CN108259437A - A kind of http access methods, http-server and system - Google Patents
A kind of http access methods, http-server and system Download PDFInfo
- Publication number
- CN108259437A CN108259437A CN201611248668.3A CN201611248668A CN108259437A CN 108259437 A CN108259437 A CN 108259437A CN 201611248668 A CN201611248668 A CN 201611248668A CN 108259437 A CN108259437 A CN 108259437A
- Authority
- CN
- China
- Prior art keywords
- http
- session token
- client browser
- token
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/108—Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a kind of http access methods, http-server and systems.This method includes:When foundation is connect with the http of client browser, predetermined encryption rule is sent to client browser;Receive the http access requests for carrying client identification and session token that client browser is sent;Local token is generated to the client identification encryption carried in http access requests according to encryption rule certain in advance;It is identical with the session token in local token, and session token is unused out-of-date within its effective time, and the corresponding resource data of http access requests is sent to client browser.The present invention generates session token by specific encryption rule, and whether the session token by judging to receive used within its effective time, the session token is prevented to be reused within its effective time, realize the two-stage security protection that http is accessed under client browser/server-side pattern, it is ensured that data safety.
Description
Technical field
The present invention relates to http access control technologies field, more particularly to a kind of http access methods, http-server and
System.
Background technology
Hypertext transfer protocol (hypertext transfer protocol, http), which has been a kind of specified in more detail, to be browsed
The rule communicated between device and Web server, http agreements are a kind of stateless protocols, therefore there are browser/clothes
Http access requests under business device pattern there is a possibility that unauthorized access.
At present, to improve the safeties of http access requests, usually using API Key mode to http access requests into
Row management, API Key are exactly to distribute a key to client browser by server-side after authenticating user identification.Such as Fig. 1
Shown in Fig. 2:
Client browser is registered to server-side, and server-side registers through the api_ that response is sent to client browser
Key and security_key;
Client browser is according to application identities key assignments api_key, the safe key assignments secrity_key received and originally
The timestamp timestrap and rest uniform resource locator rest_uri of body obtains a Hash using hmacsha256 algorithms
(hash) value sign is sent to server-side in structural map 1;
After server-side receives url requests, first verify that api_key whether there is, if obtaining the api_key's in the presence of if
Security_key then verifies whether timestrap is more than the time restriction set, resets and attacks this prevents part
It hits, after timestrap is verified, server-side utilizes "/rest/v1/interface/eth0 " in url to obtain rest_
Api calculates server-side sign values using the rest_api of acquisition, server-side sign values and client browser is sended over
Sign values verify, and prevent the unauthorized access of unauthorized user, and data is avoided to be tampered or reveal.
But Fig. 1 and the mode shown in Figure 2 using API Key are managed http access requests, have in sign values
It imitates in the time, sign may be reused, and there are the possibility of unauthorized access.
Invention content
In view of the above problems, based on one object of the present invention, the present invention provides a kind of http access methods, http to take
Business device and system, to solve within sign value effective times, sign may be reused, and there are problems that unauthorized access.
In order to achieve the above objectives, the technical proposal of the invention is realized in this way:
On the one hand, the present invention provides a kind of http access methods, this method includes:
When foundation is connect with the http of client browser, predetermined encryption rule is sent to Client browse
Device makes client browser that client identification be encrypted according to the encryption rule, generates session token;
The http access requests that client browser is sent are received, client identification is carried in the http access requests
And session token;
The client identification carried in http access requests is encrypted according to encryption rule certain in advance, generates local enable
Board;
Judge whether local token and the session token are identical, if differing, generation error information is sent to client
Browser;If identical, judge whether session token used within its effective time, if using, generation error information is sent
To client browser, if being not used, the corresponding resource data of http access requests is obtained, is sent to client browser.
On the other hand, the present invention provides a kind of http-server, including:Transmitting element, receiving unit, encryption unit,
Judging unit;
Transmitting element, for the encryption rule that when foundation is connect with the http of client browser, will have been predefined
Client browser is sent to, makes client browser that client identification be encrypted according to the encryption rule, generates meeting
Talk about token;
Receiving unit for receiving the http access requests of client browser transmission, is taken in the http access requests
With client identification and session token;
Encryption unit, for being added according to encryption rule certain in advance to the client identification carried in http access requests
It is close, generate local token;
Judging unit, for judging whether local token is identical with session token, if differing, generation error information is led to
It crosses transmitting element and is sent to client browser;If identical, judge whether session token used within its effective time, if making
Used, generation error information is sent to client browser by transmitting element, if being not used, by http access requests pair
The resource data answered is sent to by transmitting element to client browser.
Another aspect, the present invention provides a kind of http systems, including:Auxiliary control server and above-mentioned http services
Device, auxiliary control server in setting corresponding to session token reference factor, the reference factor can value be 0 or 1.
The advantageous effect of the embodiment of the present invention is:The present invention generates session token by specific encryption rule, utilizes meeting
Talk about the first order security protection that token realizes that http is accessed under client browser/server-side pattern;And by judging to receive
To session token whether used within its effective time, out-of-date ability is not used only within its effective time by http request
Resource data be sent to client browser, the session token is prevented to be reused within its effective time, realize client
The second level security protection that http is accessed under browser/server-side pattern is held, the present invention passes through two-stage Security mechanism, it is ensured that
Data safety prevents leaking data or data from usurping and writing.
Description of the drawings
Fig. 1 is that the client browser of the prior art generates the schematic diagram that url is sent to server-side;
Fig. 2 is that the server-side of the prior art carries out the schematic diagram of sign value verifications;
Fig. 3 is http access methods flow chart provided in an embodiment of the present invention;
Fig. 4 is the structure diagram of http-server provided in an embodiment of the present invention;
Fig. 5 is the structure diagram of http systems provided in an embodiment of the present invention;
Fig. 6 is client browser provided in an embodiment of the present invention and http-server time synchronization schematic diagram;
Fig. 7 is between client browser provided in an embodiment of the present invention, Restful API servers and Redis servers
Access control schematic diagram.
Specific embodiment
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with attached drawing to embodiment party of the present invention
Formula is described in further detail.
For under Browser/Server Mode, within sign value effective times, sign may be reused, and exist illegal
The situation of the possibility of access, whole design idea of the invention are:Client browser and server by utilizing are specifically encrypted
Rule generation session token (session token) carries out state holding using session token, and server is receiving session order
Determine whether the session token used during board, be only not used by out-of-date ability in session token sends money to client browser
Source data, it is ensured that data safety.
Embodiment one
Fig. 3 is http access methods flow chart provided in an embodiment of the present invention, as shown in figure 3, this method includes:
Predetermined encryption rule when foundation is connect with the http of client browser, is sent to client by S300
Browser is held, makes client browser that client identification be encrypted according to encryption rule, generates session token.
Predetermined encryption rule is utilizes each application programming interfaces of server end in the present embodiment
Client identification is encrypted in the method name method of (Application Programming Interface, API),
It replaces and common client identification is encrypted using the ulr of application programming interfaces.
Since the method name method of each API is different from, and is developed and designed by developer, therefore the side of API
The design rule of legitimate name method more freedom and flexibility, disabled user are difficult to obtain, and degree of safety is high.
S320 receives the http access requests that client browser is sent, client mark is carried in http access requests
Knowledge and session token.
The client identification carried in http access requests can unique mark client, convenient for keep client browser/
Connection status between server;And the session token carried in http access requests is to be encrypted according to predetermined encryption rule
Generation.
S340 encrypts the client identification carried in http access requests according to encryption rule certain in advance, generation
Local token.
Due to predetermined encryption rule be using each API of server end method name method to client mark
Knowledge is encrypted, can be true according to the http access requests in the http access requests for receiving client browser transmission
Determine the API of client browser requests access, and then client identification is added according to the method name method of the API
It is close;Wherein, it is local identical with the encryption rule of client browser, it is ensured that subsequently can according to local session token with receive
Session token safeguards data safety.
S360 judges whether local token is identical with session token, if differing, generation error information is sent to client
Hold browser;If identical, judge whether session token used within its effective time, if using, generation error information hair
Client browser is given, if being not used, the corresponding resource data of http access requests is obtained, is sent to Client browse
Device.
On the one hand the present embodiment generates session token by specific encryption rule, realize that client is clear using session token
Look at the first order security protection that http is accessed under device/server-side pattern;On the other hand existed by the session token for judging to receive
Whether used in its effective time, out-of-date ability is not used only within its effective time and sends the resource data of http request
To client browser, the session token is prevented to be reused within its effective time, realize client browser/server-side
The second level security protection that http is accessed under pattern, the present embodiment ensure data safety by two-stage Security mechanism, prevent
Leaking data or data, which are usurped, to be write.
The present embodiment above-mentioned steps S300~S360 can be performed by server-side server.
In an implementation of the present embodiment, it can judge whether session token used by following methods:
Request is obtained to auxiliary control server transmission reference factor, setting is corresponding to session in auxiliary control server
The reference factor of token, reference factor can value be 0 or 1;
Judge whether session token used according to the value of reference factor that auxiliary control server returns, when with reference to because
When the value of son is 0, judge that session token was not used, while auxiliary control server is made to update the numerical value of its reference factor
It is 1;When the value of reference factor is 1, judge that session token used.
Wherein, auxiliary control server have poll, remove at set time intervals its setting reference because
Son, the time interval of auxiliary control server settings are more than the effective time of session token.
This implementation in a new server by setting the corresponding reference factor of session token rather than taking
The reference factor is locally located in business end, on the one hand can be ensured that the possibility that reference factor is tampered, and further improves http visits
On the other hand the safety asked, can utilize the functions such as new Server Extension time synchronization, cluster, convenient for being answered according to practical
It is extended with demand.
Based on above-mentioned implementation, the method in Fig. 3 further includes:Request is obtained to auxiliary control server sending time,
Acquisition request auxiliary control server time;It is local according to the auxiliary control server time update that auxiliary control server returns
And the time of client browser, realize the local time synchronization with client browser;By to local and Client browse
The time unification management of device, convenient for session token being encrypted using timestamp and validation verification.
Illustratively, client browser utilizes the 5th edition MD5 of Message Digest 5 to its client identification, the API accessed
Method name method and timestamp encryption, generate local token, also carry unified resource in http access requests at this time
Finger URL url and timestamp, server-side is local to determine the corresponding method names of uniform resource locator url according to exploitation document
Method encrypts method name method, timestamp and client identification using the 5th edition MD5 of Message Digest 5, and generation is originally
Ground token.
After the local token of generation, judge whether local token is identical with session token, if differing, generation error information,
It is sent to client browser;If identical, whether further verification time stamp is within effective time, if further judging meeting
Whether words token used, if using, generation error information is sent to client browser, if being not used, obtained http
The corresponding resource data of access request, is sent to client browser.
Embodiment two
Based on the technical concept identical with embodiment, a kind of http-server is present embodiments provided.
Fig. 4 is the structure diagram of http-server provided in an embodiment of the present invention, as shown in figure 4, the http-server packet
It includes:Transmitting element 41, receiving unit 42, encryption unit 43, judging unit 44;
Transmitting element 41, for when foundation is connect with the http of client browser, the encryption predefined to be advised
Client browser is then sent to, makes client browser that client identification be encrypted according to encryption rule, generates session
Token;
Receiving unit 42 for receiving the http access requests of client browser transmission, carries in http access requests
There are client identification and session token;
Encryption unit 43, for according to certain encryption rule in advance to the client identification that is carried in http access requests
Encryption generates local token;
Judging unit 44, for judging whether local token is identical with session token, if differing, generation error information,
Client browser is sent to by the transmitting element 41;If identical, judge whether session token makes within its effective time
Used, if using, generation error information is sent to client browser by transmitting element 41, if being not used, by http
The corresponding resource data of access request is sent to by transmitting element 41 to client browser.
In an implementation of the present embodiment, transmitting element 41, for auxiliary control server send refer to because
Son obtains request, and corresponding to the reference factor of session token, the reference factor can value for setting in auxiliary control server
It is 0 or 1;Whether judging unit 44, the value of reference factor for being returned according to auxiliary control server judge session token
It used, and when the value of reference factor is 0, judged that session token was not used, while joined auxiliary control server
The numerical value for examining the factor is updated to 1;When the value of reference factor is 1, judge that session token used.
Auxiliary control server in the present embodiment has poll, removes its setting at set time intervals
Reference factor, the time interval of auxiliary control server settings are more than the effective time of session token.
Http in Fig. 4 accesses server and further includes time synchronization control unit;Transmitting element 41, for being controlled to auxiliary
Server sending time obtains request, acquisition request auxiliary control server time;Time synchronization control unit, for according to auxiliary
The time for assisting control server time update local and client browser that control server returns is helped, realizes local and visitor
The time synchronization of family end browser.
Uniform resource locator url is also carried in http access requests in the present embodiment;Encryption unit, for basis
Exploitation document determines the corresponding method name method of uniform resource locator url, utilizes the 5th edition MD5 pairs of Message Digest 5
Method name method and client identification encryption, generate local token.
The specific working mode of each unit module of apparatus of the present invention embodiment may refer to the embodiment of the present invention one, then
It is secondary to repeat no more.
Embodiment three
Based on the identical technical concept of above-described embodiment one or embodiment two, a kind of http systems are present embodiments provided.
Fig. 5 is http system structure diagrams provided in this embodiment, as shown in figure 5, the http systems include:Auxiliary control
Server 51 and http-server 52;
Wherein, http-server 52 is the http-server in embodiment two, and details are not described herein;Auxiliary control server
In 51 setting corresponding to session token reference factor, reference factor can value be 0 or 1.
Auxiliary control server 51 in the present embodiment has poll, removes its setting at set time intervals
Reference factor, the auxiliary control server settings time interval be more than session token effective time.
For the http systems in the present embodiment is made to have clustering functionality, auxiliary control server 51 is Redis servers, this
It is Redis servers that embodiment, which can utilize the prior art that will assist control server architecture, and details are not described herein.
It is specific real below by one for control process of the present embodiment http systems to http access requests is described in detail
Example is applied to illustrate.In a particular embodiment, http-server is Restful API servers, and auxiliary control server is
Redis servers.
Wherein, Restful is a kind of software architecture style, and Restful ApI are a kind of using journey based on http protocol
Sequence is accomplished that stateless transmission.The core of Restful is that all API are understood as an Internet resources, by all clients
State transfer (action) between end browser and server is encapsulated among the Method of http request.
Fig. 6 is client browser provided in an embodiment of the present invention and http-server time synchronization schematic diagram, such as Fig. 6 institutes
Show, client browser is with server-side time synchronization process:
S61:Restful API servers are obtained to Redis servers sending time and are asked, when asking Redis servers
Between.
S62:Redis servers receiving time obtains request, and Redis server times are sent to Restful API
Server.
S63:Restful API servers receive Redis server times, when the update of Restful API servers is local
Between.
At this point, the Redis server times received can also be sent to Client browse by Restful API servers
Device makes client browser update local zone time.
It is of course also possible to as shown in fig. 6, client browser updates local zone time by following step S64~S66:
S64:Client browser is directly obtained to Redis servers sending time and is asked, when asking Redis servers
Between.
S65:Redis servers are asked according to the time, and Redis server times are sent to client browser.
S66:Client browser receives the Redis server times, and updates client using the Redis server times
Hold local zone time.
It is understood that in step S1 and S4 in the present embodiment, Restful API servers and client browser
It can obtain and ask to Redis servers sending time on startup, it can also be by poll, according to the time frequency of setting
Rate, such as per hour, daily or weekly temporal frequency updates the time of Restful API servers and client browser, makes
The two time synchronization.
Fig. 7 is between client browser provided in an embodiment of the present invention, Restful API servers and Redis servers
Access control schematic diagram, as shown in fig. 7, triangular access control process is as follows:
S71:Client browser sends http access requests to Restful API servers.
Illustratively, the http access requests that client browser is transmitted to the corresponding interface of Restful API servers
In carry client identification appKey, timestamp timestrap, session token session token and accessed should
Use interface IP address.
Wherein, session token session token are to client identification appKey, the API accessed using MD5 algorithms
Method name method and timestamp timestrap encryption generations;The side of each application interface of Restful API servers
Legitimate name is all different;Assuming that the application interface rest/ of Restful API servers can be determined by developing document by reading
The method names of v1/user are pasm.api.adduser, then session token=md5 (appKey+timestrap+
pasm.api.adduser)。
S72:Restful API servers receive http access requests, calculate local token token '.
It is still based on above-mentioned it is assumed that Restful API servers are according to the application accessed carried in http access requests
Interface IP address (such as address rest/v1/use), the method name method for determining corresponding API are pasm.api.adduser,
Then the identical local token token ' of encryption rule generation is utilized.
S73:Restful API servers verification local token token ' and session token session token whether phase
Together, when different, step S77 is performed, when identical, whether before the deadline the verification time stabs timestrap, if not, performing
Step S77, if performing step S74.
S74:The corresponding reference factors of session token session token are sent to the setting interface of Redis servers to take
The inquiry request of value.
S75:Redis servers receive inquiry request, and the corresponding reference factors of session token session token are taken
Value is sent to Restful API servers.
S76:Whether Restful API servers judge session token session token according to the reference factor value
It used, used, then perform step S77, and otherwise, performed step S78.
It should be noted that Restful API servers judge session token session according to the reference factor value
It is out-of-date that token is not used by, and also sends control instruction to Redis servers, controls Redis servers taking the reference factor
Value is updated to 1.
Wherein, Redis servers have poll, remove the reference factor of its setting at set time intervals,
It is more than the effective time of session token session token between the time of the Redis server settings.
S77:Generation error information, is sent to client browser.
S78:The corresponding resource data of http access requests is obtained, which is sent to client browser
In conclusion an embodiment of the present invention provides a kind of http access methods, http-server and system, by specific
Encryption rule generation session token, realize that http is accessed under client browser/server-side pattern using session token the
Level-one security protection;And whether the session token by judging to receive used within its effective time, only had at it
Out-of-date ability is not used in the effect time, the resource data of http request is sent to client browser, prevent the session token at it
It is reused in effective time, realizes the second level security protection that http is accessed under client browser/server-side pattern, this
Invention passes through two-stage Security mechanism, it is ensured that data safety prevents leaking data or data from usurping and writing.
The above description is merely a specific embodiment, under the above-mentioned introduction of the present invention, those skilled in the art
Other improvement or deformation can be carried out on the basis of above-described embodiment.It will be understood by those skilled in the art that above-mentioned tool
The purpose of the present invention is only preferably explained in body description, and protection scope of the present invention should be subject to the protection scope in claims.
Claims (10)
1. a kind of http access methods, which is characterized in that the method includes:
When foundation is connect with the http of client browser, predetermined encryption rule is sent to client browser,
Make client browser that client identification be encrypted according to the encryption rule, generate session token;
The http access requests that client browser is sent are received, client identification and meeting are carried in the http access requests
Talk about token;
The client identification carried in http access requests is encrypted according to encryption rule certain in advance, generates local token;
Judge whether local token and the session token are identical, if differing, generation error information is sent to Client browse
Device;If identical, judge whether the session token used within its effective time, if using, generation error information is sent
To client browser, if being not used, the corresponding resource data of the http access requests is obtained, is sent to Client browse
Device.
2. according to the method described in claim 1, it is characterized in that, described judge whether the session token used and include:
Reference factor acquisition request is sent to auxiliary control server, setting is corresponding to the meeting in the auxiliary control server
Talk about token reference factor, the reference factor can value be 0 or 1;
Judge whether the session token used according to the value of reference factor that auxiliary control server returns, when the ginseng
When the value for examining the factor is 0, judge that the session token was not used, while make auxiliary control server by its reference factor
Numerical value is updated to 1;When the value of the reference factor is 1, judge that the session token used.
3. according to the method described in claim 2, it is characterized in that, the method further includes:
Request, acquisition request auxiliary control server time are obtained to the auxiliary control server sending time;
It is the auxiliary control server time update local returned according to auxiliary control server and the time of client browser, real
The now local time synchronization with client browser.
4. according to the method described in claim 3, determine it is characterized in that, also carrying unified resource in the http access requests
Position symbol url and timestamp, basis encryption rule certain in advance add the client identification carried in http access requests
It is close including:
The corresponding method name method of the uniform resource locator url are determined according to exploitation document, are calculated using eap-message digest
The 5th edition MD5 of method encrypts the method title method, timestamp and client identification, generates local token.
Then after judging that local token is identical with the session token, the method further includes:
According to local zone time, the timestamp is verified whether within effective time, if judging whether the session token uses
It crosses, if not existing, generation error information is sent to client browser.
5. a kind of http-server, which is characterized in that including:Transmitting element, receiving unit, encryption unit, judging unit;
Transmitting element, for when foundation is connect with the http of client browser, the encryption rule predefined to be sent
To client browser, make client browser that client identification be encrypted according to the encryption rule, generation session enables
Board;
Receiving unit for receiving the http access requests of client browser transmission, carries in the http access requests
Client identification and session token;
Encryption unit, for being encrypted according to encryption rule certain in advance to the client identification carried in http access requests,
The local token of generation;
Judging unit, for judging whether local token is identical with the session token, if differing, generation error information is led to
It crosses the transmitting element and is sent to client browser;If identical, judge whether the session token makes within its effective time
Used, if using, generation error information is sent to client browser by the transmitting element, if being not used, by institute
The corresponding resource data of http access requests is stated to be sent to client browser by the transmitting element.
6. http-server according to claim 5, which is characterized in that the transmitting element, for being taken to auxiliary control
Be engaged in device send reference factor obtain request, it is described auxiliary control server in setting corresponding to the session token reference because
Son, the reference factor can value be 0 or 1;
The judging unit, the value of reference factor for being returned according to auxiliary control server judge that the session token is
It is no to use, when the value of the reference factor is 0, judge that the session token was not used, while make auxiliary control clothes
The numerical value of its reference factor is updated to 1 by business device;When the value of the reference factor is 1, judge that the session token uses
It crosses.
7. http-server according to claim 6, which is characterized in that further include time synchronization control unit;
The transmitting element, for obtaining request, acquisition request auxiliary control clothes to the auxiliary control server sending time
It is engaged in the device time;
The time synchronization control unit, the auxiliary control server time for being returned according to auxiliary control server update this
The time on ground and client browser realizes the local time synchronization with client browser.
8. http-server according to claim 7, which is characterized in that unification is also carried in the http access requests
Resource localizer url;
The encryption unit, for determining the corresponding method names of the uniform resource locator url according to exploitation document
Method encrypts the method title method and client identification using the 5th edition MD5 of Message Digest 5, described in generation
Local token.
9. a kind of http systems, which is characterized in that including:Auxiliary control server and claim 5-8 any one of them
Http-server, the auxiliary control the reference factor set in server corresponding to the session token, the reference factor
Can value be 0 or 1.
10. http systems according to claim 9, which is characterized in that the auxiliary control server is serviced for Redis
Device.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611248668.3A CN108259437B (en) | 2016-12-29 | 2016-12-29 | HTTP access method, HTTP server and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611248668.3A CN108259437B (en) | 2016-12-29 | 2016-12-29 | HTTP access method, HTTP server and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108259437A true CN108259437A (en) | 2018-07-06 |
CN108259437B CN108259437B (en) | 2021-06-04 |
Family
ID=62721386
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611248668.3A Active CN108259437B (en) | 2016-12-29 | 2016-12-29 | HTTP access method, HTTP server and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108259437B (en) |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108897898A (en) * | 2018-07-26 | 2018-11-27 | 广东浪潮大数据研究有限公司 | A kind of method, system and the server of the access of static website hosted data |
CN110493229A (en) * | 2019-08-21 | 2019-11-22 | 北京奇艺世纪科技有限公司 | Service request processing method, apparatus and system |
CN110807210A (en) * | 2019-11-04 | 2020-02-18 | 北京联想协同科技有限公司 | Information processing method, platform, system and computer storage medium |
CN110839004A (en) * | 2018-08-16 | 2020-02-25 | 北京京东尚科信息技术有限公司 | Method and device for access authentication |
CN112261002A (en) * | 2020-09-25 | 2021-01-22 | 山东浪潮通软信息科技有限公司 | Data interface docking method and device |
CN112597486A (en) * | 2020-12-24 | 2021-04-02 | 广东广宇科技发展有限公司 | Method for preventing repeated access to Restful API based on Spring |
CN112653695A (en) * | 2020-12-21 | 2021-04-13 | 浪潮卓数大数据产业发展有限公司 | Method and system for realizing crawler resistance |
CN112804269A (en) * | 2021-04-14 | 2021-05-14 | 中建电子商务有限责任公司 | Method for realizing website interface anti-crawler |
CN112823503A (en) * | 2018-11-20 | 2021-05-18 | 深圳市欢太科技有限公司 | Data access method, data access device and mobile terminal |
CN113589997A (en) * | 2021-09-28 | 2021-11-02 | 北京奇虎科技有限公司 | To-do data processing method, device, equipment and storage medium |
CN113691379A (en) * | 2021-10-25 | 2021-11-23 | 徐州蜗牛智能科技有限公司 | Authentication method and device for big data |
CN114499940A (en) * | 2021-12-22 | 2022-05-13 | 联想(北京)有限公司 | Network connection method, device and computer readable medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102378170A (en) * | 2010-08-27 | 2012-03-14 | 中国移动通信有限公司 | Method, device and system of authentication and service calling |
CN103037312A (en) * | 2011-10-08 | 2013-04-10 | 阿里巴巴集团控股有限公司 | Message push method and message push device |
US20150188902A1 (en) * | 2013-12-27 | 2015-07-02 | Avaya Inc. | Controlling access to traversal using relays around network address translation (turn) servers using trusted single-use credentials |
WO2016188290A1 (en) * | 2015-05-27 | 2016-12-01 | 阿里巴巴集团控股有限公司 | Safety authentication method, device and system for api calling |
-
2016
- 2016-12-29 CN CN201611248668.3A patent/CN108259437B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102378170A (en) * | 2010-08-27 | 2012-03-14 | 中国移动通信有限公司 | Method, device and system of authentication and service calling |
CN103037312A (en) * | 2011-10-08 | 2013-04-10 | 阿里巴巴集团控股有限公司 | Message push method and message push device |
US20150188902A1 (en) * | 2013-12-27 | 2015-07-02 | Avaya Inc. | Controlling access to traversal using relays around network address translation (turn) servers using trusted single-use credentials |
WO2016188290A1 (en) * | 2015-05-27 | 2016-12-01 | 阿里巴巴集团控股有限公司 | Safety authentication method, device and system for api calling |
Non-Patent Citations (1)
Title |
---|
陈兵等: "《网络案例》", 31 July 2012, 国防工业出版社 * |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108897898A (en) * | 2018-07-26 | 2018-11-27 | 广东浪潮大数据研究有限公司 | A kind of method, system and the server of the access of static website hosted data |
CN110839004A (en) * | 2018-08-16 | 2020-02-25 | 北京京东尚科信息技术有限公司 | Method and device for access authentication |
CN112823503A (en) * | 2018-11-20 | 2021-05-18 | 深圳市欢太科技有限公司 | Data access method, data access device and mobile terminal |
CN112823503B (en) * | 2018-11-20 | 2022-08-16 | 深圳市欢太科技有限公司 | Data access method, data access device and mobile terminal |
CN110493229A (en) * | 2019-08-21 | 2019-11-22 | 北京奇艺世纪科技有限公司 | Service request processing method, apparatus and system |
CN110807210A (en) * | 2019-11-04 | 2020-02-18 | 北京联想协同科技有限公司 | Information processing method, platform, system and computer storage medium |
CN112261002A (en) * | 2020-09-25 | 2021-01-22 | 山东浪潮通软信息科技有限公司 | Data interface docking method and device |
CN112261002B (en) * | 2020-09-25 | 2022-11-22 | 浪潮通用软件有限公司 | Data interface docking method and device |
CN112653695A (en) * | 2020-12-21 | 2021-04-13 | 浪潮卓数大数据产业发展有限公司 | Method and system for realizing crawler resistance |
CN112597486A (en) * | 2020-12-24 | 2021-04-02 | 广东广宇科技发展有限公司 | Method for preventing repeated access to Restful API based on Spring |
CN112804269A (en) * | 2021-04-14 | 2021-05-14 | 中建电子商务有限责任公司 | Method for realizing website interface anti-crawler |
CN113589997A (en) * | 2021-09-28 | 2021-11-02 | 北京奇虎科技有限公司 | To-do data processing method, device, equipment and storage medium |
CN113691379A (en) * | 2021-10-25 | 2021-11-23 | 徐州蜗牛智能科技有限公司 | Authentication method and device for big data |
CN113691379B (en) * | 2021-10-25 | 2022-01-18 | 徐州蜗牛智能科技有限公司 | Authentication method and device for big data |
CN114499940A (en) * | 2021-12-22 | 2022-05-13 | 联想(北京)有限公司 | Network connection method, device and computer readable medium |
Also Published As
Publication number | Publication date |
---|---|
CN108259437B (en) | 2021-06-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108259437A (en) | A kind of http access methods, http-server and system | |
US20210056541A1 (en) | Method and system for mobile cryptocurrency wallet connectivity | |
CN100534092C (en) | Method and system for stepping up to certificate-based authentication without breaking an existing ssl session | |
CN103220259B (en) | The use of Oauth API, call method, equipment and system | |
US7010582B1 (en) | Systems and methods providing interactions between multiple servers and an end use device | |
JP4628354B2 (en) | Communication device and authentication device | |
JP2020080530A (en) | Data processing method, device, terminal, and access point computer | |
EP1906584B1 (en) | Method, system and device for game data transmission | |
CN105554098A (en) | Device configuration method, server and system | |
CN113285807B (en) | Network access authentication method and system for intelligent equipment | |
CN105072108B (en) | Transmission method, the apparatus and system of user information | |
CN112035822B (en) | Multi-application single sign-on method, device, equipment and storage medium | |
JP2010526507A (en) | Secure communication method and system | |
JP2013138474A (en) | Authentication delegation based on re-verification of cryptographic evidence | |
JP2008511232A (en) | Personal token and method for control authentication | |
CN103685139A (en) | Authentication and authorization processing method and device | |
CN102984045B (en) | The cut-in method and Virtual Private Network client of Virtual Private Network | |
CN111062023B (en) | Method and device for realizing single sign-on of multi-application system | |
US7594107B1 (en) | Method and apparatus for updating web certificates | |
CN112261022A (en) | Security authentication method based on API gateway | |
JP2004023662A (en) | Mutual authentication method | |
JP5495194B2 (en) | Account issuing system, account server, service server, and account issuing method | |
JP2008186338A (en) | Account linking system, account linking method, link server device, client device | |
JP2009118110A (en) | Method and system for provisioning meta data of authentication system, its program and recording medium | |
CN103957189B (en) | Application program interaction method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information |
Address after: Room 818, 8 / F, 34 Haidian Street, Haidian District, Beijing 100080 Applicant after: BEIJING ULTRAPOWER SOFTWARE Co.,Ltd. Address before: 100089 Beijing city Haidian District wanquanzhuang Road No. 28 Wanliu new building 6 storey block A Room 601 Applicant before: BEIJING ULTRAPOWER SOFTWARE Co.,Ltd. |
|
CB02 | Change of applicant information | ||
GR01 | Patent grant | ||
GR01 | Patent grant |