public class SkillRequestTimestampVerifier extends java.lang.Object implements SkillServletVerifier
Every request sent by Alexa includes a timestamp. This information is part of the signed portion of the request, so it cannot be changed without also invalidating the request signature. Using this timestamp to verify the freshness of the request before responding protects the client's service from attackers attempting a "replay" attack in which they acquire a properly signed request and then repeatedly resend it to disrupt your service.
|Constructor and Description|
Constructs a new timestamp verifier with the provided tolerance milliseconds.
Constructs a new timestamp verifier with the provided tolerance and timeUnit.
|Modifier and Type||Method and Description|
Validates if the provided date is inclusively within the verifier tolerance, either in the past or future, of the current system time.
public SkillRequestTimestampVerifier(long toleranceInMilliseconds)
toleranceInMilliseconds- the tolerance of this verifier, in milliseconds. must be non-negative and less than .
public SkillRequestTimestampVerifier(long tolerance, java.util.concurrent.TimeUnit timeUnit)
tolerance- the tolerance of this verifier must be non-negative and less than after converting to milliseconds.
TimeUnitmust be non-null.
public void verify(AlexaHttpRequest alexaHttpRequest)
SecurityExceptionif the tolerance is not in the expected range, or if the request is null or does not contain a timestamp value. Verifies an incoming request.
alexaHttpRequest- request performed by Alexa