什么是Api接口冪等？
簡單來說Api接口冪等在有限的時間內(nèi)限制接口訪問請求，限制ip訪問次數(shù)，不限制平臺訪問，都可以拿到數(shù)據(jù) 。一個接口不可以重復(fù)表單提交，生產(chǎn)一次消費(fèi)一次 。
用戶場景：同一時間重復(fù)提交多次請求 。
什么是數(shù)據(jù)篡改？
api接口數(shù)據(jù)篡改，腳本文件，篡改接口參數(shù)進(jìn)行服務(wù)器數(shù)據(jù)竊取，嚴(yán)重的數(shù)據(jù)篡改會導(dǎo)致數(shù)據(jù)庫宕機(jī)，程序軟件崩潰 。
想到這里都知道后臺api接口冪等多重要了吧 。今天給大家講非對稱加密實(shí)現(xiàn)后臺接口api冪等 。
實(shí)現(xiàn)思路：jtw+ 驗(yàn)證標(biāo)識+簽名密鑰+當(dāng)前時間戳+存放過期時間+AES 實(shí)現(xiàn)加密算法token 。
實(shí)現(xiàn)步驟：1，用戶登錄成功后，生產(chǎn)加密token存放redis.
2,下次登錄檢驗(yàn)token 是否過期，過期請重新登錄 。
3，用戶登錄存在有效期，不需要登錄 。（這里就是單點(diǎn)登錄方式）
code核心實(shí)現(xiàn)類：
import io.jsonwebtoken.*;import org.slf4j.Logger;import org.slf4j.LoggerFactory;import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;import org.springframework.security.core.Authentication;import org.springframework.security.core.GrantedAuthority;import org.springframework.security.core.authority.SimpleGrantedAuthority;import org.springframework.security.core.userdetails.User;import org.springframework.stereotype.Component;import org.springframework.util.StringUtils;import javax.annotation.PostConstruct;import javax.servlet.http.HttpServletRequest;import java.util.*;import java.util.stream.Collectors;@Componentpublic class JWTTokenUtils { public static final String AUTHORIZATION_HEADER = "x-token"; public static final String AUTHORIZATION_TOKEN = "x-token"; private final Logger logger = LoggerFactory.getLogger(JWTTokenUtils.class); private static final String AUTHORITIES_KEY = "auth"; private String secretKey; // 簽名密鑰 private long tokenValidityInMilliseconds; // 失效日期 private long tokenValidityInMillisecondsForRememberMe; // （記住我）失效日期 @PostConstruct public void init() {this.secretKey = "isoftstone.huwei";int secondIn1day = 1000 * 60 * 60 * 24;this.tokenValidityInMilliseconds = secondIn1day * 2L;this.tokenValidityInMillisecondsForRememberMe = secondIn1day * 7L; } // 創(chuàng)建Token public String createToken(Authentication authentication, Boolean rememberMe) {String authorities = authentication.getAuthorities().stream() // 獲取用戶的權(quán)限字符串，如 USER,ADMIN.map(GrantedAuthority::getAuthority).collect(Collectors.joining(","));long now = (new Date()).getTime(); // 獲取當(dāng)前時間戳Date validity; // 存放過期時間if (rememberMe) {validity = new Date(now + this.tokenValidityInMilliseconds);} else {validity = new Date(now + this.tokenValidityInMillisecondsForRememberMe);}return SysConst.SYS_COMPANY_HEAD+"."+ Jwts.builder() // 創(chuàng)建Token令牌.setSubject(authentication.getName()) // 設(shè)置面向用戶.claim(AUTHORITIES_KEY, authorities) // 添加權(quán)限屬性.setExpiration(validity) // 設(shè)置失效時間.signWith(SignatureAlgorithm.HS512, secretKey) // 生成簽名.compact(); } // 獲取用戶權(quán)限 public Authentication getAuthentication(String token) {logger.info("JWTTokenUtils Start Get User Auth");// 解析Token的payloadClaims claims = Jwts.parser().setSigningKey(secretKey).parseClaimsJws(token).getBody();Collection<? extends GrantedAuthority> authorities = Arrays.stream(claims.get(AUTHORITIES_KEY).toString().split(",")) // 獲取用戶權(quán)限字符串.map(SimpleGrantedAuthority::new).collect(Collectors.toList()); // 將元素轉(zhuǎn)換為GrantedAuthority接口集合User principal = new User(claims.getSubject(), "", authorities);return new UsernamePasswordAuthenticationToken(principal, null, authorities); } /*** 解析token獲取用戶編碼* @param token* @return*/ public String getAuthSubject(String token) {Claims claims = Jwts.parser().setSigningKey(secretKey).parseClaimsJws(token).getBody();return claims.getSubject(); }public String resolveToken(HttpServletRequest request){String bearerToken = request.getHeader(AUTHORIZATION_HEADER);//從HTTP頭部獲取TOKENif (StringUtils.hasText(bearerToken) && bearerToken.startsWith(SysConst.SYS_COMPANY_HEAD)){return bearerToken.substring(bearerToken.indexOf(".")+1, bearerToken.length());//返回Token字符串，去除Bearer}String jwt = request.getParameter(AUTHORIZATION_TOKEN);//從請求參數(shù)中獲取TOKENif (StringUtils.hasText(jwt) && jwt.startsWith(SysConst.SYS_COMPANY_HEAD)) {return jwt.substring(bearerToken.indexOf(".")+1, jwt.length());}return null;} // 驗(yàn)證Token是否正確 public boolean validateToken(String token) {try {Jwts.parser().setSigningKey(secretKey).parseClaimsJws(token); // 通過密鑰驗(yàn)證Tokenreturn true;}catch (MalformedJwtException e) { // JWT格式錯誤logger.info("Invalid JWT token.");logger.trace("Invalid JWT token trace: {}", e);} catch (ExpiredJwtException e) { // JWT過期logger.info("Expired JWT token.");logger.trace("Expired JWT token trace: {}", e);} catch (UnsupportedJwtException e) { // 不支持該JWTlogger.info("Unsupported JWT token.");logger.trace("Unsupported JWT token trace: {}", e);} catch (IllegalArgumentException e) { // 參數(shù)錯誤異常logger.info("JWT token compact of handler are invalid.");logger.trace("JWT token compact of handler are invalid trace: {}", e);}catch (SignatureException e) { // 簽名異常logger.info("Invalid JWT signature.");logger.trace("Invalid JWT signature trace: {}", e);}return false; }}