Security around the main interface Token, Timestamp and Sign launched three mechanisms designed to ensure data interface will not be tampered with and called repeatedly, the following specific point of view
Token authorization mechanism
User login using the username and password server to the client returns a Token (usually a UUID), and Token-UserId in the form of key-value pairs stored in the cache server. Token validation services were terminated after receipt of the request, if there is no Token, indicating that the request was invalid. Token is a Client Access server credentials.
Log ~
Timestamp timeout mechanism
Each time a user request is put on the timestamp of the current time timestamp, followed by the server receives the current time timestamp comparison, if the time difference is greater than a predetermined time (for example, 5 minutes), the request is considered invalid. Timestamp timeout mechanism is an effective means of defense DOS attacks.
Signature Mechanism
The Token request parameters and timestamp plus other then MD5 or SHA-1 algorithm (salt can be added according to the situation) encryption, data is encrypted signature Sign, terminating the current service request after receiving the request to obtain the same algorithm signature, and to compare with the current signature, if not the same, indicating that the parameter is changed, an error is returned directly identify. Signature mechanism ensures that data can not be tampered with.
Example 1
Provide external connection sharing (url? ShareId = 123 & sign = XXX), click to receive a certain coupons. Do signature purpose is to prevent the user to change the ID to receive coupons, signatures.
1. do share ID of the signature, sign (SHAREid,);
2. signature generation request to a rear end;
3. sign and url of comparison, the same test is successful check.
public static String sign(Map<String, String> data) throws KmsResultNullException {
String[] key = data.keySet().toArray(new String[data.keySet().size()]);
Arrays.sort(key);
String dataStr = "";
for (int i = 0; i < key.length; i++) {
if (data.get(key[i]) != null && !data.get(key[i]).equals("")) {
dataStr += key[i] + "=" + data.get(key[i]) + "&";
}
}
dataStr = dataStr.substring(0, dataStr.length() - 1);
String shareKey = "XXX加盐的字符串XXX";
String sign = DigestUtils.md5Hex(dataStr + shareKey).toLowerCase();
return sign;
}
Example 2
http interface to provide external, to prevent frequent user requests, get token. Time stamp + signature
/**半小时内的请求是有效的**/
private static final Long validityPeriod = 1800000L;
boolean valid = false;
Long current = System.currentTimeMillis();
if(current-feedsRequest.getTimestamp() < validityPeriod && current-feedsRequest.getTimestamp() >= 0-validityPeriod){
valid =true;
}
String token = request.getToken();
valid =token.equalsIgnoreCase(MD5Util.encode(request.getUtmSource()+"XXX加盐的字符串XXX"+String.valueOf(request.getTimestamp())));
Refused repeated calls (non-essential)
When the client first visit, will sign the signature stored in the cache server, the timeout is set to coincide with the time-out time stamp, you can guarantee the same time both in terms of the time limit within or outside the timestamp URL can only be accessed once . If someone uses another visit to the same URL, if you find the cache server already exists for this signature, the denial of service. If the case of the signature in the cache of failure, someone accessed again using the same URL, timestamp timeout mechanism will be intercepted. That is why the time stamp requirement timeout to set consistent with the timestamp of the timeout. Refused repeated calls to ensure that mechanisms URL intercepted by others can not be used (such as data capture) .
The entire process is as follows:
1, the client user name and password acquired Token server
2, the client generates a timestamp timestamp, and the timestamp parameter as one of
3, all parameters clients, including their own Token and timestamp algorithm Sort encryption to obtain the signature sign
4, the token, timestamp and sign a request must carry parameters added behind URL for each request ( HTTP:? // url / request token = 123 & timestamp = 123 & sign = 123123123)
5, the server a filter for write token, timestamp sign and validate only valid token, timestamp has not timed out, the absence of a cache server sign three cases simultaneously satisfied, this request is valid.
Under the protection of three or more in mechanism, if someone hijacked the request, and the request parameter is changed, the signature can not pass; if someone has hijacked the URL DOS attack, because the server will cache server already exists signature or timestamp timeout denial of service, so the DOS attack is impossible; if the signature algorithm and user name and password are exposed, and that Monkey King came not so that it estimated. . . . Finally, say, all safety measures have to spend too complex, then sometimes inevitably need to be made in the actual project according to their cut, for example, you can only use a signature mechanism to ensure that information can not be tampered with, or directed to provide services when only Token mechanism on it. How to cut, it all depends on the actual situation of the project and requirements of the security interfaces
Reference:
https://www.jianshu.com/p/c6518a8f4040(API Interface Security Design)
https://blog.csdn.net/jason_cuijiahui/article/details/79891742 (hash salt as meaning key)
https://blog.csdn.net/weixin_37390956/article/details/80172233 (API interface security and https)