CN108259437B - HTTP access method, HTTP server and system - Google Patents
HTTP access method, HTTP server and system Download PDFInfo
- Publication number
- CN108259437B CN108259437B CN201611248668.3A CN201611248668A CN108259437B CN 108259437 B CN108259437 B CN 108259437B CN 201611248668 A CN201611248668 A CN 201611248668A CN 108259437 B CN108259437 B CN 108259437B
- Authority
- CN
- China
- Prior art keywords
- session token
- client browser
- http
- token
- sending
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/108—Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
Abstract
The invention discloses an http access method, an http server and an http system. The method comprises the following steps: when http connection with a client browser is established, sending a predetermined encryption rule to the client browser; receiving an http access request which is sent by a client browser and carries a client identifier and a session token; encrypting the client identifier carried in the http access request according to a predetermined and actual encryption rule to generate a local token; and when the local token is the same as the session token and the session token is not used in the valid time of the local token, sending the resource data corresponding to the http access request to the client browser. The invention generates the session token through a specific encryption rule, prevents the session token from being repeatedly used in the valid time by judging whether the received session token is used in the valid time, realizes two-stage safety protection of http access in a client browser/server mode, and ensures data safety.
Description
Technical Field
The invention relates to the technical field of http access control, in particular to an http access method, an http server and an http system.
Background
The hypertext transfer protocol (http) is a rule that specifies the communication between the browser and the web server in detail, and the http protocol is a stateless protocol, so that there is a possibility that an http access request in the browser/server mode has an illegal access.
At present, in order to improve the security of an http access request, an API Key is generally used to manage the http access request, and the API Key is a Key that is allocated to a client browser by a server after user identity authentication. As shown in fig. 1 and 2:
the client browser registers to the server, and the server registers api _ key and security _ key which send responses to the client browser;
the client browser obtains a hash (hash) value sign by adopting a hmacs ha256 algorithm according to the received application identification key value api _ key, the security key value security _ key, the timestamp of the client browser and the rest uniform resource locator rest _ uri, and constructs the hash in the graph 1 to be sent to the server;
after the server receives the url request, whether the api _ key exists is firstly verified, if yes, security _ key of the api _ key is obtained, then whether the timestamp exceeds the set time limit is verified, so that partial replay attack is prevented, after the timestamp verification is passed, the server obtains the rest _ api by using "/rest/v 1/interface/eth 0" in the url, calculates a sign value of the server by using the obtained rest _ api, verifies the sign value of the server with the sign value sent by the client browser, prevents unauthorized users from illegally accessing, and avoids data from being tampered or leaked.
However, the http access request is managed by using the API Key shown in fig. 1 and fig. 2, and within the validity time of the sign value, the sign can be reused, so that there is a possibility of illegal access.
Disclosure of Invention
In view of the above problems, the present invention provides an http access method, an http server and a system based on an object of the present invention, so as to solve the problem that sign can be reused and illegal access exists within the validity time of the sign value.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
in one aspect, the present invention provides an http access method, including:
when http connection with a client browser is established, sending a predetermined encryption rule to the client browser, so that the client browser encrypts a client identifier according to the encryption rule to generate a session token;
receiving an http access request sent by a client browser, wherein the http access request carries a client identifier and a session token;
encrypting the client identifier carried in the http access request according to a predetermined and actual encryption rule to generate a local token;
judging whether the local token is the same as the session token or not, if not, generating error information and sending the error information to the client browser; and if the session token is the same as the client browser, judging whether the session token is used within the valid time, if so, generating error information and sending the error information to the client browser, and if not, acquiring resource data corresponding to the http access request and sending the resource data to the client browser.
In another aspect, the present invention provides an http server, including: the device comprises a sending unit, a receiving unit, an encryption unit and a judging unit;
the sending unit is used for sending a predetermined encryption rule to the client browser when http connection with the client browser is established, so that the client browser encrypts a client identifier according to the encryption rule to generate a session token;
the receiving unit is used for receiving an http access request sent by a client browser, wherein the http access request carries a client identifier and a session token;
the encryption unit is used for encrypting the client identifier carried in the http access request according to a predetermined and actual encryption rule to generate a local token;
the judging unit is used for judging whether the local token is the same as the session token or not, generating error information if the local token is not the same as the session token, and sending the error information to the client browser through the sending unit; and if the session token is the same as the client browser, judging whether the session token is used within the valid time, if so, generating error information, and sending the error information to the client browser through a sending unit, and if not, sending resource data corresponding to the http access request to the client browser through the sending unit.
In yet another aspect, the present invention provides an http system, comprising: the auxiliary control server and the http server, wherein a reference factor corresponding to the session token is set in the auxiliary control server, and the reference factor may take a value of 0 or 1.
The embodiment of the invention has the beneficial effects that: the method generates a session token through a specific encryption rule, and realizes first-level security protection of http access in a client browser/server mode by using the session token; and sending the resource data of the http request to the client browser only when the received session token is not used within the valid time by judging whether the received session token is used within the valid time, so as to prevent the session token from being repeatedly used within the valid time, and realize the second-level security protection of http access under the mode of the client browser/server.
Drawings
FIG. 1 is a diagram illustrating a client browser generating url sent to a server in the prior art;
FIG. 2 is a diagram illustrating sign value verification performed by a server according to the prior art;
FIG. 3 is a flowchart of an http access method provided by an embodiment of the present invention;
fig. 4 is a block diagram of an http server according to an embodiment of the present invention;
fig. 5 is a block diagram of an http system according to an embodiment of the present invention;
fig. 6 is a schematic diagram of time synchronization between a client browser and an http server according to an embodiment of the present invention;
fig. 7 is a schematic view of access control among a client browser, a Restful API server, and a Redis server according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail with reference to the accompanying drawings.
Aiming at the situation that sign can be repeatedly used and has the possibility of illegal access in the valid time of the sign value in a browser/server mode, the overall design idea of the invention is as follows: the client browser and the server generate a session token (session token) by using a specific encryption rule, the state is maintained by using the session token, the server determines whether the session token is used or not when receiving the session token, and resource data are sent to the client browser only when the session token is not used, so that the data security is ensured.
Example one
Fig. 3 is a flowchart of an http access method provided in an embodiment of the present invention, and as shown in fig. 3, the method includes:
s300, when http connection with the client browser is established, a predetermined encryption rule is sent to the client browser, so that the client browser encrypts the client identifier according to the encryption rule to generate a session token.
In this embodiment, the predetermined encryption rule is to encrypt the client identifier by using a method name method of each Application Programming Interface (API) of the server, instead of encrypting the client identifier by using ulr of the API in common use.
Because the method name of each API is different and is developed and designed by developers, the design rule of the method name of the API is free and flexible, and is difficult to obtain by illegal users, and the safety degree is high.
And S320, receiving an http access request sent by the client browser, wherein the http access request carries a client identifier and a session token.
The client identification carried in the http access request can uniquely identify the client, so that the connection state between the client browser and the server can be maintained conveniently; and the session token carried in the http access request is generated by encryption according to a predetermined encryption rule.
And S340, encrypting the client identifier carried in the http access request according to a predetermined encryption rule to generate a local token.
Because the predetermined encryption rule is to encrypt the client identifier by using the method name method of each API of the server, when receiving an http access request sent by a client browser, the API which the client browser requests to access can be determined according to the http access request, and then the client identifier is encrypted according to the method name method of the API; the encryption rules of the local browser and the client browser are the same, and data security can be guaranteed to be maintained according to the local session token and the received session token.
S360, judging whether the local token is the same as the session token or not, if not, generating error information and sending the error information to the client browser; and if the session token is the same as the client browser, judging whether the session token is used within the valid time, if so, generating error information and sending the error information to the client browser, and if not, acquiring resource data corresponding to the http access request and sending the resource data to the client browser.
On one hand, the embodiment generates a session token through a specific encryption rule, and realizes the first-level security protection of http access in a client browser/server mode by using the session token; on the other hand, by judging whether the received session token is used within the valid time of the session token and sending the resource data requested by the http to the client browser only when the received session token is not used within the valid time of the session token, the session token is prevented from being repeatedly used within the valid time of the session token, and second-level security protection of http access under a client browser/server mode is realized.
In this embodiment, the steps S300 to S360 may be executed by the server.
In one implementation of this embodiment, whether the session token is used can be determined by the following method:
sending a reference factor acquisition request to an auxiliary control server, wherein the auxiliary control server is provided with a reference factor corresponding to the session token, and the reference factor can take the value of 0 or 1;
judging whether the session token is used or not according to the value of the reference factor returned by the auxiliary control server, judging that the session token is not used when the value of the reference factor is 0, and simultaneously updating the value of the reference factor to 1 by the auxiliary control server; and when the value of the reference factor is 1, judging that the session token is used.
The auxiliary control server has a polling function, and clears the set reference factor according to a set time interval, wherein the time interval set by the auxiliary control server is greater than the valid time of the session token.
According to the implementation scheme, the reference factor corresponding to the session token is set in a new server instead of locally setting the reference factor at the server, so that on one hand, the possibility of tampering the reference factor can be ensured, the safety of http access is further improved, on the other hand, the functions of time synchronization, clustering and the like can be expanded by using the new server, and the expansion can be conveniently carried out according to the actual application requirements.
Based on the above implementation, the method in fig. 3 further includes: sending a time acquisition request to an auxiliary control server to request acquisition of the time of the auxiliary control server; updating the time of the local browser and the time of the client browser according to the time of the auxiliary control server returned by the auxiliary control server, and realizing the time synchronization of the local browser and the client browser; by uniformly managing the time of the local browser and the client browser, the session token can be conveniently encrypted and validated by using the timestamp.
Illustratively, the client browser encrypts the client identifier, the method name, the timestamp, and the timestamp of the accessed API by using a message digest algorithm version 5 MD5 to generate a local token, at this time, the http access request also carries a uniform resource locator url and a timestamp, the server locally determines the method name, the timestamp, and the client identifier corresponding to the uniform resource locator url according to the development document, and encrypts the method name, the timestamp, and the client identifier by using a message digest algorithm version 5 MD5 to generate the local token.
After the local token is generated, judging whether the local token is the same as the session token or not, if not, generating error information and sending the error information to the client browser; and if the two types of the session tokens are the same, further verifying whether the timestamp is within the valid time, if so, further judging whether the session token is used, if so, generating error information and sending the error information to a client browser, and if not, acquiring resource data corresponding to the http access request and sending the resource data to the client browser.
Example two
Based on the same technical concept as the embodiment, the embodiment provides an http server.
Fig. 4 is a block diagram of a structure of an http server according to an embodiment of the present invention, and as shown in fig. 4, the http server includes: a transmitting unit 41, a receiving unit 42, an encrypting unit 43, and a judging unit 44;
a sending unit 41, configured to send a predetermined encryption rule to the client browser when establishing an http connection with the client browser, so that the client browser encrypts the client identifier according to the encryption rule to generate a session token;
the receiving unit 42 is configured to receive an http access request sent by a client browser, where the http access request carries a client identifier and a session token;
the encryption unit 43 is configured to encrypt the client identifier carried in the http access request according to a predetermined encryption rule to generate a local token;
a determining unit 44, configured to determine whether the local token is the same as the session token, and if the local token is not the same as the session token, generate an error message, and send the error message to the client browser through the sending unit 41; if the http access request is the same as the http access request, judging whether the session token is used within the valid time of the session token, if the session token is used, generating error information, and sending the error information to the client browser through the sending unit 41, and if the session token is not used, sending resource data corresponding to the http access request to the client browser through the sending unit 41.
In an implementation of this embodiment, the sending unit 41 is configured to send a reference factor obtaining request to an auxiliary control server, where a reference factor corresponding to the session token is set in the auxiliary control server, and the reference factor may be 0 or 1; the judging unit 44 is configured to judge whether the session token is used according to a value of a reference factor returned by the auxiliary control server, judge that the session token is not used when the value of the reference factor is 0, and update the value of the reference factor to 1 by the auxiliary control server; and when the value of the reference factor is 1, judging that the session token is used.
The secondary control server in this embodiment has a polling function, and clears the reference factor set by the secondary control server according to a set time interval, where the set time interval is greater than the valid time of the session token.
The http access server in fig. 4 further comprises a time synchronization control unit; a sending unit 41, configured to send a time obtaining request to the auxiliary control server, requesting to obtain the auxiliary control server time; and the time synchronization control unit is used for updating the time of the local browser and the time of the client browser according to the time of the auxiliary control server returned by the auxiliary control server, so as to realize the time synchronization of the local browser and the client browser.
The http access request in this embodiment also carries a uniform resource locator url; and the encryption unit is used for determining a method name method corresponding to the uniform resource locator url according to the development document, and encrypting the method name method and the client identifier by using the message digest algorithm version 5 MD5 to generate the local token.
The specific working modes of the unit modules in the embodiment of the device of the present invention can be referred to in the first embodiment of the present invention, and are not described again.
EXAMPLE III
Based on the same technical concept as that of the first embodiment or the second embodiment, the present embodiment provides an http system.
Fig. 5 is a structural block diagram of the http system provided in this embodiment, and as shown in fig. 5, the http system includes: an auxiliary control server 51 and an http server 52;
the http server 52 is the http server in the second embodiment, and is not described herein again; a reference factor corresponding to the session token is set in the supplementary control server 51, and the reference factor may take a value of 0 or 1.
The secondary control server 51 in this embodiment has a polling function, and clears the reference factor set by the secondary control server according to a set time interval, where the set time interval is greater than the valid time of the session token.
In order to make the http system in this embodiment have a clustering function, the auxiliary control server 51 is a Redis server, and this embodiment may use the prior art to configure the auxiliary control server as a Redis server, which is not described herein again.
To describe the control process of the http system to the http access request in detail, a specific embodiment is described below. In a specific embodiment, the http server is a Restful API server, and the auxiliary control server is a Redis server.
Restful is a software architecture style, Restful ApI is an application based on HTTP protocol, and stateless transmission is implemented. At the core of Restful, all APIs are understood as a network resource, and state transitions (actions) between all client browsers and servers are encapsulated in the Method of http request.
Fig. 6 is a schematic diagram of time synchronization between a client browser and an http server according to an embodiment of the present invention, and as shown in fig. 6, a time synchronization process between the client browser and a server is as follows:
s61: the Restful API server sends a time acquisition request to the Redis server requesting the Redis server time.
S62: the Redis server receives the time acquisition request and sends the Redis server time to the Restful API server.
S63: the Restful API server receives the Redis server time and the Restful API server updates the local time.
At this time, the Restful API server may also send the received Redis server time to the client browser, so that the client browser updates the local time.
Of course, as shown in FIG. 6, the client browser may update the local time through the following steps S64-S66:
s64: the client browser directly sends a time acquisition request to the Redis server to request the time of the Redis server.
S65: and the Redis server sends the time of the Redis server to the client browser according to the time request.
S66: the client browser receives the Redis server time and updates the client local time with the Redis server time.
It is understood that, in steps S1 and S4 in this embodiment, the Restful API server and the client browser may send a time obtaining request to the Redis server at the time of starting, or update the times of the Restful API server and the client browser according to a set time frequency, such as an hourly time frequency, a daily time frequency, or a weekly time frequency, by using a polling function, so that the two times are synchronized.
Fig. 7 is a schematic view of access control among a client browser, a Restful API server, and a Redis server according to an embodiment of the present invention, where as shown in fig. 7, an access control process among the three is as follows:
s71: the client browser sends an http access request to the Restful API server.
Illustratively, the http access request transmitted by the client browser to the corresponding interface of the Restful API server carries the client identifier appKey, the timestamp, the session token, and the accessed application interface address.
The session token is generated by encrypting the client identifier appKey, the method name of the accessed API and the timestamp by using an MD5 algorithm; the method name of each application interface of the Restful API server is different; assuming that the method name of the application interface rest/v1/user of the Restful API server can be determined to be pam.api.adduser by reading the development document, the session token is md5(appKey + timekeeping + pam.api.adduser).
S72: the Restful API server receives the http access request and computes a local token.
Still based on the above assumption, the Restful API server determines that the method name method of the corresponding API is past.api.adducer according to the accessed application interface address (such as the address rest/v1/use) carried in the http access request, and then generates the local token' using the same encryption rule.
S73: the Restful API server checks whether the local token 'and the session token are the same and different, then step S77 is performed, and when the local token' and the session token are the same, it verifies whether the timestamp is within the validity period, if not, step S77 is performed, and if so, step S74 is performed.
S74: and sending a query request of a reference factor value corresponding to the session token to a setting interface of the Redis server.
S75: and the Redis server receives the query request and sends the reference factor value corresponding to the session token to the Restful API server.
S76: and the Restful API server judges whether the session token is used or not according to the reference factor value, if so, executing the step S77, otherwise, executing the step S78.
It should be noted that, the Restful API server determines that the session token is not used by the session token according to the reference factor value, and also sends a control instruction to the Redis server to control the Redis server to update the reference factor value to 1.
The Redis server has a polling function, reference factors set by the Redis server are cleared according to a set time interval, and the time set by the Redis server is longer than the effective time of the session token.
S77: and generating error information and sending the error information to the client browser.
S78: acquiring resource data corresponding to the http access request, and sending the resource data to the client browser
In summary, embodiments of the present invention provide an http access method, an http server, and a system, where a session token is generated according to a specific encryption rule, and a first-level security protection of http access in a client browser/server mode is implemented by using the session token; and sending the resource data of the http request to the client browser only when the received session token is not used within the valid time by judging whether the received session token is used within the valid time, so as to prevent the session token from being repeatedly used within the valid time, and realize the second-level security protection of http access under the mode of the client browser/server.
While the foregoing is directed to embodiments of the present invention, other modifications and variations of the present invention may be devised by those skilled in the art in light of the above teachings. It should be understood by those skilled in the art that the foregoing detailed description is for the purpose of better explaining the present invention, and the scope of the present invention should be determined by the scope of the appended claims.
Claims (4)
1. An http access method, the method comprising:
when http connection with a client browser is established, sending a predetermined encryption rule to the client browser, so that the client browser encrypts a client identifier according to the encryption rule to generate a session token;
receiving an http access request sent by a client browser, wherein the http access request carries a client identifier and a session token;
encrypting the client identifier carried in the http access request according to a predetermined encryption rule to generate a local token;
judging whether the local token is the same as the session token or not, if not, generating error information and sending the error information to the client browser; if the session token is the same as the http access request, judging whether the session token is used within the valid time of the session token, if the session token is used, generating error information and sending the error information to a client browser, and if the session token is not used, acquiring resource data corresponding to the http access request and sending the resource data to the client browser;
the determining whether the session token is used comprises:
sending a reference factor acquisition request to an auxiliary control server, wherein a reference factor corresponding to the session token is set in the auxiliary control server, and the reference factor can take the value of 0 or 1;
judging whether the session token is used or not according to the value of a reference factor returned by the auxiliary control server, judging that the session token is not used when the value of the reference factor is 0, and simultaneously updating the value of the reference factor to 1 by the auxiliary control server; when the value of the reference factor is 1, judging that the session token is used;
the method further comprises the following steps:
sending a time acquisition request to the auxiliary control server to request acquisition of the time of the auxiliary control server;
updating the time of the local browser and the time of the client browser according to the time of the auxiliary control server returned by the auxiliary control server, and realizing the time synchronization of the local browser and the client browser;
the http access request also carries a uniform resource locator url and a timestamp, and the encrypting the client identifier carried in the http access request according to the predetermined encryption rule includes:
determining a method name method corresponding to the uniform resource locator url according to the development document, and encrypting the method name method, a timestamp and a client identifier by using a message digest algorithm version 5 MD5 to generate a local token;
after determining that the local token is the same as the session token, the method further includes:
and verifying whether the timestamp is within the valid time according to the local time, if so, judging whether the session token is used, and if not, generating error information and sending the error information to the client browser.
2. An http server, comprising: the device comprises a sending unit, a receiving unit, an encryption unit and a judging unit;
the sending unit is used for sending a predetermined encryption rule to the client browser when http connection with the client browser is established, so that the client browser encrypts a client identifier according to the encryption rule to generate a session token;
the receiving unit is used for receiving an http access request sent by a client browser, wherein the http access request carries a client identifier and a session token;
the encryption unit is used for encrypting the client identifier carried in the http access request according to a predetermined encryption rule to generate a local token;
the judging unit is used for judging whether the local token is the same as the session token or not, generating error information if the local token is not the same as the session token, and sending the error information to the client browser through the sending unit; if the session token is the same as the http access request, judging whether the session token is used within the valid time of the session token, if the session token is used, generating error information, and sending the error information to a client browser through the sending unit, and if the session token is not used, sending resource data corresponding to the http access request to the client browser through the sending unit;
the sending unit is configured to send a reference factor acquisition request to an auxiliary control server, where a reference factor corresponding to the session token is set in the auxiliary control server, and a value of the reference factor may be 0 or 1;
the judging unit is used for judging whether the session token is used or not according to the value of the reference factor returned by the auxiliary control server, judging that the session token is not used when the value of the reference factor is 0, and simultaneously updating the value of the reference factor to 1 by the auxiliary control server; when the value of the reference factor is 1, judging that the session token is used;
the device also comprises a time synchronization control unit;
the sending unit is used for sending a time obtaining request to the auxiliary control server to request to obtain the time of the auxiliary control server;
the time synchronization control unit is used for updating the time of the local browser and the time of the client browser according to the time of the auxiliary control server returned by the auxiliary control server, so as to realize the time synchronization of the local browser and the client browser;
the http access request also carries a uniform resource locator url;
the encryption unit is used for determining a method name method corresponding to the uniform resource locator url according to a development document, encrypting the method name method and a client identifier by using a message digest algorithm version 5 MD5, and generating the local token;
and the judging unit is used for verifying whether the timestamp is within the valid time according to the local time, judging whether the session token is used if the timestamp is within the valid time, generating error information if the session token is not used, and sending the error information to the client browser.
3. An http system, comprising: an auxiliary control server and the http server of claim 2, wherein a reference factor corresponding to the session token is set in the auxiliary control server, and the reference factor may take a value of 0 or 1.
4. The http system of claim 3, wherein the secondary control server is a Redis server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611248668.3A CN108259437B (en) | 2016-12-29 | 2016-12-29 | HTTP access method, HTTP server and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611248668.3A CN108259437B (en) | 2016-12-29 | 2016-12-29 | HTTP access method, HTTP server and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108259437A CN108259437A (en) | 2018-07-06 |
| CN108259437B true CN108259437B (en) | 2021-06-04 |
Family
ID=62721386
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611248668.3A Active CN108259437B (en) | 2016-12-29 | 2016-12-29 | HTTP access method, HTTP server and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108259437B (en) |
Families Citing this family (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108897898A (en) * | 2018-07-26 | 2018-11-27 | 广东浪潮大数据研究有限公司 | A kind of method, system and the server of the access of static website hosted data |
| CN110839004A (en) * | 2018-08-16 | 2020-02-25 | 北京京东尚科信息技术有限公司 | Method and device for access authentication |
| WO2020102974A1 (en) * | 2018-11-20 | 2020-05-28 | 深圳市欢太科技有限公司 | Data access method, data access apparatus, and mobile terminal |
| CN110493229B (en) * | 2019-08-21 | 2022-02-01 | 北京奇艺世纪科技有限公司 | Service request processing method, device and system |
| CN110807210B (en) * | 2019-11-04 | 2022-07-15 | 北京联想协同科技有限公司 | Information processing method, platform, system and computer storage medium |
| CN112261002B (en) * | 2020-09-25 | 2022-11-22 | 浪潮通用软件有限公司 | Data interface docking method and device |
| CN112653695A (en) * | 2020-12-21 | 2021-04-13 | 浪潮卓数大数据产业发展有限公司 | Method and system for realizing crawler resistance |
| CN112597486A (en) * | 2020-12-24 | 2021-04-02 | 广东广宇科技发展有限公司 | Method for preventing repeated access to Restful API based on Spring |
| CN112804269B (en) * | 2021-04-14 | 2021-07-06 | 中建电子商务有限责任公司 | Method for realizing website interface anti-crawler |
| CN113589997A (en) * | 2021-09-28 | 2021-11-02 | 北京奇虎科技有限公司 | To-do data processing method, device, equipment and storage medium |
| CN113691379B (en) * | 2021-10-25 | 2022-01-18 | 徐州蜗牛智能科技有限公司 | Authentication method and device for big data |
| CN114499940A (en) * | 2021-12-22 | 2022-05-13 | 联想(北京)有限公司 | Network connection method, device and computer readable medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102378170A (en) * | 2010-08-27 | 2012-03-14 | 中国移动通信有限公司 | Method, device and system of authentication and service calling |
| CN103037312A (en) * | 2011-10-08 | 2013-04-10 | 阿里巴巴集团控股有限公司 | Message push method and message push device |
| WO2016188290A1 (en) * | 2015-05-27 | 2016-12-01 | 阿里巴巴集团控股有限公司 | Safety authentication method, device and system for api calling |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10129243B2 (en) * | 2013-12-27 | 2018-11-13 | Avaya Inc. | Controlling access to traversal using relays around network address translation (TURN) servers using trusted single-use credentials |
-
2016
- 2016-12-29 CN CN201611248668.3A patent/CN108259437B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102378170A (en) * | 2010-08-27 | 2012-03-14 | 中国移动通信有限公司 | Method, device and system of authentication and service calling |
| CN103037312A (en) * | 2011-10-08 | 2013-04-10 | 阿里巴巴集团控股有限公司 | Message push method and message push device |
| WO2016188290A1 (en) * | 2015-05-27 | 2016-12-01 | 阿里巴巴集团控股有限公司 | Safety authentication method, device and system for api calling |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108259437A (en) | 2018-07-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108259437B (en) | HTTP access method, HTTP server and system | |
| CN107483509B (en) | A kind of auth method, server and readable storage medium storing program for executing | |
| CN106341429B (en) | A kind of authentication method for protecting server data safety | |
| CN101860540B (en) | Method and device for identifying legality of website service | |
| CN110225050B (en) | JWT token management method | |
| CN114900338B (en) | Encryption and decryption method, device, equipment and medium | |
| JP2005102163A (en) | Equipment authentication system, server, method and program, terminal and storage medium | |
| CN105554098A (en) | Device configuration method, server and system | |
| TW200402981A (en) | Methods for remotely changing a communications password | |
| CN108322416B (en) | Security authentication implementation method, device and system | |
| CN111970109B (en) | Data transmission method and system | |
| EP3544226A1 (en) | Unified secure device provisioning | |
| CN112887282A (en) | Identity authentication method, device and system and electronic equipment | |
| CN113536284A (en) | Method, device, equipment and storage medium for verifying digital certificate | |
| CN111510442A (en) | User verification method and device, electronic equipment and storage medium | |
| CN108924161A (en) | A kind of encrypted transaction data communication means and system | |
| CN113312576A (en) | Page jump method, system and device | |
| CN110807210B (en) | Information processing method, platform, system and computer storage medium | |
| CN115473655B (en) | Terminal authentication method, device and storage medium for access network | |
| CN116599719A (en) | User login authentication method, device, equipment and storage medium | |
| CN112738005A (en) | Access processing method, device, system, first authentication server and storage medium | |
| CN116055172A (en) | Equipment authentication method, system, electronic equipment and storage medium | |
| CN116233832A (en) | Verification information sending method and device | |
| KR100892609B1 (en) | System and method for secure communication, and a medium having computer readable program executing the method | |
| KR100901279B1 (en) | Wire/Wireless Network Access Authentication Method using Challenge Message based on CHAP and System thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: Room 818, 8 / F, 34 Haidian Street, Haidian District, Beijing 100080 Applicant after: BEIJING ULTRAPOWER SOFTWARE Co.,Ltd. Address before: 100089 Beijing city Haidian District wanquanzhuang Road No. 28 Wanliu new building 6 storey block A Room 601 Applicant before: BEIJING ULTRAPOWER SOFTWARE Co.,Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |