ReplayProtectionFilter
7/8/26Less than 1 minute
ReplayProtectionFilter
Info
OncePerRequestFilter that prevents replay attacks on high-risk write endpoints using X-Timestamp and X-Nonce headers with Redis-backed deduplication.
Overview
Intercepts POST/PUT/DELETE requests to protected paths and requires X-Timestamp and X-Nonce headers. Validates timestamp within a 5-minute skew window and uses Redis SETNX to reject duplicate nonces. For unauthenticated login endpoints, uses client IP as the replay principal.
Protected Methods
POST, PUT, DELETE
Protected Paths
| Path Pattern | Description |
|---|---|
/v1/user/** | All user API endpoints |
/v1/upload/user-avatar | Avatar upload |
/auth/user/login | User login |
/auth/user/login/account | Account login |
/auth/user/login/email | Email login |
Filter Flow
- Check if request method and path are protected
- Resolve principal: authenticated username, or
ip:{clientIp}for login endpoints - Validate
X-Timestampheader: must be a valid long within 5-minute skew - Validate
X-Nonceheader: length 8--128 characters - Redis
SETNXon nonce key with TTL equal to skew window - If key already exists: reject as replay (4003)
- Otherwise: continue chain
Headers
| Header | Type | Description |
|---|---|---|
X-Timestamp | long | Request timestamp in epoch milliseconds |
X-Nonce | String | Unique request identifier (8--128 chars) |
Error Codes
| Code | Condition | Message |
|---|---|---|
4002 | Missing/invalid headers or expired timestamp | 缺少防重放请求头 / 非法 nonce / 非法时间戳 / 请求时间窗口已过期 |
4003 | Duplicate nonce detected | 检测到重放请求 |
All errors return HTTP 400.
Redis Key Pattern
auth:replay:{principal}:{method}:{uri}:{nonce}TTL: 5 minutes (matches ALLOWED_SKEW_MILLIS).
Dependencies
authSecurityRedisTemplate-- nonce deduplication (Redis DB 6)ClientIpUtil-- client IP resolution for unauthenticated requestsObjectMapper-- JSON error response serialization
Changelog
7/8/26, 5:52 AM
View All Changelog
9f290-on

