Almost all colleagues small brother help me pave the way, to my reference link, the realization of the theoretical method and knowledge, I only see the information, Knock code, error is also he helped me look at a step-by-step explanation to fix over. Well, a good one.
OK, Idea:
is to generate a random number placed in the URL, as a parameter pass, in the business request controller to verify that the nonce is consistent with the cache, and add a timestamp of the properties, so that the URL can be set for a period of time, the link is invalid after a period of time click.
Start:
1: Using SecureRandom to generate random number nonce
ImportJava.security.SecureRandom; String nonce=NULL; SecureRandom Random=NULL; Try{Random= Securerandom.getinstance ("Sha1prng"); System.out.println ("SecureRandom random init:" +random); } Catch(nosuchalgorithmexception E1) {//TODO auto-generated Catch blockE1.printstacktrace (); } byte[] values =New byte[20]; Random.nextbytes (values); Nonce= String.valueof (Random.nextlong ());
2: Customize a class to build an object that holds timestamps, Nonce,openid. After the build, put it in a cache, the guava cache is stored.
If you simply use the guava cache as a substitute for hashmap or concurrenthashmap, instead of using the Load method, insert it manually, and you can:
Java code
public static final cache<string, object> Cache = Cachebuilder.newbuilder (). Expireafterwrite (10, timeunit.minutes). build ();
Be careful not to use the Loadingcache.
Find:
Cache.getifpresent ("xx");
Insert:
Cache.put ("xx", "xxx");
3: Get the data inside the cache to compare the tests.
Privateboolean checktimeout (String openid,string nonce) {Boolean flag=false; if(!Nonce.isempty ()) {Structureofnonce v=(structureofnonce) MenuClickEventHandler.cache.getIfPresent (nonce); String cnonce=v.getnonce (); String Copenid=V.getopenid (); LongCreatetimestamp =V.gettimestamp (); if(Openid.equalsignorecase (Copenid) &&nonce.equalsignorecase (cnonce)) {Long CurrentTime=System.currenttimemillis (); intTime = (int) (Currenttime-createtimestamp)/1000/60 ; if(0 <= Time && time <= 1) {flag=true; } } } returnFlag; }
Cheers!
OK, it's all the experience of others, let's put the fruit of the giant!
Detailed parsing Cacheguava Cache:
http://bylijinnan.iteye.com/blog/2225074
Documentation for the Cachebuilder class:
https://google.github.io/guava/releases/17.0/api/docs/com/google/common/cache/CacheBuilder.html example of a singleton pattern implementation, Provide ideas for solving problems: https://gxnotes.com/article/36005.html Generate random Number: https://tersesystems.com/2015/12/17/the-right-way-to-use-securerandom/
A solution to protect URL timeliness and security