一. Login and get token.
* parameters: ts, account, password
* deal steps:
1. check ts. ts is current time of your device, check time different between ts and current time of server is valid.
2. check account and password. Can find user by account, then password should equal with account's password.
3. Generate token: MD5.encode("account=christina&password=123456&ts=789327")
4, return token
使用token的原因:用户可以跨应用.
三方登陆中需要code, 是为了不在url上面传递token的值,防止用户看到token的内容
二. Verify sign:
验证签名, 是为了验证接入server的接入端的有效性(android/ios..). 与用户没有关系,与用户是否登陆无关.
* parameters: ts, appKey, sign
* deal steps:
1. check ts
2. get app by appKey
3. check sign. generate sign , compare it with the parameter, whether they are equals.
How to generate sign:
String text = createLinkString(sArray) + appKye;
return MD5Encrypt.MD5Encode(text);
三. save log:
save log of api before deal it:
1. write a filter intercept all, and config it in web.xml:
<filter>
<filter-name> logFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetBeanName</param-name>
<param-value>logFilter</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name> logFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-name> logFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetBeanName</param-name>
<param-value>logFilter</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name> logFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
2. you can choose some url that don't need to be intercepted:
public class L
ogFilter extends HttpServlet implements Filter {
private final static List<String> excludePrameters = new ArrayList<String>();
static {
excludeURI.add("/abc");
excludeURI.add("/abc");
}
}
3. What should be saved?
url, method, parameter, userAgent, userId