public class SkillRequestTimestampVerifier extends java.lang.Object implements SkillServletVerifier
Every request sent by Alexa includes a timestamp. This information is part of the signed portion of the request, so it cannot be changed without also invalidating the request signature. Using this timestamp to verify the freshness of the request before responding protects the client's service from attackers attempting a "replay" attack in which they acquire a properly signed request and then repeatedly resend it to disrupt your service.
Constructor and Description |
---|
SkillRequestTimestampVerifier(long toleranceInMilliseconds)
Constructs a new timestamp verifier with the provided tolerance milliseconds.
|
SkillRequestTimestampVerifier(long tolerance,
java.util.concurrent.TimeUnit timeUnit)
Constructs a new timestamp verifier with the provided tolerance and timeUnit.
|
Modifier and Type | Method and Description |
---|---|
void |
verify(AlexaHttpRequest alexaHttpRequest)
Validates if the provided date is inclusively within the verifier tolerance, either in the
past or future, of the current system time.
|
public SkillRequestTimestampVerifier(long toleranceInMilliseconds)
toleranceInMilliseconds
- the tolerance of this verifier, in milliseconds. must be non-negative and less than
.public SkillRequestTimestampVerifier(long tolerance, java.util.concurrent.TimeUnit timeUnit)
tolerance
- the tolerance of this verifier must be non-negative and less than
after converting to milliseconds.timeUnit
- TimeUnit
must be non-null.public void verify(AlexaHttpRequest alexaHttpRequest)
SecurityException
if the
tolerance is not in the expected range, or if the request is null or does not contain a timestamp value.
Verifies an incoming request.verify
in interface SkillServletVerifier
alexaHttpRequest
- request performed by Alexa