Based on Java8 + Spring Boot to create Http Request interception and verification framework 😋
Spend 10 minutes to learn it to do something, it will help you check Http Request parameters.
It can defend replay attack, check parameters are modified(digital signature), check request is timed out
🐾 Quick Start | 🌚 🇨🇳 简体中文
Aegis is a pursuit of simple framework, so that uses the latest technology, intercepts every http request, then checks the parameters, and you can change every check strategy if you wanted.
If you like to try something interesting, I believe you will love it.
If you think this item is good can star support it 😊
Run with Maven:
Create a basic Maven project
<dependency>
<groupId>com.github.com.erictao2</groupId>
<artifactId>aegis-api</artifactId>
<version>1.0.1</version>
</dependency>You must use Spirng Boot in you porject.
Then add annotation in you Controller or Method, please refer to the documentation for specific annotation usage!
Now Aegis has 3 annotations for you to use
This annotation will help you verify the signature in the request, if some one modifyed you request parameters, aegis will reject this request.let's see:
@RestController
// You also can use annotation in Controller class
//@DefendModify
public class DemoController {
@GetMapping("/1")
//@DefendModify(name ="reqSign", algorithm = "md5", key = "aegis-key")
@DefendModify
public String test1(){
return "test1-demo" ;
}
}
you URL must like this
http://localhost:8080/1?parameterOne=oneoneone&reqSign=f4da2ed1dca4bfd481d83cfb89f12ab6
or include these parameters in request body(JSON)
In the URL
reqSign = (Use some algorithm encryption for others paramets, default is MD5 )
This annotation will help you verify request is timed out.let's see:
@RestController
// You also can use annotation in Controller class
//@DefendTimeout
public class DemoController {
@GetMapping("/2")
//@DefendTimeout(name ="timestamp", timeout = 1000, timeUnit = {TimeUnit.MILLISECONDS})
@DefendTimeout
public String test2(){
return "test2-demo" ;
}
}
you URL must like this
http://localhost:8080/2?timestamp=1550653175000
or include these parameters in request body(JSON)
This annotation will help you defend replay attack.let's see:
@RestController
// You also can use annotation in Controller class
//@DefendReplay
public class DemoController {
@GetMapping("/3")
//@DefendReplay(name = "reqNo", prefix = "aegisReqNo", timeout = 1000 , timeUnit = {TimeUnit.MILLISECONDS})
@DefendReplay
public String test3(){
return "test3-demo" ;
}
}
you URLmust like this
http://localhost:8080/3?ReqNo=ds1×tamp=1533205566000
or include these parameters in request body(JSON)
When you send a request with parameter of reqNo, and Other request already send same reqNo, if the time difference(timestamp) between the two requests is less than the set time(timeout in the annotation), last request will be rejected.
- Mail: 823222209@qq.com
Please see Apache License