Merge branch 'release/v2.3.0' of http://192.168.0.144/dcuc-tjdsj/auth-service into feature-buservice-0621

dcuc-auth-api/src/main/java/com/dragoninfo/dcuc/auth/power/facade/IAppFunInfoFacade.java

@@ -42,7 +42,7 @@ public interface IAppFunInfoFacade {
      * @return
      */
     @GetMapping(value = "getAllTreeList")
-    List<TreeInfoVO> getAllTreeList(@RequestParam("appId") String appId);
+    List<TreeInfoVO> getAllTreeList(@RequestParam("appId") String appId, @RequestParam(value = "isActive", required = false) String isActive);
 
     /**
      * 保存应用菜单

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/audit/enums/AuthenticationNecessaryParamEnum.java

@@ -5,19 +5,32 @@ import com.dragonsoft.duceap.base.enums.ICodeEnum;
 /**
  * @Author: qiuyu
  * @Date: 2021/5/17 10:05
- * @Description:
+ * @Description: 鉴权必要条件不完整风险的必要参数
  */
 public enum AuthenticationNecessaryParamEnum implements ICodeEnum {
 
-    FWJJQ("FWJJQ","服务级鉴权"),
-    GNJJQ("GNJJQ","功能级鉴权"),
-    YYJJQ("YYJJQ","应用级鉴权"),
-    SJJJQ("SJJJQ","数据级鉴权"),
+    YHLP("YHLP", "用户令牌"),
+    YYLP("YYLP", "应用令牌"),
+    LPZX("LPZX", "令牌在线"),
+    QMWBCG("QMWBCG", "签名未被篡改"),
+    YWRWXX("YWRWXX", "业务任务信息"),
+    HJXX("HJXX", "环境信息"),
+    DYFWXX("DYFWXX", "调用服务信息"),
     ;
 
     private String value;
     private String label;
 
+    public static String getLabel(String value) {
+        AuthenticationNecessaryParamEnum[] values = values();
+        for (AuthenticationNecessaryParamEnum typeEnum : values) {
+            if (typeEnum.getValue().equals(value)) {
+                return typeEnum.getLabel();
+            }
+        }
+        return null;
+    }
+
     AuthenticationNecessaryParamEnum(String value, String label) {
         this.value = value;
         this.label = label;

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/audit/enums/AuthenticationTypeEnum.java

@@ -5,32 +5,19 @@ import com.dragonsoft.duceap.base.enums.ICodeEnum;
 /**
  * @Author: qiuyu
  * @Date: 2021/5/17 10:05
- * @Description: 鉴权必要条件不完整风险的必要参数
+ * @Description:
  */
 public enum AuthenticationTypeEnum implements ICodeEnum {
 
-    YHLP("YHLP", "用户令牌"),
-    YYLP("YYLP", "应用令牌"),
-    LPZX("LPZX", "令牌在线"),
-    QMWBCG("QMWBCG", "签名未被篡改"),
-    YWRWXX("YWRWXX", "业务任务信息"),
-    HJXX("HJXX", "环境信息"),
-    DYFWXX("DYFWXX", "调用服务信息"),
+    FWJJQ("FWJJQ","服务级鉴权"),
+    GNJJQ("GNJJQ","功能级鉴权"),
+    YYJJQ("YYJJQ","应用级鉴权"),
+    SJJJQ("SJJJQ","数据级鉴权"),
     ;
 
     private String value;
     private String label;
 
-    public static String getLabel(String value) {
-        AuthenticationTypeEnum[] values = values();
-        for (AuthenticationTypeEnum typeEnum : values) {
-            if (typeEnum.getValue().equals(value)) {
-                return typeEnum.getLabel();
-            }
-        }
-        return null;
-    }
-
     AuthenticationTypeEnum(String value, String label) {
         this.value = value;
         this.label = label;

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/sub/dto/AuthUserDTO.java

@@ -63,6 +63,12 @@ public class AuthUserDTO {
     @ApiModelProperty(value = "人员身份类型")
     private String manType;
 
+    /**
+     * 辅警类型 （10：合同工、20：聘用、 30：事业编、 90：其它）
+     */
+    @ApiModelProperty(value = "辅警类型 （10：合同工、20：聘用、 30：事业编、 90：其它）")
+    private String auxiliaryType;
+
     /**
      * 警种
      */

dcuc-auth-service/pom.xml

@@ -163,11 +163,11 @@
             <artifactId>spring-retry</artifactId>
         </dependency>
 
-        <dependency>
+<!--        <dependency>
             <groupId>com.dragonsoft</groupId>
             <artifactId>audit-log-collection-common</artifactId>
             <version>1.0.0-SNAPSHOT</version>
-        </dependency>
+        </dependency>-->
 
 <!--        <dependency>-->
 <!--            <groupId>com.dragonsoft</groupId>-->

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/facade/RiskProgrammeFacade.java

@@ -102,7 +102,7 @@ public class RiskProgrammeFacade implements IRiskProgrammeFacade {
             detectLogService.checkShorttimeFrequentRule(taskInfo.getLastDate(), taskInfo.getCurDate());
         }
 
-        if (taskInfo.getType().equals(RiskProgrammeTypeEnum.DSJPFJQFX.getValue())) {
+        if (taskInfo.getType().equals(RiskProgrammeTypeEnum.DSJPFHBMDMZFX.getValue())) {
             detectLogService.checkNamelistFrequentRule(taskInfo.getLastDate(), taskInfo.getCurDate());
         }
 

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/listener/AuditlogEventHandler.java

@@ -1,45 +0,0 @@
-package com.dragoninfo.dcuc.auth.audit.listener;
-
-import com.alibaba.fastjson.JSON;
-import com.dragonsoft.auditlog.collection.handler.IEventHandler;
-import com.dragonsoft.auditlog.collection.pojo.MsgInfo;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.stereotype.Component;
-
-/**
- * @Author: qiuyu
- * @Date: 2021/6/3 11:19
- * @Description:
- */
-@Component
-public class AuditlogEventHandler implements IEventHandler {
-
-    private Logger logger = LoggerFactory.getLogger(AuditlogEventHandler.class);
-
-    @Override
-    public void handler(MsgInfo data) {
-        String actionType = data.getActionType();//对应埋点注解中的actionType
-
-        //人员视图保存, 功能/应用授权
-        if (actionType.equals("USER_ROLE_AUTH_SAVE")) {
-            logger.info("人员视图保存, 功能/应用授权,内容：{}", JSON.toJSONString(data));
-        }
-
-        //角色视图保存, 功能/应用销权
-        if (actionType.equals("USER_ROLE_AUTH_DEL")) {
-            logger.info("角色视图保存, 功能/应用销权,内容：{}", JSON.toJSONString(data));
-        }
-
-        //服务保存, 服务授权
-        if (actionType.equals("SERVICE_AUTH_SAVE")) {
-            logger.info("服务保存, 服务授权,内容：{}", JSON.toJSONString(data));
-        }
-
-        //服务删除, 服务销权
-        if (actionType.equals("SERVICE_AUTH_DEL")) {
-            logger.info("服务删除, 服务销权,内容：{}", JSON.toJSONString(data));
-        }
-
-    }
-}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/service/DetectLogService.java

@@ -7,11 +7,13 @@ import com.dragoninfo.dcuc.auth.audit.dto.LogErrContentDto;
 import com.dragoninfo.dcuc.auth.audit.dto.riskrule.NamelistFrequentRule;
 import com.dragoninfo.dcuc.auth.audit.dto.warningrule.ExceptionTimeRule;
 import com.dragoninfo.dcuc.auth.audit.entity.*;
-import com.dragoninfo.dcuc.auth.audit.enums.AuthenticationNecessaryParamEnum;
 import com.dragoninfo.dcuc.auth.audit.enums.AuthenticationTypeEnum;
+import com.dragoninfo.dcuc.auth.audit.enums.AuthenticationNecessaryParamEnum;
 import com.dragoninfo.dcuc.auth.audit.enums.RiskProgrammeTypeEnum;
 import com.dragoninfo.dcuc.auth.audit.enums.WarningProgrammeTypeEnum;
 import com.google.common.base.Joiner;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.springframework.util.StringUtils;
@@ -29,6 +31,7 @@ import java.util.stream.Collectors;
 @Service
 public class DetectLogService {
 
+    Logger logger = LoggerFactory.getLogger(DetectLogService.class);
     @Autowired
     private AuthenticationLogService authenticationLogService;
 
@@ -69,6 +72,7 @@ public class DetectLogService {
         }
 
         List<AuthenticationLog> logs = authenticationLogService.findAllByTime(lastDate, curDate);
+        logger.info("短时间频繁鉴权风险统计，配置{}，统计时间区间[{},{}],数量:{}",JSON.toJSONString(riskProgramme),lastDate,curDate,logs.size());
         NamelistFrequentRule namelistFrequentRule = JSON.parseObject(riskProgramme.getRuleContent(), NamelistFrequentRule.class);
 
         logs.stream().collect(Collectors.groupingBy(AuthenticationLog::getRequesterId, Collectors.toList()))
@@ -76,17 +80,18 @@ public class DetectLogService {
                 .stream()
                 .peek(entity -> {
                     if (entity.getValue().size() >= namelistFrequentRule.getFrequency()) {
+                        logger.info("短时间频繁鉴权风险统计，风险{},数量{}",entity.getKey(),entity.getValue().size());
                         AuthenticationLog authenticationLog = entity.getValue().get(0);
                         //记录风险日志
                         RiskLog riskLog = new RiskLog();
                         riskLog.setCreater(authenticationLog.getUserName());
                         riskLog.setCreaterId(authenticationLog.getUserIdcard());
                         riskLog.setCreateTime(new Date());
-                        riskLog.setRiskType(RiskProgrammeTypeEnum.DSJPFHBMDMZFX.getValue());
+                        riskLog.setRiskType(RiskProgrammeTypeEnum.DSJPFJQFX.getValue());
                         riskLog.setRequesterName(authenticationLog.getRequesterName());
                         riskLog.setRequesterId(authenticationLog.getRequesterId());
 
-                        riskLog.setRiskContent(riskProgramme.getRuleContent()
+                        riskLog.setRiskContent(riskProgramme.getContentFormat()
                                 .replaceAll("#主体#", authenticationLog.getUserName())
                                 .replaceAll("#鉴权规则周期#", "" + namelistFrequentRule.getInterval())
                                 .replaceAll("#鉴权规则次数#", "" + namelistFrequentRule.getFrequency())
@@ -101,7 +106,7 @@ public class DetectLogService {
                         //增加风险记录数
                         riskProgrammeService.incNumber(riskProgramme.getId());
                     }
-                });
+                }).collect(Collectors.toList());
     }
 
     /**
@@ -130,10 +135,10 @@ public class DetectLogService {
         riskLog.setRequesterName(authenticationLogDto.getRequesterName());
         riskLog.setRequesterId(authenticationLogDto.getRequesterId());
 
-        String params = Joiner.on("、").join(logErrContentDto.getReq().stream().map(e -> AuthenticationTypeEnum.getLabel(e)).collect(Collectors.toList()));
+        String params = Joiner.on("、").join(logErrContentDto.getReq().stream().map(e -> AuthenticationNecessaryParamEnum.getLabel(e)).collect(Collectors.toList()));
         riskLog.setRiskContent(riskProgramme.getContentFormat()
                 .replaceAll("#主体#", authenticationLogDto.getUserName())
-                .replaceAll("#鉴权类型#", AuthenticationNecessaryParamEnum.valueOf(authenticationLogDto.getAuthenticationType()).getLabel())
+                .replaceAll("#鉴权类型#", AuthenticationTypeEnum.valueOf(authenticationLogDto.getAuthenticationType()).getLabel())
                 .replaceAll("#参数列表#", params));
 
         riskLog.setHandleOpinion(riskProgramme.getHandleOpinion().replaceAll("#主体#", authenticationLogDto.getUserName()));

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/service/log/DataAuthLogHandler.java

@@ -6,13 +6,13 @@ import com.dragoninfo.dcuc.app.facade.IApplyInfoFacade;
 import com.dragoninfo.dcuc.app.facade.IDataResourceFacade;
 import com.dragoninfo.dcuc.auth.audit.dto.*;
 import com.dragoninfo.dcuc.auth.audit.enums.AuthResultEnum;
+import com.dragoninfo.dcuc.auth.audit.enums.AuthenticationTypeEnum;
 import com.dragoninfo.dcuc.auth.audit.enums.AuthorizeTypeEnum;
 import com.dragoninfo.dcuc.auth.audit.service.LogSendService;
 import com.dragoninfo.dcuc.auth.auth.dto.DataItemsCheckDto;
 import com.dragoninfo.dcuc.auth.auth.dto.data.SubDataDTO;
 import com.dragoninfo.dcuc.auth.auth.entity.DataAuth;
 import com.dragoninfo.dcuc.auth.auth.enumresources.SubDataAuthTypeEnum;
-import com.dragoninfo.dcuc.duceap.enums.AuthenticationNecessaryParamEnum;
 import com.dragoninfo.dcuc.org.entity.OrgInfo;
 import com.dragoninfo.dcuc.org.facade.IOrgInfoFacade;
 import com.dragoninfo.dcuc.user.label.ILabelFacade;
@@ -152,8 +152,8 @@ public class DataAuthLogHandler {
         //客体
         List<AuthorizeObjectDto> authorizeObjectDtos = delList.stream().map(e -> {
             AuthorizeObjectDto authorizeObjectDto = new AuthorizeObjectDto();
-            //fixme 暂时无法获取名称先用id代替
-            authorizeObjectDto.setObjectName(e.getDataId());
+            authorizeObjectDto.setObjectName(Optional.ofNullable(
+                    dataResourceFacade.getDetailByIdAndClaType(e.getInnerId(), e.getClassifyCode())).map(ele -> ele.getLevelName()).orElse(""));
             authorizeObjectDto.setObjectId(e.getDataId());
             return authorizeObjectDto;
         }).collect(Collectors.toList());
@@ -188,7 +188,7 @@ public class DataAuthLogHandler {
         authenticationLogDto.setUserName(userInfo.getName());
         authenticationLogDto.setUserIdcard(dataItemsCheckDto.getIdcard());
         authenticationLogDto.setCreateTime(new Date());
-        authenticationLogDto.setAuthenticationType(AuthenticationNecessaryParamEnum.SJJJQ.getValue());
+        authenticationLogDto.setAuthenticationType(AuthenticationTypeEnum.SJJJQ.getValue());
         authenticationLogDto.setState(state.getValue());
         authenticationLogDto.setContent(contentDtos);
 

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/service/log/FunAuthLogHandler.java

@@ -5,10 +5,10 @@ import com.dragoninfo.dcuc.app.facade.IApplyInfoFacade;
 import com.dragoninfo.dcuc.auth.audit.dto.AuthenticationContentDto;
 import com.dragoninfo.dcuc.auth.audit.dto.AuthenticationLogDto;
 import com.dragoninfo.dcuc.auth.audit.enums.AuthResultEnum;
+import com.dragoninfo.dcuc.auth.audit.enums.AuthenticationTypeEnum;
 import com.dragoninfo.dcuc.auth.audit.service.LogSendService;
 import com.dragoninfo.dcuc.auth.auth.dto.RoleApiDto;
 import com.dragoninfo.dcuc.auth.auth.vo.RoleAppFunVO;
-import com.dragoninfo.dcuc.duceap.enums.AuthenticationNecessaryParamEnum;
 import com.dragoninfo.dcuc.user.user.entity.UserInfo;
 import com.dragoninfo.dcuc.user.user.facade.IUserInfoFacade;
 import org.slf4j.Logger;
@@ -59,7 +59,7 @@ public class FunAuthLogHandler {
         authenticationLogDto.setRequesterName(app.getApplyName());
         authenticationLogDto.setRequesterId(dto.getAppCode());
         authenticationLogDto.setCreateTime(new Date());
-        authenticationLogDto.setAuthenticationType(AuthenticationNecessaryParamEnum.GNJJQ.getValue());
+        authenticationLogDto.setAuthenticationType(AuthenticationTypeEnum.GNJJQ.getValue());
         authenticationLogDto.setState(state.getValue());
         authenticationLogDto.setContent(contentDtos);
 

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/service/log/LogInfoFillService.java

@@ -13,6 +13,7 @@ import com.dragoninfo.dcuc.auth.auth.vo.RoleAppFunVO;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.scheduling.annotation.Async;
 import org.springframework.stereotype.Service;
 
 import java.util.List;
@@ -49,6 +50,7 @@ public class LogInfoFillService {
      * @param dto
      * @param oldUserRoles 人员已拥有的角色
      */
+    @Async
     public void sendUserViewAuthLog(AuthResultEnum state, StaffAssignDTO dto, List<StaffAssignAuthInfo> oldUserRoles) {
         userViewAuthLogHandler.sendLog(state, dto, oldUserRoles);
     }
@@ -61,11 +63,18 @@ public class LogInfoFillService {
      * @param dto
      * @param oldStaffIds 机构中已经授权的StaffId
      */
+    @Async
     public void sendRoleViewAuthLog(AuthResultEnum state, RoleAuthDto dto, Set<String> oldStaffIds) {
         roleViewAuthLogHandler.sendLog(state, dto, oldStaffIds);
     }
 
-
+    /**
+     * 发送功能鉴权日志
+     * @param suc
+     * @param dto
+     * @param funsByroleIds
+     */
+    @Async
     public void sendFunAuthenticationLog(AuthResultEnum suc, RoleApiDto dto, List<RoleAppFunVO> funsByroleIds) {
         funAuthLogHandler.sendAuthenticationLog(suc,dto,funsByroleIds);
     }
@@ -77,6 +86,7 @@ public class LogInfoFillService {
      * @param appId
      * @param serviceCode
      */
+    @Async
     public void sendServiceAuthLog(AuthResultEnum state, String appId, String serviceCode) {
         serviceAuthLogHandler.sendAuthLog(state, appId, serviceCode);
     }
@@ -84,6 +94,7 @@ public class LogInfoFillService {
     /**
      * 发送服务鉴权日志
      */
+    @Async
     public void sendServiceAuthenticationLog(AuthResultEnum state,String idcard, String appCode, String userToken, String appToken, List<ServiceAuthResult> results){
         serviceAuthLogHandler.sendAuthenticationLog(state,idcard,appCode,userToken,appToken,results);
     }
@@ -96,6 +107,7 @@ public class LogInfoFillService {
      * @param appId
      * @param serviceCodes
      */
+    @Async
     public void sendServiceAuthLogByFlow(AuthResultEnum state, String idcard, String appId, List<String> serviceCodes) {
         serviceAuthLogHandler.sendAuthLogByFlow(state, idcard, appId, serviceCodes);
     }
@@ -107,6 +119,7 @@ public class LogInfoFillService {
      * @param appId
      * @param serviceCodes
      */
+    @Async
     public void sendServiceDelAuthLogByFlow(AuthResultEnum state, String idcard, String appId, List<String> serviceCodes) {
         serviceAuthLogHandler.sendDelAuthLogByFlow(state, idcard, appId, serviceCodes);
     }
@@ -118,6 +131,7 @@ public class LogInfoFillService {
      * @param appId
      * @param serviceCode
      */
+    @Async
     public void sendServiceDelAuthLog(AuthResultEnum state, String appId, String serviceCode) {
         serviceAuthLogHandler.sendDelAuthLog(state, appId, serviceCode);
     }
@@ -131,6 +145,7 @@ public class LogInfoFillService {
      * @param oldAppId
      * @param oldServiceCode
      */
+    @Async
     public void sendServiceUpdateAuthLog(AuthResultEnum state, String newAppId, String newServiceCode, String oldAppId, String oldServiceCode) {
         serviceAuthLogHandler.sendServiceUpdateAuthLog(state, newAppId, newServiceCode, oldAppId, oldServiceCode);
     }
@@ -143,6 +158,7 @@ public class LogInfoFillService {
      * @param subType
      * @param addList
      */
+    @Async
     public void sendDataAuthLog(AuthResultEnum state, String subId, String subType, List<SubDataDTO> addList) {
         dataAuthLogHandler.sendDataAuthLog(state, subId, subType, addList);
     }
@@ -153,6 +169,7 @@ public class LogInfoFillService {
      * @param state
      * @param delList
      */
+    @Async
     public void sendDataDelAuthLog(AuthResultEnum state, List<DataAuth> delList) {
         dataAuthLogHandler.sendDataDelAuthLog(state, delList);
     }
@@ -162,6 +179,7 @@ public class LogInfoFillService {
      *  @param state
      * @param dataItemsCheckDto
      */
+    @Async
     public void sendDataAuthenticationLog(AuthResultEnum state, DataItemsCheckDto dataItemsCheckDto) {
         dataAuthLogHandler.sendAuthenticationLog(state, dataItemsCheckDto);
     }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/service/log/ServiceAuthLogHandler.java

@@ -7,10 +7,10 @@ import com.dragoninfo.dcuc.app.facade.IApplyInfoFacade;
 import com.dragoninfo.dcuc.app.facade.IServiceResourceFacade;
 import com.dragoninfo.dcuc.auth.audit.dto.*;
 import com.dragoninfo.dcuc.auth.audit.enums.AuthResultEnum;
+import com.dragoninfo.dcuc.auth.audit.enums.AuthenticationTypeEnum;
 import com.dragoninfo.dcuc.auth.audit.enums.AuthorizeTypeEnum;
 import com.dragoninfo.dcuc.auth.audit.service.LogSendService;
 import com.dragoninfo.dcuc.auth.auth.entity.ServiceAuthResult;
-import com.dragoninfo.dcuc.duceap.enums.AuthenticationNecessaryParamEnum;
 import com.dragoninfo.dcuc.user.user.entity.UserInfo;
 import com.dragoninfo.dcuc.user.user.facade.IUserInfoFacade;
 import com.dragonsoft.duceap.base.entity.security.SecurityUser;
@@ -97,7 +97,7 @@ public class ServiceAuthLogHandler {
         authenticationLogDto.setCreateTime(new Date());
 //        authenticationLogDto.setTerminalId(); fixme 暂无
         authenticationLogDto.setTokens(Joiner.on("、").skipNulls().join(userToken, appToken));
-        authenticationLogDto.setAuthenticationType(AuthenticationNecessaryParamEnum.FWJJQ.getValue());
+        authenticationLogDto.setAuthenticationType(AuthenticationTypeEnum.FWJJQ.getValue());
         authenticationLogDto.setState(state.getValue());
         authenticationLogDto.setContent(contentDtos);
 

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/bpo/AppFunInfoBPO.java

@@ -6,10 +6,12 @@ import com.dragoninfo.dcuc.auth.auth.vo.CountVO;
 import com.dragoninfo.dcuc.auth.auth.vo.TreeInfoVO;
 import com.dragoninfo.duceap.core.persistent.BaseBPO;
 import com.dragonsoft.duceap.commons.util.collections.CollectionUtils;
+import com.dragonsoft.duceap.commons.util.string.StringUtils;
 import com.dragonsoft.duceap.core.persistent.factory.PersistentFactory;
 import org.springframework.stereotype.Repository;
 
 import java.util.List;
+import java.util.stream.Collectors;
 
 @Repository
 public class AppFunInfoBPO extends BaseBPO<AppFunInfo, String> {
@@ -32,9 +34,18 @@ public class AppFunInfoBPO extends BaseBPO<AppFunInfo, String> {
         return PersistentFactory.getHibernateDao().find(hql, applicationId);
     }
 
-    public List<TreeInfoVO> getAllTreeList(String applicationId) {
-        String sql="select t.id,t.code,t.parent_id as pid,t.name,t.url,t.remark,t.seq from T_APP_FUN_INFO t where t.is_active='1' and t.app_id=?  order by seq";
-        List<TreeInfoVO> treeInfoVOs = PersistentFactory.getJdbcDao().queryForList(sql,TreeInfoVO.class, applicationId);
+    public List<TreeInfoVO> getAllTreeList(String applicationId, String isActive) {
+        String sql="select t.id,t.code,t.parent_id as pid,t.name,t.url,t.remark,t.seq from T_APP_FUN_INFO t where t.app_id=?";
+        if(StringUtils.isNotBlank(isActive)) {
+            sql += "and t.is_active=?";
+        }
+        sql +=  " order by seq";
+        List<TreeInfoVO> treeInfoVOs;
+        if(StringUtils.isNotBlank(isActive)) {
+            treeInfoVOs = PersistentFactory.getJdbcDao().queryForList(sql,TreeInfoVO.class, applicationId, isActive);
+        } else {
+            treeInfoVOs = PersistentFactory.getJdbcDao().queryForList(sql,TreeInfoVO.class, applicationId);
+        }
         return treeInfoVOs;
     }
 
@@ -96,4 +107,10 @@ public class AppFunInfoBPO extends BaseBPO<AppFunInfo, String> {
         }
         return null;
     }
+
+    public void updateIsActivceByIds(List<String> ids, String oldIsActive, String isActive) {
+        String collect = ids.stream().collect(Collectors.joining("','"));
+        String sql = "UPDATE T_APP_FUN_INFO SET is_active = ? WHERE id in ('" + collect + "') AND is_active = ?";
+        PersistentFactory.getJdbcDao().update(sql, new Object[]{isActive, oldIsActive});
+    }
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/facade/AppFunInfoFacade.java

@@ -37,8 +37,8 @@ public class AppFunInfoFacade implements IAppFunInfoFacade {
         return iAppFunInfoService.getMenuTreeList(appId);
     }
 
-    public List<TreeInfoVO> getAllTreeList(String appId) {
-        return iAppFunInfoService.getAllTreeList(appId);
+    public List<TreeInfoVO> getAllTreeList(String appId, String isActive) {
+        return iAppFunInfoService.getAllTreeList(appId, isActive);
     }
 
     public ResponseDTO save(AppFunInfo appFunInfo) {

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/service/IAppFunInfoService.java

@@ -22,7 +22,7 @@ public interface IAppFunInfoService extends IOldBaseService<AppFunInfo, String>
     List<AppFunInfo> getRoot(String applicationId);
 
     
-    List<TreeInfoVO> getAllTreeList(String applicationId);
+    List<TreeInfoVO> getAllTreeList(String applicationId,String isActive);
 
     
     void deleteMenuAll(String deletedId, String appId);

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/service/impl/AppFunInfoService.java

@@ -43,6 +43,7 @@ import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.util.*;
+import java.util.stream.Collectors;
 
 /**
  * Created by liws on 2018/6/20.
@@ -93,8 +94,8 @@ public class AppFunInfoService extends BaseService<AppFunInfo, String> implement
     }
 
     @Override
-    public List<TreeInfoVO> getAllTreeList(String applicationId) {
-        List<TreeInfoVO> list = appFunInfoBPO.getAllTreeList(applicationId);
+    public List<TreeInfoVO> getAllTreeList(String applicationId, String isActive) {
+        List<TreeInfoVO> list = appFunInfoBPO.getAllTreeList(applicationId, isActive);
         for (TreeInfoVO treeInfoVO : list) {
             String name = cleanXSS(treeInfoVO.getName());
             treeInfoVO.setName(name);
@@ -329,9 +330,56 @@ public class AppFunInfoService extends BaseService<AppFunInfo, String> implement
         BeanUtils.copyProperties(appFunInfoVo, appFunInfo);
         appFunInfo.setModifiedTime(new Date());
         appFunInfoBPO.saveOrUpdate(appFunInfo);
+
+        //判断是否修改了启用和停用标识
+        if(oldEntity != null) {
+            String oldIsActive = oldEntity.getIsActive();
+            String isActive = appFunInfoVo.getIsActive();
+            if(!oldIsActive.equals(isActive)) {
+                updateChildFunStatus(oldEntity.getCode(), applyInfo.getId(), oldIsActive, isActive);
+            }
+        }
         return ResponseStatus.success();
     }
 
+    /**
+     * 修改子类菜单的启停状态
+     * @param code 功能code
+     * @param appId 应用id
+     * @param oldIsActive 旧启停状态
+     * @param isActive 要修改的启停状态
+     */
+    private void updateChildFunStatus(String code, String appId, String oldIsActive, String isActive) {
+        List<TreeInfoVO> allTreeList = appFunInfoBPO.getAllTreeList(appId, oldIsActive);
+        if(CollectionUtils.isEmpty(allTreeList)) {
+            return;
+        }
+        Map<String, List<TreeInfoVO>> pCodeMap = allTreeList.stream()
+                .collect(Collectors.groupingBy(TreeInfoVO::getPid));
+        List<TreeInfoVO> childes = getChildList(code, pCodeMap);
+        if(CollectionUtils.isNotEmpty(childes)) {
+            List<String> ids = childes.stream().map(TreeInfoVO::getId).distinct().collect(Collectors.toList());
+            appFunInfoBPO.updateIsActivceByIds(ids, oldIsActive,isActive);
+        }
+    }
+
+    private List<TreeInfoVO> getChildList(String code, Map<String, List<TreeInfoVO>> pCodeMap) {
+        List<TreeInfoVO> list = new ArrayList<>();
+        List<TreeInfoVO> treeInfoVOS = pCodeMap.get(code);
+        if(CollectionUtils.isEmpty(treeInfoVOS)) {
+            return list;
+        }
+        list.addAll(treeInfoVOS);
+        List<String> codes = treeInfoVOS.stream().map(TreeInfoVO::getCode).collect(Collectors.toList());
+        for (String childCode : codes) {
+            List<TreeInfoVO> childList = getChildList(childCode, pCodeMap);
+            if(CollectionUtils.isNotEmpty(childList)) {
+                list.addAll(childList);
+            }
+        }
+        return list;
+    }
+
     /**
      * 功能资源新增
      * @param appFunInfo

dcuc-auth-service/src/main/resources/config/mysql/V4_3_0010__Init_auditlog_Tables.sql

@@ -181,12 +181,12 @@ INSERT INTO `t_menu_info` (`id`, `name`, `code`, `app_id`, `parent_id`, `url`, `
 INSERT INTO `t_menu_info` (`id`, `name`, `code`, `app_id`, `parent_id`, `url`, `show_mode`, `param_name`, `param_value`, `is_active`, `seq`, `create_time`, `creator`, `modified_time`, `modifier`, `remark`, `is_system`, `is_hide`) VALUES ('6a8b08b9b5684997bcbfsb1d9dcf44e2', '鉴权预警信息', 'QXGL_RZGL_YCJQYJGL_JQYJXX', '00000000000000000000000000000000', '6a8b08b9b5684997bcbfsb1d9dcf41e4', NULL, '1', NULL, NULL, '1', '4', '2020-12-04 16:53:04', NULL, '2020-12-04 16:53:04', NULL, NULL, '0', '0');
 
 -- 内置风险方案
-INSERT INTO `t_audit_risk_programme` (`id`, `name`, `type`, `number`, `state`, `rule_content`, `rule_explain`, `content_format`, `handle_opinion`, `create_time`, `update_time`, `create_user`, `update_user`, `is_deleted`, `delete_time`) VALUES ('1', '短时间频繁鉴权风险', 'DSJPFJQFX', '0', '1', '{\"frequency\":101,\"interval\":1}', '用户在短时间内频繁发起请求，鉴定是否有应用或服务的访问权限。 鉴权次数说明：a用户访问A应用（或者服务），A应用到鉴权服务鉴定a用户是否可以访问A应用（或者服务），为一次鉴权。', '#主体##鉴权规则周期#分钟内鉴权超过#鉴权规则次数#次，实际鉴权次数：#鉴权次数#次。', '#主体#存在短时间频繁鉴权风险，请核实。', '2021-05-25 17:27:49', '2021-06-17 15:45:24', NULL, NULL, '0', NULL);
-INSERT INTO `t_audit_risk_programme` (`id`, `name`, `type`, `number`, `state`, `rule_content`, `rule_explain`, `content_format`, `handle_opinion`, `create_time`, `update_time`, `create_user`, `update_user`, `is_deleted`, `delete_time`) VALUES ('2', '短时间频繁红/白名单命中风险', 'DSJPFHBMDMZFX', '0', '1', '{\"frequency\":6,\"interval\":2}', '在短时间内，鉴权的内容在红/白名单的次数超量。\r\n\r\n命中红/白名单说明：a用户访问A应用（或者服务），A应用到鉴权服务鉴定a用户是否可以访问A应用（或者服务），若A应用在红/白名单中，为命中一次红白名单。', '#主体##鉴权规则周期#分钟内，命中红白名单次数超过#鉴权规则次数#次，实际命中#鉴权次数#次。', '#主体#存在短时间频繁红/白名单命中风险，请核实。', '2021-05-25 17:27:20', '2021-05-31 14:46:40', NULL, NULL, '0', NULL);
-INSERT INTO `t_audit_risk_programme` (`id`, `name`, `type`, `number`, `state`, `rule_content`, `rule_explain`, `content_format`, `handle_opinion`, `create_time`, `update_time`, `create_user`, `update_user`, `is_deleted`, `delete_time`) VALUES ('3', '鉴权必要条件不完整风险', 'JQBYTJBWZFX', '0', '1', '[{\"params\":[{\"checked\":true,\"name\":\"YHLP\"},{\"checked\":true,\"name\":\"YYLP\"},{\"checked\":true,\"name\":\"LPZX\"},{\"checked\":true,\"name\":\"QMWBCG\"},{\"checked\":true,\"name\":\"YWRWXX\"},{\"checked\":true,\"name\":\"HJXX\"},{\"checked\":true,\"name\":\"DYFWXX\"}],\"type\":\"FWJJQ\"},{\"params\":[{\"checked\":true,\"name\":\"YHLP\"},{\"checked\":true,\"name\":\"YYLP\"},{\"checked\":true,\"name\":\"LPZX\"},{\"checked\":true,\"name\":\"QMWBCG\"},{\"checked\":true,\"name\":\"YWRWXX\"}],\"type\":\"GNJJQ\"},{\"params\":[{\"checked\":true,\"name\":\"YHLP\"},{\"checked\":false,\"name\":\"YYLP\"},{\"checked\":true,\"name\":\"LPZX\"},{\"checked\":true,\"name\":\"QMWBCG\"},{\"checked\":false,\"name\":\"YWRWXX\"}],\"type\":\"YYJJQ\"},{\"params\":[{\"checked\":true,\"name\":\"YHLP\"},{\"checked\":true,\"name\":\"YYLP\"},{\"checked\":true,\"name\":\"LPZX\"},{\"checked\":true,\"name\":\"QMWBCG\"},{\"checked\":true,\"name\":\"YWRWXX\"}],\"type\":\"SJJJQ\"}]', '在鉴权时，针对于不同类型的鉴权，需要上传对应的参数若没有上传必要参数，则判定为鉴权必要条件不完整。', '#主体#进行#鉴权类型#时，必要条件不完整，以下参数有误：#参数列表#。', '#主体#存在鉴权必要条件不完整风险，请核实。', '2021-05-25 17:27:12', '2021-05-31 15:00:07', NULL, NULL, '0', NULL);
+INSERT INTO `t_audit_risk_programme` (`id`, `name`, `type`, `number`, `state`, `rule_content`, `rule_explain`, `content_format`, `handle_opinion`, `create_time`, `update_time`, `create_user`, `update_user`, `is_deleted`, `delete_time`) VALUES ('1', '短时间频繁鉴权风险', 'DSJPFJQFX', '0', '1', '{\"frequency\":101,\"interval\":1}', '用户在短时间内频繁发起请求，鉴定是否有应用或服务的访问权限。 鉴权次数说明：a用户访问A应用（或者服务），A应用到鉴权服务鉴定a用户是否可以访问A应用（或者服务），为一次鉴权。', '#主体##鉴权规则周期#分钟内鉴权超过#鉴权规则次数#次，实际鉴权次数：#鉴权次数#次。', '#主体#存在短时间频繁鉴权风险，请核实。', '2021-05-25 17:27:49', NULL, NULL, NULL, '0', NULL);
+INSERT INTO `t_audit_risk_programme` (`id`, `name`, `type`, `number`, `state`, `rule_content`, `rule_explain`, `content_format`, `handle_opinion`, `create_time`, `update_time`, `create_user`, `update_user`, `is_deleted`, `delete_time`) VALUES ('2', '短时间频繁红/白名单命中风险', 'DSJPFHBMDMZFX', '0', '1', '{\"frequency\":6,\"interval\":2}', '在短时间内，鉴权的内容在红/白名单的次数超量。\r\n\r\n命中红/白名单说明：a用户访问A应用（或者服务），A应用到鉴权服务鉴定a用户是否可以访问A应用（或者服务），若A应用在红/白名单中，为命中一次红白名单。', '#主体##鉴权规则周期#分钟内，命中红白名单次数超过#鉴权规则次数#次，实际命中#鉴权次数#次。', '#主体#存在短时间频繁红/白名单命中风险，请核实。', '2021-05-25 17:27:20', NULL, NULL, NULL, '0', NULL);
+INSERT INTO `t_audit_risk_programme` (`id`, `name`, `type`, `number`, `state`, `rule_content`, `rule_explain`, `content_format`, `handle_opinion`, `create_time`, `update_time`, `create_user`, `update_user`, `is_deleted`, `delete_time`) VALUES ('3', '鉴权必要条件不完整风险', 'JQBYTJBWZFX', '0', '1', '[{\"params\":[{\"checked\":true,\"name\":\"YHLP\"},{\"checked\":true,\"name\":\"YYLP\"},{\"checked\":true,\"name\":\"LPZX\"},{\"checked\":true,\"name\":\"QMWBCG\"},{\"checked\":true,\"name\":\"YWRWXX\"},{\"checked\":true,\"name\":\"HJXX\"},{\"checked\":true,\"name\":\"DYFWXX\"}],\"type\":\"FWJJQ\"},{\"params\":[{\"checked\":true,\"name\":\"YHLP\"},{\"checked\":true,\"name\":\"YYLP\"},{\"checked\":true,\"name\":\"LPZX\"},{\"checked\":true,\"name\":\"QMWBCG\"},{\"checked\":true,\"name\":\"YWRWXX\"}],\"type\":\"GNJJQ\"},{\"params\":[{\"checked\":true,\"name\":\"YHLP\"},{\"checked\":false,\"name\":\"YYLP\"},{\"checked\":true,\"name\":\"LPZX\"},{\"checked\":true,\"name\":\"QMWBCG\"},{\"checked\":false,\"name\":\"YWRWXX\"}],\"type\":\"YYJJQ\"},{\"params\":[{\"checked\":true,\"name\":\"YHLP\"},{\"checked\":true,\"name\":\"YYLP\"},{\"checked\":true,\"name\":\"LPZX\"},{\"checked\":true,\"name\":\"QMWBCG\"},{\"checked\":true,\"name\":\"YWRWXX\"}],\"type\":\"SJJJQ\"}]', '在鉴权时，针对于不同类型的鉴权，需要上传对应的参数若没有上传必要参数，则判定为鉴权必要条件不完整。', '#主体#进行#鉴权类型#时，必要条件不完整，以下参数有误：#参数列表#。', '#主体#存在鉴权必要条件不完整风险，请核实。', '2021-05-25 17:27:12', NULL, NULL, NULL, '0', NULL);
 
 -- 内置告警方案
-INSERT INTO `t_audit_warning_programme` (`id`, `name`, `type`, `number`, `state`, `rule_content`, `rule_explain`, `content_format`, `create_time`, `update_time`, `create_user`, `update_user`, `is_deleted`, `delete_time`) VALUES ('1', '用户异常时间鉴权预警', 'YHYCSJJQYJ', '0', '1', '[{\"start\":1,\"end\":2},{\"start\":4,\"end\":5}]', '设定时间范围，若用户在设定的时间范围内进行鉴权，则判定用户异常时间鉴权；规则为或的关系，只要命中一条就预警。', '#主体#异常时间鉴权，在#时间区间#时间区间内鉴权，鉴权时间#鉴权时间#。', '2021-05-25 17:35:10', '2021-05-28 16:26:15', NULL, NULL, '0', NULL);
-INSERT INTO `t_audit_warning_programme` (`id`, `name`, `type`, `number`, `state`, `rule_content`, `rule_explain`, `content_format`, `create_time`, `update_time`, `create_user`, `update_user`, `is_deleted`, `delete_time`) VALUES ('2', '用户异常IP鉴权预警', 'YHYCIPJQYJ', '0', '1', '', '用户鉴权的IP与常用的IP不相同。', '#主体#鉴权时，使用IP是：xxxx，与常用的IP：xxxx01，不相同。', '2021-05-25 17:38:02', '2021-05-28 17:00:29', NULL, NULL, '0', NULL);
+INSERT INTO `t_audit_warning_programme` (`id`, `name`, `type`, `number`, `state`, `rule_content`, `rule_explain`, `content_format`, `create_time`, `update_time`, `create_user`, `update_user`, `is_deleted`, `delete_time`) VALUES ('1', '用户异常时间鉴权预警', 'YHYCSJJQYJ', '0', '1', '[{\"start\":1,\"end\":2},{\"start\":4,\"end\":5}]', '设定时间范围，若用户在设定的时间范围内进行鉴权，则判定用户异常时间鉴权；规则为或的关系，只要命中一条就预警。', '#主体#异常时间鉴权，在#时间区间#时间区间内鉴权，鉴权时间#鉴权时间#。', '2021-05-25 17:35:10', NULL, NULL, NULL, '0', NULL);
+INSERT INTO `t_audit_warning_programme` (`id`, `name`, `type`, `number`, `state`, `rule_content`, `rule_explain`, `content_format`, `create_time`, `update_time`, `create_user`, `update_user`, `is_deleted`, `delete_time`) VALUES ('2', '用户异常IP鉴权预警', 'YHYCIPJQYJ', '0', '1', '', '用户鉴权的IP与常用的IP不相同。', '#主体#鉴权时，使用IP是：xxxx，与常用的IP：xxxx01，不相同。', '2021-05-25 17:38:02', NULL, NULL, NULL, '0', NULL);