使用scibe实现签名请求
pom.xml添加
<dependency> <groupId>org.scribe</groupId> <artifactId>scribe</artifactId> <version>1.3.7</version> </dependency>
代码实现:
import com.alibaba.fastjson.JSONObject; import com.lg.crm.module.lg.controller.admin.crmorder.vo.CrmOrderNs; import org.scribe.builder.ServiceBuilder; import org.scribe.builder.api.DefaultApi10a; import org.scribe.model.OAuthRequest; import org.scribe.model.Response; import org.scribe.model.SignatureType; import org.scribe.model.Token; import org.scribe.model.Verb; import org.scribe.oauth.OAuthService; import org.scribe.services.SignatureService; import java.math.BigDecimal; public class TokenAuth { private static final String TOKEN_ID = "";//替换自己的请求头信息 private static final String TOKEN_SECRET = ""; private static final String REST_URL = ""; private static final String CONSUMER_KEY = ""; private static final String CONSUMER_SECRET = ""; //需要则添加 private static final String REALM = ""; private static final String CONTENT_TYPE = "content-type"; private static final String APP_JSON = "application/json"; private static OAuthService service = getService(); private static Token accessToken = getToken(); public static void main(String[] args) { Response responsePost = callWithHttpPost(); System.out.println(responsePost.getBody()); } private static Response callWithHttpGet() { OAuthRequest request = new OAuthRequest(Verb.GET, REST_URL); request.setRealm(REALM); service.signRequest(accessToken, request); return request.send(); } private static Response callWithHttpPost() { OAuthRequest request = new OAuthRequest(Verb.POST, REST_URL); request.setRealm(REALM); request.addHeader(CONTENT_TYPE, APP_JSON); //body 可作为参数变量传进方法中 JavaBeanParam param = new JavaBeanParam; request.addPayload(JSONObject.toJSONString(param )); service.signRequest(accessToken, request); return request.send(); } private static Token getToken() { return new Token(TOKEN_ID, TOKEN_SECRET); } private static OAuthService getService() { return new ServiceBuilder().provider(ErpApi.class) .apiKey(CONSUMER_KEY).apiSecret(CONSUMER_SECRET) .signatureType(SignatureType.Header).build(); } public static class ErpApi extends DefaultApi10a { public SignatureService getSignatureService() { return new HMACSha256SignatureService(); } public String getRequestTokenEndpoint() { return null; } public String getAccessTokenEndpoint() { return null; } public String getAuthorizationUrl(Token token) { return null; } }
//HMAC-SHA256加密方法 可替换为其他方式加密
public String getSignature(String baseString, String apiSecret, String tokenSecret) { try { Preconditions.checkEmptyString(baseString, "Base string cant be null or empty string"); Preconditions.checkEmptyString(apiSecret, "Api secret cant be null or empty string"); String keyString = OAuthEncoder.encode(apiSecret) + '&' + OAuthEncoder.encode(tokenSecret); SecretKeySpec key = new SecretKeySpec(keyString.getBytes(UTF8), "HmacSHA256"); Mac mac = Mac.getInstance("HmacSHA256"); mac.init(key); byte[] data = mac.doFinal(baseString.getBytes(UTF8)); return Base64Encoder.getInstance().encode(data); } catch (Exception e) { throw new OAuthSignatureException(baseString, e); } }