校园助手APP中很多数据需要从服务器获取,服务器端是由一位大神用node.js写的,通过json传递数据。为保证数据的安全,采用了一套安全校验。
public class InterfaceUtil {
private static final String SALT = "withelper_******";//约定的一个key
private static final String TAG = "InterfaceUtil";
@SuppressWarnings("finally")
public static JSONObject getJSONObject(
String url, // 请求的URL
Map<String, String> params // 请求的参数序列
) {
long timestamp = new Date().getTime();
//时间戳
params.put("timestamp", "" + timestamp);
//sign
params.put("sign", MD5Util.getMD5String(SALT + timestamp));//通过时间戳与约定key的MD5值校验请求的安全性
String result = postRequestToServer(url, params);//请求数据
if (null == result) {
Log.i(TAG, "result = null");
return null;
}else {
Log.i(TAG, "result = " + result);
JSONTokener jsonTokener = new JSONTokener(result);
JSONObject json = null;
try {
//解析出json对象
json = (JSONObject) jsonTokener.nextValue();
} catch (JSONException e) {
e.printStackTrace();
} finally {
return json;
}
}//end of else
}
@SuppressWarnings("finally")
public static String postRequestToServer(String url, // 请求的URL
Map<String, String> params // 请求的参数序列
) {
Log.i(TAG, "访问网络");
HttpEntityEnclosingRequestBase httpRequest = new HttpPost(url);
List<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>(params.size());
for (Map.Entry<String, String> entry : params.entrySet()) {// 构建表单字段内容
nameValuePairs.add(new BasicNameValuePair(entry.getKey(), entry.getValue()));
}
String strResult = "";
try {
httpRequest.setEntity(new UrlEncodedFormEntity(nameValuePairs,"UTF-8"));
HttpClient client = new DefaultHttpClient();
HttpParams httpparams = client.getParams();
//请求时长
HttpConnectionParams.setConnectionTimeout(httpparams,7000);
HttpConnectionParams.setSoTimeout(httpparams,7000);
// 执行请求
HttpResponse httpResponse = client.execute(httpRequest);
// 判断返回结果,200则说明正确返回
if (httpResponse.getStatusLine().getStatusCode() == 200) {
// 从返回的结果中获取内容
strResult = EntityUtils.toString(httpResponse.getEntity(),"UTF-8");
} else {
strResult = null;
}
} catch (Exception e) {
e.printStackTrace();
//异常处理
Message msg = new Message();
msg.what = Task.ERROR_NETEXCEPTION ;
msg.obj = e;
MainService.handler.sendMessage(msg);
strResult = null;
} finally {
return strResult;
}
}
}
服务器收到数据请求后,先根据时间戳参数,与约定的key计算MD5值,对比成功后才会作出响应。