当前位置:网站首页>对API接口或H5接口做签名认证
对API接口或H5接口做签名认证
2022-07-07 05:59:00 【有何不可0307】
参数签名认证
为了防止客户端访问的 API 接口被伪装攻击、数据泄漏等安全风险。通过与服务器端联调实现接口安全的方式,利用 API 接口签名能有效的防范这些安全问题和风险。对接口参数进行签名有如下优点:
保证请求有效性
参数变化会导致签名变化,否则将是一个无效的请求;保证请求合法性
签名算法依赖服务器分发的一对clientKey和secretKey,clientKey能区分出客户端即调用者身份,服务器端能根据secretKey判断出签名是否合法。
Android客户端签名认证的规则之一:
对各参数进行排序,拼接各参数和参数值,然后拼接密钥secretKey,最后进行MD5加密。生成一个参数sign。
实现代码
- 定义参数键值对象
public class NetParameter {
private String key;
private String value;
public NetParameter(String key, String value) {
super();
this.key = key;
this.value = value;
}
public String getKey() {
return key;
}
public String getValue() {
return value;
}
public void setKey(String key) {
this.key = key;
}
public void setValue(String value) {
this.value = value;
}
@Override
public String toString() {
return "NetParameter [key=" + key + ", value=" + value + "]";
}
}
- 签名方法
private String sign(List<NetParameter> list, String secretKey) {
StringBuffer sb = new StringBuffer();
if (list != null) {
Collections.sort(list, new Comparator<NetParameter>() {
@Override
public int compare(NetParameter lhs, NetParameter rhs) {
return lhs.getKey().compareTo(rhs.getKey());
}
});
for (int i = 0, size = list.size(); i < size; i++) {
NetParameter p = list.get(i);
if (p != null) {
sb.append(p.getKey());
sb.append("=");
sb.append(p.getValue());
}
}
}
sb.append(secretKey);
return digest(sb.toString(), "MD5");
}
- 生成公开的Url
private String createUrl() {
StringBuffer sb = new StringBuffer();
sb.append(link);
sb.append("?");
if (list != null) {
int j = -1;
for (int i = 0, size = list.size(); i < size; i++) {
NetParameter net = list.get(i);
if (net != null) {
String key = net.getKey();
String value = net.getValue();
if (key != null && value != null) {
if (j < 0) {
j = i;
}
if (j != i) {
sb.append("&");
}
sb.append(key);
sb.append("=");
sb.append(value);
}
}
}
}
sb.append("&");
sb.append("sign");
sb.append("=");
sb.append(sign(list, getSecretKey()));
String tmp = sb.toString();
tmp = tmp.replace("?&", "?");
return tmp;
}
访问接口
当客户端生成的sign与服务器端验签的sign不一致时,访问不通过,将反馈相关的message:“无效的参数签名”。
http://192.168.1.76:8806/#/card?clientKey=05380b3c3323541917a25b001d394bf8&rand=751d7b3c-a37b-4d8f-b169-96ca2b30f286&machineNo=7700943733234077224&productName=P770&sign=FC6DE7DECCBDDB5D909D7AC0CA589BC3
边栏推荐
- Pvtv2--pyramid vision transformer V2 learning notes
- Learn how to compile basic components of rainbow from the source code
- Using nocalhost to develop microservice application on rainbow
- 如何在HarmonyOS应用中集成App Linking服务
- Rainbow version 5.6 was released, adding a variety of installation methods and optimizing the topology operation experience
- Opencv learning notes 1 -- several methods of reading images
- POJ - 3616 Milking Time(DP+LIS)
- IP地址的类别
- [Yu Yue education] higher vocational English reference materials of Nanjing Polytechnic University
- The field value in Splunk subquery fuzzy matching CSV is*
猜你喜欢
Rsync remote synchronization
Installation and configuration of PLSQL
Train your dataset with swinunet
Rainbow version 5.6 was released, adding a variety of installation methods and optimizing the topology operation experience
Arm GIC (IV) GIC V3 register class analysis notes.
[untitled]
数据分析方法论与前人经验总结2【笔记干货】
Calling the creation engine interface of Huawei game multimedia service returns error code 1002, error message: the params is error
Opencv learning note 3 - image smoothing / denoising
Ebpf cilium practice (2) - underlying network observability
随机推荐
Le système mes est un choix nécessaire pour la production de l'entreprise
How to realize the high temperature alarm of the machine room in the moving ring monitoring system
2-3查找树
MySQL introduction - crud Foundation (establishment of the prototype of the idea of adding, deleting, changing and searching)
DeiT学习笔记
Teach you how to select PCB board by hand (II)
GFS distributed file system
一种适用于应用频繁测试下快速查看Pod的日志的方法(grep awk xargs kuberctl)
Deit learning notes
Exercise arrangement 2.10, 11
MES系統,是企業生產的必要選擇
如何在图片的目标中添加目标的mask
Open3d ISS key points
go写一个在一定时间内运行的程序
National standard gb28181 protocol video platform easygbs adds streaming timeout configuration
Pvtv2--pyramid vision transformer V2 learning notes
MES系统,是企业生产的必要选择
使用AGC重签名服务前后渠道号信息异常分析
Installation and configuration of PLSQL
POJ - 3784 running medium