CN108259437A - A kind of http access methods, http-server and system - Google Patents

A kind of http access methods, http-server and system Download PDF

Info

Publication number
CN108259437A
CN108259437A CN201611248668.3A CN201611248668A CN108259437A CN 108259437 A CN108259437 A CN 108259437A CN 201611248668 A CN201611248668 A CN 201611248668A CN 108259437 A CN108259437 A CN 108259437A
Authority
CN
China
Prior art keywords
http
session token
client browser
token
client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201611248668.3A
Other languages
Chinese (zh)
Other versions
CN108259437B (en
Inventor
雷中雄
王庆磊
韩炳海
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Shenzhou Taiyue Software Co Ltd
Original Assignee
Beijing Shenzhou Taiyue Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Shenzhou Taiyue Software Co Ltd filed Critical Beijing Shenzhou Taiyue Software Co Ltd
Priority to CN201611248668.3A priority Critical patent/CN108259437B/en
Publication of CN108259437A publication Critical patent/CN108259437A/en
Application granted granted Critical
Publication of CN108259437B publication Critical patent/CN108259437B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a kind of http access methods, http-server and systems.This method includes:When foundation is connect with the http of client browser, predetermined encryption rule is sent to client browser;Receive the http access requests for carrying client identification and session token that client browser is sent;Local token is generated to the client identification encryption carried in http access requests according to encryption rule certain in advance;It is identical with the session token in local token, and session token is unused out-of-date within its effective time, and the corresponding resource data of http access requests is sent to client browser.The present invention generates session token by specific encryption rule, and whether the session token by judging to receive used within its effective time, the session token is prevented to be reused within its effective time, realize the two-stage security protection that http is accessed under client browser/server-side pattern, it is ensured that data safety.

Description

A kind of http access methods, http-server and system
Technical field
The present invention relates to http access control technologies field, more particularly to a kind of http access methods, http-server and System.
Background technology
Hypertext transfer protocol (hypertext transfer protocol, http), which has been a kind of specified in more detail, to be browsed The rule communicated between device and Web server, http agreements are a kind of stateless protocols, therefore there are browser/clothes Http access requests under business device pattern there is a possibility that unauthorized access.
At present, to improve the safeties of http access requests, usually using API Key mode to http access requests into Row management, API Key are exactly to distribute a key to client browser by server-side after authenticating user identification.Such as Fig. 1 Shown in Fig. 2:
Client browser is registered to server-side, and server-side registers through the api_ that response is sent to client browser Key and security_key;
Client browser is according to application identities key assignments api_key, the safe key assignments secrity_key received and originally The timestamp timestrap and rest uniform resource locator rest_uri of body obtains a Hash using hmacsha256 algorithms (hash) value sign is sent to server-side in structural map 1;
After server-side receives url requests, first verify that api_key whether there is, if obtaining the api_key's in the presence of if Security_key then verifies whether timestrap is more than the time restriction set, resets and attacks this prevents part It hits, after timestrap is verified, server-side utilizes "/rest/v1/interface/eth0 " in url to obtain rest_ Api calculates server-side sign values using the rest_api of acquisition, server-side sign values and client browser is sended over Sign values verify, and prevent the unauthorized access of unauthorized user, and data is avoided to be tampered or reveal.
But Fig. 1 and the mode shown in Figure 2 using API Key are managed http access requests, have in sign values It imitates in the time, sign may be reused, and there are the possibility of unauthorized access.
Invention content
In view of the above problems, based on one object of the present invention, the present invention provides a kind of http access methods, http to take Business device and system, to solve within sign value effective times, sign may be reused, and there are problems that unauthorized access.
In order to achieve the above objectives, the technical proposal of the invention is realized in this way:
On the one hand, the present invention provides a kind of http access methods, this method includes:
When foundation is connect with the http of client browser, predetermined encryption rule is sent to Client browse Device makes client browser that client identification be encrypted according to the encryption rule, generates session token;
The http access requests that client browser is sent are received, client identification is carried in the http access requests And session token;
The client identification carried in http access requests is encrypted according to encryption rule certain in advance, generates local enable Board;
Judge whether local token and the session token are identical, if differing, generation error information is sent to client Browser;If identical, judge whether session token used within its effective time, if using, generation error information is sent To client browser, if being not used, the corresponding resource data of http access requests is obtained, is sent to client browser.
On the other hand, the present invention provides a kind of http-server, including:Transmitting element, receiving unit, encryption unit, Judging unit;
Transmitting element, for the encryption rule that when foundation is connect with the http of client browser, will have been predefined Client browser is sent to, makes client browser that client identification be encrypted according to the encryption rule, generates meeting Talk about token;
Receiving unit for receiving the http access requests of client browser transmission, is taken in the http access requests With client identification and session token;
Encryption unit, for being added according to encryption rule certain in advance to the client identification carried in http access requests It is close, generate local token;
Judging unit, for judging whether local token is identical with session token, if differing, generation error information is led to It crosses transmitting element and is sent to client browser;If identical, judge whether session token used within its effective time, if making Used, generation error information is sent to client browser by transmitting element, if being not used, by http access requests pair The resource data answered is sent to by transmitting element to client browser.
Another aspect, the present invention provides a kind of http systems, including:Auxiliary control server and above-mentioned http services Device, auxiliary control server in setting corresponding to session token reference factor, the reference factor can value be 0 or 1.
The advantageous effect of the embodiment of the present invention is:The present invention generates session token by specific encryption rule, utilizes meeting Talk about the first order security protection that token realizes that http is accessed under client browser/server-side pattern;And by judging to receive To session token whether used within its effective time, out-of-date ability is not used only within its effective time by http request Resource data be sent to client browser, the session token is prevented to be reused within its effective time, realize client The second level security protection that http is accessed under browser/server-side pattern is held, the present invention passes through two-stage Security mechanism, it is ensured that Data safety prevents leaking data or data from usurping and writing.
Description of the drawings
Fig. 1 is that the client browser of the prior art generates the schematic diagram that url is sent to server-side;
Fig. 2 is that the server-side of the prior art carries out the schematic diagram of sign value verifications;
Fig. 3 is http access methods flow chart provided in an embodiment of the present invention;
Fig. 4 is the structure diagram of http-server provided in an embodiment of the present invention;
Fig. 5 is the structure diagram of http systems provided in an embodiment of the present invention;
Fig. 6 is client browser provided in an embodiment of the present invention and http-server time synchronization schematic diagram;
Fig. 7 is between client browser provided in an embodiment of the present invention, Restful API servers and Redis servers Access control schematic diagram.
Specific embodiment
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with attached drawing to embodiment party of the present invention Formula is described in further detail.
For under Browser/Server Mode, within sign value effective times, sign may be reused, and exist illegal The situation of the possibility of access, whole design idea of the invention are:Client browser and server by utilizing are specifically encrypted Rule generation session token (session token) carries out state holding using session token, and server is receiving session order Determine whether the session token used during board, be only not used by out-of-date ability in session token sends money to client browser Source data, it is ensured that data safety.
Embodiment one
Fig. 3 is http access methods flow chart provided in an embodiment of the present invention, as shown in figure 3, this method includes:
Predetermined encryption rule when foundation is connect with the http of client browser, is sent to client by S300 Browser is held, makes client browser that client identification be encrypted according to encryption rule, generates session token.
Predetermined encryption rule is utilizes each application programming interfaces of server end in the present embodiment Client identification is encrypted in the method name method of (Application Programming Interface, API), It replaces and common client identification is encrypted using the ulr of application programming interfaces.
Since the method name method of each API is different from, and is developed and designed by developer, therefore the side of API The design rule of legitimate name method more freedom and flexibility, disabled user are difficult to obtain, and degree of safety is high.
S320 receives the http access requests that client browser is sent, client mark is carried in http access requests Knowledge and session token.
The client identification carried in http access requests can unique mark client, convenient for keep client browser/ Connection status between server;And the session token carried in http access requests is to be encrypted according to predetermined encryption rule Generation.
S340 encrypts the client identification carried in http access requests according to encryption rule certain in advance, generation Local token.
Due to predetermined encryption rule be using each API of server end method name method to client mark Knowledge is encrypted, can be true according to the http access requests in the http access requests for receiving client browser transmission Determine the API of client browser requests access, and then client identification is added according to the method name method of the API It is close;Wherein, it is local identical with the encryption rule of client browser, it is ensured that subsequently can according to local session token with receive Session token safeguards data safety.
S360 judges whether local token is identical with session token, if differing, generation error information is sent to client Hold browser;If identical, judge whether session token used within its effective time, if using, generation error information hair Client browser is given, if being not used, the corresponding resource data of http access requests is obtained, is sent to Client browse Device.
On the one hand the present embodiment generates session token by specific encryption rule, realize that client is clear using session token Look at the first order security protection that http is accessed under device/server-side pattern;On the other hand existed by the session token for judging to receive Whether used in its effective time, out-of-date ability is not used only within its effective time and sends the resource data of http request To client browser, the session token is prevented to be reused within its effective time, realize client browser/server-side The second level security protection that http is accessed under pattern, the present embodiment ensure data safety by two-stage Security mechanism, prevent Leaking data or data, which are usurped, to be write.
The present embodiment above-mentioned steps S300~S360 can be performed by server-side server.
In an implementation of the present embodiment, it can judge whether session token used by following methods:
Request is obtained to auxiliary control server transmission reference factor, setting is corresponding to session in auxiliary control server The reference factor of token, reference factor can value be 0 or 1;
Judge whether session token used according to the value of reference factor that auxiliary control server returns, when with reference to because When the value of son is 0, judge that session token was not used, while auxiliary control server is made to update the numerical value of its reference factor It is 1;When the value of reference factor is 1, judge that session token used.
Wherein, auxiliary control server have poll, remove at set time intervals its setting reference because Son, the time interval of auxiliary control server settings are more than the effective time of session token.
This implementation in a new server by setting the corresponding reference factor of session token rather than taking The reference factor is locally located in business end, on the one hand can be ensured that the possibility that reference factor is tampered, and further improves http visits On the other hand the safety asked, can utilize the functions such as new Server Extension time synchronization, cluster, convenient for being answered according to practical It is extended with demand.
Based on above-mentioned implementation, the method in Fig. 3 further includes:Request is obtained to auxiliary control server sending time, Acquisition request auxiliary control server time;It is local according to the auxiliary control server time update that auxiliary control server returns And the time of client browser, realize the local time synchronization with client browser;By to local and Client browse The time unification management of device, convenient for session token being encrypted using timestamp and validation verification.
Illustratively, client browser utilizes the 5th edition MD5 of Message Digest 5 to its client identification, the API accessed Method name method and timestamp encryption, generate local token, also carry unified resource in http access requests at this time Finger URL url and timestamp, server-side is local to determine the corresponding method names of uniform resource locator url according to exploitation document Method encrypts method name method, timestamp and client identification using the 5th edition MD5 of Message Digest 5, and generation is originally Ground token.
After the local token of generation, judge whether local token is identical with session token, if differing, generation error information, It is sent to client browser;If identical, whether further verification time stamp is within effective time, if further judging meeting Whether words token used, if using, generation error information is sent to client browser, if being not used, obtained http The corresponding resource data of access request, is sent to client browser.
Embodiment two
Based on the technical concept identical with embodiment, a kind of http-server is present embodiments provided.
Fig. 4 is the structure diagram of http-server provided in an embodiment of the present invention, as shown in figure 4, the http-server packet It includes:Transmitting element 41, receiving unit 42, encryption unit 43, judging unit 44;
Transmitting element 41, for when foundation is connect with the http of client browser, the encryption predefined to be advised Client browser is then sent to, makes client browser that client identification be encrypted according to encryption rule, generates session Token;
Receiving unit 42 for receiving the http access requests of client browser transmission, carries in http access requests There are client identification and session token;
Encryption unit 43, for according to certain encryption rule in advance to the client identification that is carried in http access requests Encryption generates local token;
Judging unit 44, for judging whether local token is identical with session token, if differing, generation error information, Client browser is sent to by the transmitting element 41;If identical, judge whether session token makes within its effective time Used, if using, generation error information is sent to client browser by transmitting element 41, if being not used, by http The corresponding resource data of access request is sent to by transmitting element 41 to client browser.
In an implementation of the present embodiment, transmitting element 41, for auxiliary control server send refer to because Son obtains request, and corresponding to the reference factor of session token, the reference factor can value for setting in auxiliary control server It is 0 or 1;Whether judging unit 44, the value of reference factor for being returned according to auxiliary control server judge session token It used, and when the value of reference factor is 0, judged that session token was not used, while joined auxiliary control server The numerical value for examining the factor is updated to 1;When the value of reference factor is 1, judge that session token used.
Auxiliary control server in the present embodiment has poll, removes its setting at set time intervals Reference factor, the time interval of auxiliary control server settings are more than the effective time of session token.
Http in Fig. 4 accesses server and further includes time synchronization control unit;Transmitting element 41, for being controlled to auxiliary Server sending time obtains request, acquisition request auxiliary control server time;Time synchronization control unit, for according to auxiliary The time for assisting control server time update local and client browser that control server returns is helped, realizes local and visitor The time synchronization of family end browser.
Uniform resource locator url is also carried in http access requests in the present embodiment;Encryption unit, for basis Exploitation document determines the corresponding method name method of uniform resource locator url, utilizes the 5th edition MD5 pairs of Message Digest 5 Method name method and client identification encryption, generate local token.
The specific working mode of each unit module of apparatus of the present invention embodiment may refer to the embodiment of the present invention one, then It is secondary to repeat no more.
Embodiment three
Based on the identical technical concept of above-described embodiment one or embodiment two, a kind of http systems are present embodiments provided.
Fig. 5 is http system structure diagrams provided in this embodiment, as shown in figure 5, the http systems include:Auxiliary control Server 51 and http-server 52;
Wherein, http-server 52 is the http-server in embodiment two, and details are not described herein;Auxiliary control server In 51 setting corresponding to session token reference factor, reference factor can value be 0 or 1.
Auxiliary control server 51 in the present embodiment has poll, removes its setting at set time intervals Reference factor, the auxiliary control server settings time interval be more than session token effective time.
For the http systems in the present embodiment is made to have clustering functionality, auxiliary control server 51 is Redis servers, this It is Redis servers that embodiment, which can utilize the prior art that will assist control server architecture, and details are not described herein.
It is specific real below by one for control process of the present embodiment http systems to http access requests is described in detail Example is applied to illustrate.In a particular embodiment, http-server is Restful API servers, and auxiliary control server is Redis servers.
Wherein, Restful is a kind of software architecture style, and Restful ApI are a kind of using journey based on http protocol Sequence is accomplished that stateless transmission.The core of Restful is that all API are understood as an Internet resources, by all clients State transfer (action) between end browser and server is encapsulated among the Method of http request.
Fig. 6 is client browser provided in an embodiment of the present invention and http-server time synchronization schematic diagram, such as Fig. 6 institutes Show, client browser is with server-side time synchronization process:
S61:Restful API servers are obtained to Redis servers sending time and are asked, when asking Redis servers Between.
S62:Redis servers receiving time obtains request, and Redis server times are sent to Restful API Server.
S63:Restful API servers receive Redis server times, when the update of Restful API servers is local Between.
At this point, the Redis server times received can also be sent to Client browse by Restful API servers Device makes client browser update local zone time.
It is of course also possible to as shown in fig. 6, client browser updates local zone time by following step S64~S66:
S64:Client browser is directly obtained to Redis servers sending time and is asked, when asking Redis servers Between.
S65:Redis servers are asked according to the time, and Redis server times are sent to client browser.
S66:Client browser receives the Redis server times, and updates client using the Redis server times Hold local zone time.
It is understood that in step S1 and S4 in the present embodiment, Restful API servers and client browser It can obtain and ask to Redis servers sending time on startup, it can also be by poll, according to the time frequency of setting Rate, such as per hour, daily or weekly temporal frequency updates the time of Restful API servers and client browser, makes The two time synchronization.
Fig. 7 is between client browser provided in an embodiment of the present invention, Restful API servers and Redis servers Access control schematic diagram, as shown in fig. 7, triangular access control process is as follows:
S71:Client browser sends http access requests to Restful API servers.
Illustratively, the http access requests that client browser is transmitted to the corresponding interface of Restful API servers In carry client identification appKey, timestamp timestrap, session token session token and accessed should Use interface IP address.
Wherein, session token session token are to client identification appKey, the API accessed using MD5 algorithms Method name method and timestamp timestrap encryption generations;The side of each application interface of Restful API servers Legitimate name is all different;Assuming that the application interface rest/ of Restful API servers can be determined by developing document by reading The method names of v1/user are pasm.api.adduser, then session token=md5 (appKey+timestrap+ pasm.api.adduser)。
S72:Restful API servers receive http access requests, calculate local token token '.
It is still based on above-mentioned it is assumed that Restful API servers are according to the application accessed carried in http access requests Interface IP address (such as address rest/v1/use), the method name method for determining corresponding API are pasm.api.adduser, Then the identical local token token ' of encryption rule generation is utilized.
S73:Restful API servers verification local token token ' and session token session token whether phase Together, when different, step S77 is performed, when identical, whether before the deadline the verification time stabs timestrap, if not, performing Step S77, if performing step S74.
S74:The corresponding reference factors of session token session token are sent to the setting interface of Redis servers to take The inquiry request of value.
S75:Redis servers receive inquiry request, and the corresponding reference factors of session token session token are taken Value is sent to Restful API servers.
S76:Whether Restful API servers judge session token session token according to the reference factor value It used, used, then perform step S77, and otherwise, performed step S78.
It should be noted that Restful API servers judge session token session according to the reference factor value It is out-of-date that token is not used by, and also sends control instruction to Redis servers, controls Redis servers taking the reference factor Value is updated to 1.
Wherein, Redis servers have poll, remove the reference factor of its setting at set time intervals, It is more than the effective time of session token session token between the time of the Redis server settings.
S77:Generation error information, is sent to client browser.
S78:The corresponding resource data of http access requests is obtained, which is sent to client browser
In conclusion an embodiment of the present invention provides a kind of http access methods, http-server and system, by specific Encryption rule generation session token, realize that http is accessed under client browser/server-side pattern using session token the Level-one security protection;And whether the session token by judging to receive used within its effective time, only had at it Out-of-date ability is not used in the effect time, the resource data of http request is sent to client browser, prevent the session token at it It is reused in effective time, realizes the second level security protection that http is accessed under client browser/server-side pattern, this Invention passes through two-stage Security mechanism, it is ensured that data safety prevents leaking data or data from usurping and writing.
The above description is merely a specific embodiment, under the above-mentioned introduction of the present invention, those skilled in the art Other improvement or deformation can be carried out on the basis of above-described embodiment.It will be understood by those skilled in the art that above-mentioned tool The purpose of the present invention is only preferably explained in body description, and protection scope of the present invention should be subject to the protection scope in claims.

Claims (10)

1. a kind of http access methods, which is characterized in that the method includes:
When foundation is connect with the http of client browser, predetermined encryption rule is sent to client browser, Make client browser that client identification be encrypted according to the encryption rule, generate session token;
The http access requests that client browser is sent are received, client identification and meeting are carried in the http access requests Talk about token;
The client identification carried in http access requests is encrypted according to encryption rule certain in advance, generates local token;
Judge whether local token and the session token are identical, if differing, generation error information is sent to Client browse Device;If identical, judge whether the session token used within its effective time, if using, generation error information is sent To client browser, if being not used, the corresponding resource data of the http access requests is obtained, is sent to Client browse Device.
2. according to the method described in claim 1, it is characterized in that, described judge whether the session token used and include:
Reference factor acquisition request is sent to auxiliary control server, setting is corresponding to the meeting in the auxiliary control server Talk about token reference factor, the reference factor can value be 0 or 1;
Judge whether the session token used according to the value of reference factor that auxiliary control server returns, when the ginseng When the value for examining the factor is 0, judge that the session token was not used, while make auxiliary control server by its reference factor Numerical value is updated to 1;When the value of the reference factor is 1, judge that the session token used.
3. according to the method described in claim 2, it is characterized in that, the method further includes:
Request, acquisition request auxiliary control server time are obtained to the auxiliary control server sending time;
It is the auxiliary control server time update local returned according to auxiliary control server and the time of client browser, real The now local time synchronization with client browser.
4. according to the method described in claim 3, determine it is characterized in that, also carrying unified resource in the http access requests Position symbol url and timestamp, basis encryption rule certain in advance add the client identification carried in http access requests It is close including:
The corresponding method name method of the uniform resource locator url are determined according to exploitation document, are calculated using eap-message digest The 5th edition MD5 of method encrypts the method title method, timestamp and client identification, generates local token.
Then after judging that local token is identical with the session token, the method further includes:
According to local zone time, the timestamp is verified whether within effective time, if judging whether the session token uses It crosses, if not existing, generation error information is sent to client browser.
5. a kind of http-server, which is characterized in that including:Transmitting element, receiving unit, encryption unit, judging unit;
Transmitting element, for when foundation is connect with the http of client browser, the encryption rule predefined to be sent To client browser, make client browser that client identification be encrypted according to the encryption rule, generation session enables Board;
Receiving unit for receiving the http access requests of client browser transmission, carries in the http access requests Client identification and session token;
Encryption unit, for being encrypted according to encryption rule certain in advance to the client identification carried in http access requests, The local token of generation;
Judging unit, for judging whether local token is identical with the session token, if differing, generation error information is led to It crosses the transmitting element and is sent to client browser;If identical, judge whether the session token makes within its effective time Used, if using, generation error information is sent to client browser by the transmitting element, if being not used, by institute The corresponding resource data of http access requests is stated to be sent to client browser by the transmitting element.
6. http-server according to claim 5, which is characterized in that the transmitting element, for being taken to auxiliary control Be engaged in device send reference factor obtain request, it is described auxiliary control server in setting corresponding to the session token reference because Son, the reference factor can value be 0 or 1;
The judging unit, the value of reference factor for being returned according to auxiliary control server judge that the session token is It is no to use, when the value of the reference factor is 0, judge that the session token was not used, while make auxiliary control clothes The numerical value of its reference factor is updated to 1 by business device;When the value of the reference factor is 1, judge that the session token uses It crosses.
7. http-server according to claim 6, which is characterized in that further include time synchronization control unit;
The transmitting element, for obtaining request, acquisition request auxiliary control clothes to the auxiliary control server sending time It is engaged in the device time;
The time synchronization control unit, the auxiliary control server time for being returned according to auxiliary control server update this The time on ground and client browser realizes the local time synchronization with client browser.
8. http-server according to claim 7, which is characterized in that unification is also carried in the http access requests Resource localizer url;
The encryption unit, for determining the corresponding method names of the uniform resource locator url according to exploitation document Method encrypts the method title method and client identification using the 5th edition MD5 of Message Digest 5, described in generation Local token.
9. a kind of http systems, which is characterized in that including:Auxiliary control server and claim 5-8 any one of them Http-server, the auxiliary control the reference factor set in server corresponding to the session token, the reference factor Can value be 0 or 1.
10. http systems according to claim 9, which is characterized in that the auxiliary control server is serviced for Redis Device.
CN201611248668.3A 2016-12-29 2016-12-29 HTTP access method, HTTP server and system Active CN108259437B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611248668.3A CN108259437B (en) 2016-12-29 2016-12-29 HTTP access method, HTTP server and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611248668.3A CN108259437B (en) 2016-12-29 2016-12-29 HTTP access method, HTTP server and system

Publications (2)

Publication Number Publication Date
CN108259437A true CN108259437A (en) 2018-07-06
CN108259437B CN108259437B (en) 2021-06-04

Family

ID=62721386

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611248668.3A Active CN108259437B (en) 2016-12-29 2016-12-29 HTTP access method, HTTP server and system

Country Status (1)

Country Link
CN (1) CN108259437B (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108897898A (en) * 2018-07-26 2018-11-27 广东浪潮大数据研究有限公司 A kind of method, system and the server of the access of static website hosted data
CN110493229A (en) * 2019-08-21 2019-11-22 北京奇艺世纪科技有限公司 Service request processing method, apparatus and system
CN110807210A (en) * 2019-11-04 2020-02-18 北京联想协同科技有限公司 Information processing method, platform, system and computer storage medium
CN110839004A (en) * 2018-08-16 2020-02-25 北京京东尚科信息技术有限公司 Method and device for access authentication
CN112261002A (en) * 2020-09-25 2021-01-22 山东浪潮通软信息科技有限公司 Data interface docking method and device
CN112597486A (en) * 2020-12-24 2021-04-02 广东广宇科技发展有限公司 Method for preventing repeated access to Restful API based on Spring
CN112653695A (en) * 2020-12-21 2021-04-13 浪潮卓数大数据产业发展有限公司 Method and system for realizing crawler resistance
CN112804269A (en) * 2021-04-14 2021-05-14 中建电子商务有限责任公司 Method for realizing website interface anti-crawler
CN112823503A (en) * 2018-11-20 2021-05-18 深圳市欢太科技有限公司 Data access method, data access device and mobile terminal
CN113589997A (en) * 2021-09-28 2021-11-02 北京奇虎科技有限公司 To-do data processing method, device, equipment and storage medium
CN113691379A (en) * 2021-10-25 2021-11-23 徐州蜗牛智能科技有限公司 Authentication method and device for big data
CN114499940A (en) * 2021-12-22 2022-05-13 联想(北京)有限公司 Network connection method, device and computer readable medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102378170A (en) * 2010-08-27 2012-03-14 中国移动通信有限公司 Method, device and system of authentication and service calling
CN103037312A (en) * 2011-10-08 2013-04-10 阿里巴巴集团控股有限公司 Message push method and message push device
US20150188902A1 (en) * 2013-12-27 2015-07-02 Avaya Inc. Controlling access to traversal using relays around network address translation (turn) servers using trusted single-use credentials
WO2016188290A1 (en) * 2015-05-27 2016-12-01 阿里巴巴集团控股有限公司 Safety authentication method, device and system for api calling

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102378170A (en) * 2010-08-27 2012-03-14 中国移动通信有限公司 Method, device and system of authentication and service calling
CN103037312A (en) * 2011-10-08 2013-04-10 阿里巴巴集团控股有限公司 Message push method and message push device
US20150188902A1 (en) * 2013-12-27 2015-07-02 Avaya Inc. Controlling access to traversal using relays around network address translation (turn) servers using trusted single-use credentials
WO2016188290A1 (en) * 2015-05-27 2016-12-01 阿里巴巴集团控股有限公司 Safety authentication method, device and system for api calling

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
陈兵等: "《网络案例》", 31 July 2012, 国防工业出版社 *

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108897898A (en) * 2018-07-26 2018-11-27 广东浪潮大数据研究有限公司 A kind of method, system and the server of the access of static website hosted data
CN110839004A (en) * 2018-08-16 2020-02-25 北京京东尚科信息技术有限公司 Method and device for access authentication
CN112823503A (en) * 2018-11-20 2021-05-18 深圳市欢太科技有限公司 Data access method, data access device and mobile terminal
CN112823503B (en) * 2018-11-20 2022-08-16 深圳市欢太科技有限公司 Data access method, data access device and mobile terminal
CN110493229A (en) * 2019-08-21 2019-11-22 北京奇艺世纪科技有限公司 Service request processing method, apparatus and system
CN110807210A (en) * 2019-11-04 2020-02-18 北京联想协同科技有限公司 Information processing method, platform, system and computer storage medium
CN112261002A (en) * 2020-09-25 2021-01-22 山东浪潮通软信息科技有限公司 Data interface docking method and device
CN112261002B (en) * 2020-09-25 2022-11-22 浪潮通用软件有限公司 Data interface docking method and device
CN112653695A (en) * 2020-12-21 2021-04-13 浪潮卓数大数据产业发展有限公司 Method and system for realizing crawler resistance
CN112597486A (en) * 2020-12-24 2021-04-02 广东广宇科技发展有限公司 Method for preventing repeated access to Restful API based on Spring
CN112804269A (en) * 2021-04-14 2021-05-14 中建电子商务有限责任公司 Method for realizing website interface anti-crawler
CN113589997A (en) * 2021-09-28 2021-11-02 北京奇虎科技有限公司 To-do data processing method, device, equipment and storage medium
CN113691379A (en) * 2021-10-25 2021-11-23 徐州蜗牛智能科技有限公司 Authentication method and device for big data
CN113691379B (en) * 2021-10-25 2022-01-18 徐州蜗牛智能科技有限公司 Authentication method and device for big data
CN114499940A (en) * 2021-12-22 2022-05-13 联想(北京)有限公司 Network connection method, device and computer readable medium

Also Published As

Publication number Publication date
CN108259437B (en) 2021-06-04

Similar Documents

Publication Publication Date Title
CN108259437A (en) A kind of http access methods, http-server and system
US20210056541A1 (en) Method and system for mobile cryptocurrency wallet connectivity
CN100534092C (en) Method and system for stepping up to certificate-based authentication without breaking an existing ssl session
CN103220259B (en) The use of Oauth API, call method, equipment and system
US7010582B1 (en) Systems and methods providing interactions between multiple servers and an end use device
JP4628354B2 (en) Communication device and authentication device
JP2020080530A (en) Data processing method, device, terminal, and access point computer
EP1906584B1 (en) Method, system and device for game data transmission
CN105554098A (en) Device configuration method, server and system
CN113285807B (en) Network access authentication method and system for intelligent equipment
CN105072108B (en) Transmission method, the apparatus and system of user information
CN112035822B (en) Multi-application single sign-on method, device, equipment and storage medium
JP2010526507A (en) Secure communication method and system
JP2013138474A (en) Authentication delegation based on re-verification of cryptographic evidence
JP2008511232A (en) Personal token and method for control authentication
CN103685139A (en) Authentication and authorization processing method and device
CN102984045B (en) The cut-in method and Virtual Private Network client of Virtual Private Network
CN111062023B (en) Method and device for realizing single sign-on of multi-application system
US7594107B1 (en) Method and apparatus for updating web certificates
CN112261022A (en) Security authentication method based on API gateway
JP2004023662A (en) Mutual authentication method
JP5495194B2 (en) Account issuing system, account server, service server, and account issuing method
JP2008186338A (en) Account linking system, account linking method, link server device, client device
JP2009118110A (en) Method and system for provisioning meta data of authentication system, its program and recording medium
CN103957189B (en) Application program interaction method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: Room 818, 8 / F, 34 Haidian Street, Haidian District, Beijing 100080

Applicant after: BEIJING ULTRAPOWER SOFTWARE Co.,Ltd.

Address before: 100089 Beijing city Haidian District wanquanzhuang Road No. 28 Wanliu new building 6 storey block A Room 601

Applicant before: BEIJING ULTRAPOWER SOFTWARE Co.,Ltd.

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant