recordLogService.recordLogininfor(username,null,"APP用户登录","无登录APP权限",1,0,"username="+username,startTime);
|
||||
throw new ServiceException("对不起,您的账号:" + username + " 无登录APP权限",201);
|
||||
}
|
||||
}
|
||||
passwordService.validate(user, password);
|
||||
Result<List<SysMenu>> menu = remoteUserService.getAllMenuList(user.getUserId()+"", SecurityConstants.INNER);
|
||||
list = handleMenuList(menu.getData(),loginType);
|
||||
|
|
@ -105,7 +112,7 @@ public class SysLoginService
|
|||
if(ip.equals(hisIp)){
|
||||
redisUtil.set("username",ip,times);
|
||||
}else{
|
||||
recordLogService.errorLogs(username,null,"用户登录","IP异常",1,0,"username="+username,startTime);
|
||||
recordLogService.errorLogs(username,user.getUserId(),"用户登录","IP异常",1,1,"username="+username,startTime);
|
||||
}
|
||||
recordLogService.recordLogininfor(username,user.getUserId(), "用户登录", "登录成功",1,1,"username="+username,startTime);
|
||||
remoteUserService.updateUserLogin(user.getUserId(),SecurityConstants.INNER);
|
||||
|
|
|
|||
|
|
@ -10,6 +10,8 @@ import com.securitycontrol.common.redis.service.RedisService;
|
|||
import com.securitycontrol.common.security.utils.SecurityUtils;
|
||||
import com.securitycontrol.system.api.domain.SysUser;
|
||||
|
||||
import javax.annotation.Resource;
|
||||
|
||||
/**
|
||||
* 登录密码方法
|
||||
*
|
||||
|
|
@ -18,9 +20,13 @@ import com.securitycontrol.system.api.domain.SysUser;
|
|||
@Component
|
||||
public class SysPasswordService
|
||||
{
|
||||
@Autowired
|
||||
@Resource
|
||||
private RedisService redisService;
|
||||
|
||||
public int ERROR_TIMES=5;
|
||||
|
||||
public int LOCK_TIMES=5*60;
|
||||
|
||||
private int maxRetryCount = CacheConstants.PASSWORD_MAX_RETRY_COUNT;
|
||||
|
||||
private Long lockTime = CacheConstants.PASSWORD_LOCK_TIME;
|
||||
|
|
@ -41,21 +47,28 @@ public class SysPasswordService
|
|||
|
||||
public void validate(SysUser user, String password)
|
||||
{
|
||||
long startTime = System.currentTimeMillis();
|
||||
String username = user.getUserName();
|
||||
Integer retryCount = redisService.getCacheObject(getCacheKey(username));
|
||||
if (retryCount == null) {
|
||||
retryCount = 0;
|
||||
}
|
||||
Integer retryCount=redisService.getIntVal(username);
|
||||
if(retryCount>ERROR_TIMES){
|
||||
long time=redisService.getExpireTimes(username);
|
||||
recordLogService.recordLogininfor(username,user.getUserId(),"用户登录","账号被锁定",1,0,"username="+username,startTime);
|
||||
throw new ServiceException("账号已锁定,请"+time+"分钟后重试",201);
|
||||
}else{
|
||||
if (!matches(user, password)) {
|
||||
retryCount = retryCount + 1;
|
||||
recordLogService.recordLogininfor(username,user.getUserId(),"用户登录", String.format("密码输入错误%s次", retryCount),1,0,"username="+username);
|
||||
redisService.setCacheObject(getCacheKey(username), retryCount, lockTime, TimeUnit.MINUTES);
|
||||
recordLogService.recordLogininfor(username,user.getUserId(),"用户登录", String.format("密码输入错误%s次", retryCount),1,0,"username="+username,startTime);
|
||||
redisService.set(username, retryCount, LOCK_TIMES);
|
||||
throw new ServiceException("用户不存在/密码错误",201);
|
||||
|
||||
} else {
|
||||
redisService.deleteObject(username);
|
||||
clearLoginRecordCache(username);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
public boolean matches(SysUser user, String rawPassword)
|
||||
{
|
||||
return SecurityUtils.matchesPassword(rawPassword, user.getPassword());
|
||||
|
|
|
|||
|
|
@ -44,8 +44,18 @@ public class Constant {
|
|||
|
||||
public final static String SG_SCREEN = "2";
|
||||
public final static String SG_SCREEN_NAME = "施工大屏";
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public final static String SC_SCREEN = "1";
|
||||
/**
|
||||
* APP
|
||||
*/
|
||||
|
||||
public final static String APP_LOGIN = "3";
|
||||
/**
|
||||
* 后台
|
||||
*/
|
||||
public final static String BACK_LOGIN = "4";
|
||||
public final static String SC_SCREEN_NAME = "省侧大屏";
|
||||
public final static String ADMINISTRATORS = "administrators";
|
||||
|
|
|
|||
|
|
@ -14,6 +14,9 @@ public class SystemGlobal {
|
|||
* 线路工程类型
|
||||
*/
|
||||
public final static String LINE_TYPE="线路";
|
||||
|
||||
public final static String ERR_NUM="NAN";
|
||||
|
||||
/**
|
||||
* 预案类型
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -97,7 +97,7 @@ public class OperLogAspect {
|
|||
|
||||
@AfterThrowing(pointcut = "operExceptionLogPointCut()", throwing = "e")
|
||||
public void logAfterThrowing(JoinPoint joinPoint, Exception e) {
|
||||
handleLog(joinPoint, e, null, null);
|
||||
// handleLog(joinPoint, e, null, null);
|
||||
}
|
||||
|
||||
protected void handleLog(final JoinPoint joinPoint, final Exception e, Object jsonResult, Long time) {
|
||||
|
|
@ -207,7 +207,9 @@ public class OperLogAspect {
|
|||
sysLog.setOperTime(DateTimeHelper.getNowTime());
|
||||
sysLog.setLogType(3);
|
||||
}
|
||||
|
||||
if(log==null){
|
||||
return ;
|
||||
}
|
||||
// 是否需要保存request,参数和值
|
||||
if (log.isSaveRequestData()) {
|
||||
// 获取参数的信息,传入到数据库中。
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@ import java.util.Set;
|
|||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.omg.CORBA.INTERNAL;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.data.redis.core.BoundSetOperations;
|
||||
import org.springframework.data.redis.core.HashOperations;
|
||||
|
|
@ -91,6 +92,34 @@ public class RedisService
|
|||
return redisTemplate.getExpire(key);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* 获取有效时间
|
||||
*
|
||||
* @param key Redis键
|
||||
* @return 有效时间
|
||||
*/
|
||||
public long getExpireTimes(final String key) {
|
||||
try{
|
||||
long time= redisTemplate.getExpire(key);
|
||||
if(time>240){
|
||||
return 5;
|
||||
}else if(time>180){
|
||||
return 4;
|
||||
}else if(time>120){
|
||||
return 3;
|
||||
}else if(time>60){
|
||||
return 2;
|
||||
}else{
|
||||
return 1;
|
||||
}
|
||||
}catch (Exception e){
|
||||
log.error(e.toString(),e);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* 判断 key是否存在
|
||||
*
|
||||
|
|
@ -337,7 +366,22 @@ public class RedisService
|
|||
}
|
||||
return "";
|
||||
}
|
||||
|
||||
/**
|
||||
* 普通缓存获取
|
||||
* @param key 键
|
||||
* @return 值
|
||||
*/
|
||||
public Integer getIntVal(String key){
|
||||
try{
|
||||
Object object=redisTemplate.opsForValue().get(key);
|
||||
if(object!=null){
|
||||
return (Integer) object;
|
||||
}
|
||||
}catch (Exception e){
|
||||
log.error(e.toString());
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
/**
|
||||
* 获取指定key的缓存
|
||||
|
|
|
|||
|
|
@ -52,9 +52,16 @@ public class ParamSecureHandler implements AsyncHandlerInterceptor {
|
|||
* 放权的请求 -公共的请求
|
||||
*/
|
||||
public static String WHITE_URL="/sys/select/";
|
||||
|
||||
/**
|
||||
* 白名单路径
|
||||
*/
|
||||
public static String[] WHITE_URLS= new String[]{"/sys/sysLog/addLogs"};
|
||||
|
||||
/**
|
||||
* 大屏路径拦截
|
||||
*/
|
||||
public static String[] SC_URL= new String[]{"/largeScreen/xcIndex/"};
|
||||
|
||||
|
||||
private final String whiteURL = "http://127.0.0.1:18080/";
|
||||
|
||||
|
|
@ -151,7 +158,7 @@ public class ParamSecureHandler implements AsyncHandlerInterceptor {
|
|||
}*/
|
||||
try{
|
||||
if (!checkIsYq(request, requestWrapper)) {
|
||||
returnJson(response, "越权访问,接口未授权", 500);
|
||||
returnJson(response, "越权访问,接口未授权", 401);
|
||||
return false;
|
||||
}
|
||||
}catch (Exception e){
|
||||
|
|
@ -180,8 +187,8 @@ public class ParamSecureHandler implements AsyncHandlerInterceptor {
|
|||
*/
|
||||
private boolean checkIsYq(HttpServletRequest request, XssRequestWrapper requestWrapper) throws Exception {
|
||||
String requestUri = request.getRequestURI();
|
||||
if(Arrays.binarySearch(WHITE_URLS,requestUri)>0){
|
||||
return false;
|
||||
if(Arrays.asList(WHITE_URLS).contains(requestUri)){
|
||||
return true;
|
||||
}
|
||||
String[] urls=requestUri.split(ur);
|
||||
if(urls.length>4){
|
||||
|
|
@ -189,7 +196,9 @@ public class ParamSecureHandler implements AsyncHandlerInterceptor {
|
|||
}else {
|
||||
String selected=ur+urls[1]+ur+urls[2]+ur;
|
||||
if(selected.equals(WHITE_URL)){
|
||||
return false;
|
||||
return true;
|
||||
}else if(Arrays.asList(SC_URL).contains(selected)){
|
||||
requestUri=selected;
|
||||
}
|
||||
}
|
||||
Boolean result = false;
|
||||
|
|
|
|||
|
|
@ -49,5 +49,5 @@ endpoints:
|
|||
env:
|
||||
enable: false
|
||||
system:
|
||||
jm: false
|
||||
jm: true
|
||||
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ import java.util.ArrayList;
|
|||
import java.util.List;
|
||||
|
||||
/**
|
||||
* 作业环境
|
||||
* 人员管控
|
||||
* @author jjLv
|
||||
*/
|
||||
@RestController
|
||||
|
|
|
|||
|
|
@ -166,13 +166,13 @@ public class SysLogController extends BaseController {
|
|||
}
|
||||
|
||||
|
||||
@ApiOperation(value = "查询日志溶剂")
|
||||
@ApiOperation(value = "查询日志统计分析")
|
||||
@PostMapping("getLogStatistics")
|
||||
@Log(title = "审计日志", menu = "审计日志->日志分析", grade = OperationType.QUERY_BUSINESS, details = "查询日志分析", type = "系统日志")
|
||||
public Result<Map<String,Object>> getLogStatistics(@RequestBody SysLog dto) {
|
||||
return service.getLogStatistics(dto);
|
||||
}
|
||||
@ApiOperation(value = "查询日志溶剂")
|
||||
@ApiOperation(value = "查询日志告警")
|
||||
@PostMapping("logWarn")
|
||||
public Result<Map<String,Object>> logWarn() {
|
||||
return service.logWarn();
|
||||
|
|
|
|||
|
|
@ -98,4 +98,12 @@ public interface ISysLogMapper {
|
|||
* @return
|
||||
*/
|
||||
String getModuleName(SysLog sysLog);
|
||||
|
||||
/**
|
||||
* 检查模块是否存在
|
||||
* @param sysLog
|
||||
* @return
|
||||
*/
|
||||
String getModuleIsc(SysLog sysLog);
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,13 +6,16 @@ import com.securitycontrol.common.core.utils.aes.DateTimeHelper;
|
|||
import com.securitycontrol.common.core.utils.aes.ListHelper;
|
||||
import com.securitycontrol.common.core.utils.aes.StringHelper;
|
||||
import com.securitycontrol.common.core.utils.ip.IpUtils;
|
||||
import com.securitycontrol.common.core.utils.uuid.IdUtils;
|
||||
import com.securitycontrol.common.core.web.domain.AjaxResult;
|
||||
import com.securitycontrol.common.security.utils.SecurityUtils;
|
||||
import com.securitycontrol.entity.system.SystemGlobal;
|
||||
import com.securitycontrol.system.api.domain.SysLog;
|
||||
import com.securitycontrol.system.api.model.LoginUser;
|
||||
import com.securitycontrol.system.base.mapper.ISysLogMapper;
|
||||
import com.securitycontrol.system.base.service.ISysLogService;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.bouncycastle.est.CACertsResponse;
|
||||
import org.springframework.stereotype.Service;
|
||||
import org.springframework.transaction.annotation.Transactional;
|
||||
import org.springframework.transaction.interceptor.TransactionAspectSupport;
|
||||
|
|
@ -72,6 +75,7 @@ public class SysLogServiceImpl implements ISysLogService {
|
|||
public void addLogs(SysLog sysLog, HttpServletRequest request) {
|
||||
try{
|
||||
sysLog.setFruit("失败");
|
||||
sysLog.setLogId(IdUtils.getuid());
|
||||
sysLog.setIp(IpUtils.getIpAddr(request));
|
||||
sysLog.setGrade("高");
|
||||
sysLog.setErrType("越权访问");
|
||||
|
|
@ -79,13 +83,21 @@ public class SysLogServiceImpl implements ISysLogService {
|
|||
sysLog.setOperType("查询");
|
||||
sysLog.setOperateDetail("查看页面");
|
||||
String module=mapper.getModuleName(sysLog);
|
||||
sysLog.setLogType(1);
|
||||
sysLog.setLogType(2);
|
||||
sysLog.setResult(0);
|
||||
sysLog.setOperTime(DateTimeHelper.getNowTime());
|
||||
sysLog.setModel(module);
|
||||
sysLog.setUserId(SecurityUtils.getUserId());
|
||||
sysLog.setOperaUserName(SecurityUtils.getUsername());
|
||||
LoginUser user= SecurityUtils.getLoginUser();
|
||||
sysLog.setUserId(user.getUserid());
|
||||
sysLog.setOperaUserName(user.getUsername());
|
||||
|
||||
String modules=mapper.getModuleIsc(sysLog);
|
||||
if(StringHelper.isNotEmpty(module)){
|
||||
if(StringHelper.isEmpty(module)){
|
||||
sysLog.setModel(modules);
|
||||
}
|
||||
mapper.saveLogs(sysLog);
|
||||
}
|
||||
}catch (Exception e){
|
||||
log.error(e.toString(),e);
|
||||
}
|
||||
|
|
@ -134,6 +146,14 @@ public class SysLogServiceImpl implements ISysLogService {
|
|||
@Override
|
||||
public Result<String> setLogsSet(String capacity) {
|
||||
try{
|
||||
if(StringHelper.isNotEmpty(capacity)){
|
||||
if(SystemGlobal.ERR_NUM.equals(capacity.toUpperCase())){
|
||||
return Result.fail("请输入数字");
|
||||
}
|
||||
}else{
|
||||
return Result.fail("日志容量最低是1024Mb");
|
||||
}
|
||||
|
||||
Double cap=Double.parseDouble(capacity);
|
||||
if(cap<SystemGlobal.LOG_DEFEAT){
|
||||
return Result.fail("日志容量最低是1024Mb");
|
||||
|
|
@ -153,7 +173,7 @@ public class SysLogServiceImpl implements ISysLogService {
|
|||
log.error(e.toString(),e);
|
||||
return Result.fail("系统异常");
|
||||
}
|
||||
return Result.ok("设置成功");
|
||||
return Result.ok("设置成功","'设置成功'");
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -177,8 +197,9 @@ public class SysLogServiceImpl implements ISysLogService {
|
|||
List<SysLog> all=mapper.getAllLogs(dto);
|
||||
if(ListHelper.isNotEmpty(all)){
|
||||
int allNum= all.stream().mapToInt(SysLog::getNum).sum();
|
||||
map.put("allNum",allNum);
|
||||
all.forEach(vo->{
|
||||
if(SUCCESS.equals(vo.getResult())){
|
||||
if(SUCCESS.equals(vo.getFruit())){
|
||||
map.put("sNum",vo.getNum());
|
||||
}else {
|
||||
map.put("eNum",vo.getNum());
|
||||
|
|
|
|||
|
|
@ -56,23 +56,32 @@
|
|||
oper_time operTime,method,params,result fruit,
|
||||
operate_detail operateDetail,oper_type operType,oper_uri operUri,
|
||||
log_type logType,failure_reason failureReason,grade,
|
||||
err_type errType,method_type methodType
|
||||
err_type errType,method_type methodType,times
|
||||
from sys_logs
|
||||
where log_type=#{logType}
|
||||
<if test="operaUserName!=null and operaUserName!=''">
|
||||
and opera_user_name LIKE CONCTA('%',#{operaUserName},'%')
|
||||
and opera_user_name LIKE concat('%',#{operaUserName},'%')
|
||||
</if>
|
||||
<if test="model!=null and model!=''">
|
||||
and model LIKE CONCTA('%',#{model},'%')
|
||||
and model LIKE concat('%',#{model},'%')
|
||||
</if>
|
||||
<if test="operType!=null and operType!=''">
|
||||
and oper_type LIKE concat('%',#{operType},'%')
|
||||
</if>
|
||||
<if test="params!=null and params!=''">
|
||||
and params LIKE CONCTA('%',#{params},'%')
|
||||
and params LIKE concat('%',#{params},'%')
|
||||
</if>
|
||||
<if test="result!=null and result!=''">
|
||||
and result =#{result}
|
||||
<if test="fruit!=null and fruit!=''">
|
||||
and result =#{fruit}
|
||||
</if>
|
||||
<if test="errType!=null and errType!=''">
|
||||
and err_type=#{errType}
|
||||
</if>
|
||||
<if test="grade!=null and grade!=''">
|
||||
and grade=#{grade}
|
||||
</if>
|
||||
<if test="endTime!=null and endTime!=''">
|
||||
and oper_time BETWEEN CONCAT(#{startTime}, ' 00:00:00') AND CONCAT(#{endTime},' 23:59:59')
|
||||
and oper_time BETWEEN concat(#{startTime}, ' 00:00:00') AND concat(#{endTime},' 23:59:59')
|
||||
</if>
|
||||
<if test="ip!=null and ip!=''">
|
||||
and ip=#{ip}
|
||||
|
|
@ -111,7 +120,7 @@
|
|||
FROM sys_logs
|
||||
where log_type=#{logType}
|
||||
<if test="endTime!=null and endTime!=''">
|
||||
and oper_time BETWEEN CONCAT(#{startTime}, ' 00:00:00') AND CONCAT(#{endTime},' 23:59:59')
|
||||
and oper_time BETWEEN concat(#{startTime}, ' 00:00:00') AND CONCAT(#{endTime},' 23:59:59')
|
||||
</if>
|
||||
</select>
|
||||
<select id="getLogsList" resultType="com.securitycontrol.system.api.domain.SysLog">
|
||||
|
|
@ -146,7 +155,7 @@
|
|||
</select>
|
||||
|
||||
<select id="getAllLogs" resultType="com.securitycontrol.system.api.domain.SysLog">
|
||||
select count(1) num,result
|
||||
select count(1) num,result fruit
|
||||
from sys_logs
|
||||
where oper_time BETWEEN CONCAT(#{startTime}, ' 00:00:00') AND CONCAT(#{endTime},' 23:59:59')
|
||||
GROUP BY result
|
||||
|
|
@ -159,4 +168,11 @@
|
|||
where sm2.menu_url=#{operUri}
|
||||
limit 1
|
||||
</select>
|
||||
|
||||
<select id="getModuleIsc" resultType="java.lang.String">
|
||||
select menu_name
|
||||
from sys_menu sm
|
||||
where sm.menu_url=#{operUri}
|
||||
limit 1
|
||||
</select>
|
||||
</mapper>
|
||||
Loading…
Reference in New Issue