1. 首頁 > 生活百科 > >

篡改常識的系統最新章節 網站防篡改設備

生活百科

什么是Api接口冪等?
【篡改常識的系統最新章節網站防篡改設備】大略來說Api接口冪等在有限的功夫內控制接口考察乞求,控制ip考察度數,不控制平臺考察,都不妨拿到數據 。一個接口不不妨反復表單提交,消費一次耗費一次 。
用戶場景:同一功夫反復提交屢次乞求 。
什么是數據竄改?
api接口數據竄改,劇本文獻,竄改接口參數舉行效勞器數據奪取,重要的數據竄改會引導數據庫宕機,步調軟硬件解體 。
想到這邊都領會后盾api接口冪等多要害了吧 。即日給大師講非對稱加密實行后盾接口api冪等 。
實行思緒:jtw+ 考證標識+出面密鑰+暫時功夫戳+寄存過時功夫+AES 實行加密算法token 。
實行辦法:1,用戶登錄勝利后,消費加密token寄存redis.
2,下次登錄檢查token 能否過時,過時請從新登錄 。
3,用戶登錄生存靈驗期,不須要登錄 。(這邊即是單點登錄辦法)
code中心實行類:
import io.jsonwebtoken.*;import org.slf4j.Logger;import org.slf4j.LoggerFactory;import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;import org.springframework.security.core.Authentication;import org.springframework.security.core.GrantedAuthority;import org.springframework.security.core.authority.SimpleGrantedAuthority;import org.springframework.security.core.userdetails.User;import org.springframework.stereotype.Component;import org.springframework.util.StringUtils;import javax.annotation.PostConstruct;import javax.servlet.http.HttpServletRequest;import java.util.*;import java.util.stream.Collectors;@Componentpublic class JWTTokenUtils {public static final String AUTHORIZATION_HEADER = "x-token";public static final String AUTHORIZATION_TOKEN = "x-token";private final Logger logger = LoggerFactory.getLogger(JWTTokenUtils.class);private static final String AUTHORITIES_KEY = "auth";private String secretKey; // 出面密鑰private long tokenValidityInMilliseconds; // 作廢日子private long tokenValidityInMillisecondsForRememberMe; // (記取我)作廢日子@PostConstructpublic void init() {this.secretKey = "isoftstone.huwei";int secondIn1day = 1000 * 60 * 60 * 24;this.tokenValidityInMilliseconds = secondIn1day * 2L;this.tokenValidityInMillisecondsForRememberMe = secondIn1day * 7L;}// 創造Tokenpublic String createToken(Authentication authentication, Boolean rememberMe) {String authorities = authentication.getAuthorities().stream() // 獲得用戶的權力字符串,如 USER,ADMIN.map(GrantedAuthority::getAuthority).collect(Collectors.joining(","));long now = (new Date()).getTime(); // 獲得暫時功夫戳Date validity; // 寄存過時功夫if (rememberMe) {validity = new Date(now + this.tokenValidityInMilliseconds);} else {validity = new Date(now + this.tokenValidityInMillisecondsForRememberMe);}return SysConst.SYS_COMPANY_HEAD+"."+ Jwts.builder() // 創造Token令牌.setSubject(authentication.getName()) // 樹立面向用戶.claim(AUTHORITIES_KEY, authorities) // 增添權力屬性.setExpiration(validity) // 樹立作廢功夫.signWith(SignatureAlgorithm.HS512, secretKey) // 天生出面.compact();}// 獲得用戶權力public Authentication getAuthentication(String token) {logger.info("JWTTokenUtils Start Get User Auth");// 領會Token的payloadClaims claims = Jwts.parser().setSigningKey(secretKey).parseClaimsJws(token).getBody();Collection<? extends GrantedAuthority> authorities = Arrays.stream(claims.get(AUTHORITIES_KEY).toString().split(",")) // 獲得用戶權力字符串.map(SimpleGrantedAuthority::new).collect(Collectors.toList()); // 將元素變換為GrantedAuthority接口匯合User principal = new User(claims.getSubject(), "", authorities);return new UsernamePasswordAuthenticationToken(principal, null, authorities);}/** * 領會token獲得用戶源代碼 * @param token * @return */public String getAuthSubject(String token) {Claims claims = Jwts.parser().setSigningKey(secretKey).parseClaimsJws(token).getBody();return claims.getSubject();}public String resolveToken(HttpServletRequest request){String bearerToken = request.getHeader(AUTHORIZATION_HEADER);//從HTTP頭部獲得TOKENif (StringUtils.hasText(bearerToken) && bearerToken.startsWith(SysConst.SYS_COMPANY_HEAD)){return bearerToken.substring(bearerToken.indexOf(".")+1, bearerToken.length());//歸來Token字符串,去除Bearer}String jwt = request.getParameter(AUTHORIZATION_TOKEN);//從乞求參數中獲得TOKENif (StringUtils.hasText(jwt) && jwt.startsWith(SysConst.SYS_COMPANY_HEAD)) {return jwt.substring(bearerToken.indexOf(".")+1, jwt.length());}return null;}// 考證Token能否精確public boolean validateToken(String token) {try {Jwts.parser().setSigningKey(secretKey).parseClaimsJws(token); // 經過密鑰考證Tokenreturn true;}catch (MalformedJwtException e) { // JWT *** 缺點logger.info("Invalid JWT token.");logger.trace("Invalid JWT token trace: {}", e);} catch (ExpiredJwtException e) { // JWT過時logger.info("Expired JWT token.");logger.trace("Expired JWT token trace: {}", e);} catch (UnsupportedJwtException e) { // 不扶助該JWTlogger.info("Unsupported JWT token.");logger.trace("Unsupported JWT token trace: {}", e);} catch (IllegalArgumentException e) { // 參數缺點特殊logger.info("JWT token compact of handler are invalid.");logger.trace("JWT token compact of handler are invalid trace: {}", e);}catch (SignatureException e) { // 出面特殊logger.info("Invalid JWT signature.");logger.trace("Invalid JWT signature trace: {}", e);}return false;}}redis寫入緩存:

推薦閱讀