Servlet interceptor-based security protection method

A technology of security protection and interceptor, which is applied in the field of security protection based on Servlet interceptors, can solve problems such as increasing developer time, increasing code repetition, ignoring security protection, etc., to improve prevention and control efficiency, increase coverage, and reduce monitoring and the effect of treatment

Inactive Publication Date: 2022-03-08
FOCUS TECH
View PDF2 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the existing technology only pays attention to the security protection of a specific function, but ignores that the security protection should cover the input port and output port of the entire application. The lack of perfect work will undoubtedly increase the time of developers and increase the repetition of code; In addition, only a certain type of entry whitelist can be restricted, and a function or a parameter level cannot correspond to a type of blacklist and whitelist, which also brings higher difficulty and more loopholes to security protection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Servlet interceptor-based security protection method
  • Servlet interceptor-based security protection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0032] The present invention will be further described below in conjunction with accompanying drawing and exemplary implementation:

[0033] Servlet is a java application program running on the server side, which is independent of platform and protocol, and can dynamically generate web pages for processing requests from HTTP clients and accessing back-end data sources. Using Servlet can intercept user input from web forms, obtain and modify data from data sources, and even dynamically create web pages.

[0034] figure 1 It is a schematic diagram of the implementation process of the security protection method based on the Servlet interceptor in the embodiment of the present invention, and the specific process includes:

[0035] Step 101: Build Servlet interceptors for different request data processing stages; corresponding to request path reception, request parameter reception, file upload parameter reception, system output 4 request data processing stages, respectively constr...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a Servlet interceptor-based security protection method, which is characterized by comprising the following steps of: constructing an interceptor; the configuration server side obtains an object accessing the context information; accumulatively calculating and comparing abuse detection index items; generating a decryption key based on the user name and the access time and returning the decryption key to the browser side; comparing the unforbidden key input by the user with the unforbidden key in the interceptor; intercepting and acquiring different types of request data by each interceptor, and executing blacklist and whitelist verification; and calling a component of an attack detection method preset in the interceptor, and detecting whether attack data exists in the user input data and the system output data. The effects of identifying different levels of security problems, executing different degrees of monitoring processing, realizing graded prevention and control, reducing manual monitoring and processing of vulnerability problems, and more importantly, improving the coverage of security prevention and control, and finally improving the prevention and control efficiency are achieved.

Description

technical field [0001] The invention belongs to the technical field of system defense, and in particular relates to a method of security protection based on a Servlet interceptor. Background technique [0002] Since the birth of JavaWeb technology, there have been a large number of Java server-side webpages on the Internet, but there are still quite a few websites that are vulnerable to hackers. Criminals such as hackers will use elements, scripts and loopholes in web pages to threaten the security of the Internet and computers. On the one hand, hackers invading the website will cause the website to fail to open and the server to go down; on the other hand, they will use loopholes and weak points to obtain server permissions. Preventing hacker attacks is a long-term job, and web page defense from hackers often requires senior development engineers to spend a lot of time designing a set of detection, monitoring and statistical methods. [0003] There are already methods on ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/40H04L67/02
CPCH04L63/0227H04L63/1433H04L67/02
Inventor 袁霸汤传东
Owner FOCUS TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap