Another spring HMAC authentication filter for RESTfull webservice example.
Support http method: GET, HEAD, POST, PUT, DELETE, support Content-Type: application/x-www-form-urlencoded, application/json
You can define the NONCE, ACCESS-KEY, AUTHORIZATION header as follow, also can define the server.scheme, server.host, server.port.
hmac-verify:
header:
nonce: nonce
access-key: accesskey
authorization: authorization
server:
scheme: http
host: localhost
port: 8080Both client and server digest of the following string:
METHOD\n
SCHEME\n
HOST\n
PATH\n
QUERY\n
CONTENT-TYPE\n
PAYLOAD\n
NONCE
METHOD: http method, such as GET, POSTSCHEME: http or httpsHOST:localhostor other domain name.PATH: http uriQUERY: http query stringCONTENT-TYPE: content-type, support application/x-www-form-urlencoded or application/jsonPAYLOAD: form format or json formatNONCE: nonce
See the package io.github.qyvlik.springhmacrestverify.modules.hmac.
CachingRequestFilter: read the payload from request, so you don't need sorting the form-data.HmacSignature: build hmac signature fromHttpServletRequestWrapper.HmacVerifyHelper: verify the client signature
HmacVerifyHelper: verify the client signature, you can consult it for you own server.CredentialsProviderMapImpl: simple provider for access-key, secret-key.
OkHTTPHMACInterceptor: okhttp interceptor for hmacpostman-pre.js: postman hmac signature pre-script
See more test cases in SpringHmacRestVerifyApplicationTests.java.
spring boot 学习笔记(5) 解决HttpServletRequest inputStream只能读取一次的问题
springboot-拦截器-过滤器-Required request body is missing 异常
SpringMVC 中 request.getInputStream() 为空解惑
HTTP请求方法:GET、HEAD、POST、PUT、DELETE、CONNECT、OPTIONS、TRACE
Spring security not calling my custom authentication filter when running JUnit tests