参数签名配置(v5.8.12)

  在Saca Dataviz中,可以通过配置对参数进行签名,然后在请求时将签名信息放在请求头中,服务端会根据签名密钥对请求参数进行签名验证。 对参数进行签名可以提高安全性,避免请求被拦截造成的数据泄露。   对每个请求记性签名和验签会损耗一定的性能,如果项目对安全要求不高,可以对通过配置关闭签名。

1.前段配置

  在dataviz-web/common/config.js中,把signatureEnabled的值改为false,可以关闭前端对参数的签名,反之可开启签名。

2.后端配置

  在后端进行验签,在dataviz-service\WEB-INF\web.xml中找到如下配置:

<filter>
    <filter-name>signatureValidationFilter</filter-name>
    <filter-class>com.neusoft.saca.dataviz.common.security.signature.SignatureValidationFilter</filter-class>
    <init-param><!-- uncheck nonce -->
        <param-name>uncheckNonce</param-name>
        <param-value>false</param-value>
    </init-param>
    <init-param><!-- uncheck timestamp -->
        <param-name>uncheckTimestamp</param-name>
        <param-value>false</param-value>
    </init-param>
    <init-param><!-- allow disparity of timestamp -->
        <param-name>allowDisparity</param-name>
        <param-value>10</param-value><!-- minutes -->
    </init-param>
    <init-param><!-- uri whitelist, use regex matching -->
        <param-name>allowURI</param-name>
        <param-value></param-value>
    </init-param>
</filter>

  uncheckNonce表示是否不检查nonce,uncheckTimestamp表示是否不检查时间戳,allowDisparity表示时间戳允许的误差,allowURI表示允许通过验签的uri,使用正则表达式。

  如果要关闭签名校验,可以把allowDisparity的值配置为.*,如下:

<filter>
    <filter-name>signatureValidationFilter</filter-name>
    <filter-class>com.neusoft.saca.dataviz.common.security.signature.SignatureValidationFilter</filter-class>
    <init-param><!-- uncheck nonce -->
        <param-name>uncheckNonce</param-name>
        <param-value>false</param-value>
    </init-param>
    <init-param><!-- uncheck timestamp -->
        <param-name>uncheckTimestamp</param-name>
        <param-value>false</param-value>
    </init-param>
    <init-param><!-- allow disparity of timestamp -->
        <param-name>allowDisparity</param-name>
        <param-value>10</param-value><!-- minutes -->
    </init-param>
    <init-param><!-- uri whitelist, use regex matching -->
        <param-name>allowURI</param-name>
        <param-value>.*</param-value>
    </init-param>
</filter>

results matching ""

    No results matching ""

    results matching ""

      No results matching ""