淘宝TOP获取sessionkey

<!-- -->

管理提醒： <!-- -->

本帖被 gaolei2016 执行取消精华操作(2009-12-18) <!-- -->

<!-- -->

小弟我刚刚测试了是可以的：我的测试站测试

演示站：http://www.1taotuan.com

做TOP开发的人肯定会碰到需要SessionKey才能访问数据的情况，手工去取太麻烦了，回调又需要部署到服务器上，杯具啊！为了解决这些麻烦，我特意写了一个通过程序获取SessionKey的方法，代码如下：

说明：本程序只是方便ISV调试使用，集成二次登录是无法通过审核的，用户不会在你的网站里面输入淘宝的用户名和密码的，就好比你不会在一个山寨网站输入你的银行卡号和密码一样。

Copy code

package com.carver.tool;

import java.net.URLEncoder;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Matcher; 
import java.util.regex.Pattern;

import com.gargoylesoftware.htmlunit.BrowserVersion;
import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException;
import com.gargoylesoftware.htmlunit.Page;
import com.gargoylesoftware.htmlunit.TextPage;
import com.gargoylesoftware.htmlunit.WebClient;
import com.gargoylesoftware.htmlunit.html.HtmlButton;
import com.gargoylesoftware.htmlunit.html.HtmlCheckBoxInput;
import com.gargoylesoftware.htmlunit.html.HtmlElement;
import com.gargoylesoftware.htmlunit.html.HtmlForm;
import com.gargoylesoftware.htmlunit.html.HtmlImageInput;
import com.gargoylesoftware.htmlunit.html.HtmlPage;
import com.gargoylesoftware.htmlunit.html.HtmlPasswordInput;
import com.gargoylesoftware.htmlunit.html.HtmlTextInput;

/**
 * 登录淘宝网获取授权。
 *
 * @author carver.gu
 * @since 1.0, Nov 11, 2009
 */
public class LoginUtil {

    private static final String ONLINE_CONTAINER = "http://container.open.taobao.com/container?appkey=";
    private static final Pattern P_SESSION = Pattern.compile("top\\_session=(\\w+?)&");

    static {
        Logger.getLogger("com.gargoylesoftware.htmlunit").setLevel(Level.SEVERE);
        Logger.getLogger("org.apache.commons.httpclient.HttpMethodBase").setLevel(Level.SEVERE);
    }

    public static void main(String[] args) throws Exception {
        String session = getOnlineSession("app_key", "username", "password");
        System.out.println("session_key: " + session);
    }

    public static String getOnlineSession(String appkey, String uid, String pwd) throws Exception {
        String url = "http://member1.taobao.com/member/mini_login.htm?login_type=3&redirect_url=";
        return getSession(url, ONLINE_CONTAINER, appkey, uid, pwd);
    }

    private static String getSession(String loginUrl, String topUrl, String appkey, String uid,
            String pwd) throws Exception {
        WebClient webClient = new WebClient(BrowserVersion.FIREFOX_3);

        String fullUrl = loginUrl + URLEncoder.encode(topUrl + appkey, "utf-8");
        HtmlPage loginPage = webClient.getPage(fullUrl);
        HtmlForm loginForm = loginPage.getForms().get(0);
        HtmlTextInput uidInput = loginForm.getInputByName("TPL_username");
        uidInput.setValueAttribute(uid);
        HtmlPasswordInput pwdInput = loginForm.getInputByName("TPL_password");
        pwdInput.setValueAttribute(pwd);
        HtmlButton loginButton = loginForm.getButtonByName("");

        HtmlPage loginRsp = null;
        try {
            Page rsp = loginButton.click();
            if (rsp instanceof HtmlPage) {
                loginRsp = (HtmlPage) rsp;
            } else if (rsp instanceof TextPage) {
                TextPage textRsp = (TextPage) rsp;
                return extractSession(textRsp.getContent());
            } else {
                return null;
            }
        } catch (FailingHttpStatusCodeException e) {
            if (e.getStatusCode() == 404) {
                return extractSession(e.getMessage());
            }
        } catch (Exception e) {
        }

        HtmlCheckBoxInput agreeCheck = (HtmlCheckBoxInput) loginRsp.getElementById("agreement");
        if (agreeCheck == null) {
            return extractSession(loginRsp.getWebResponse().getRequestSettings().getUrl().toString());
        } else {
            agreeCheck.click();
        }

        HtmlForm agreeForm = loginRsp.getForms().get(1);
        List<HtmlElement> inputElements = agreeForm.getHtmlElementsByTagName("input");
        HtmlImageInput agreeButton = null;
        for (HtmlElement inputElement : inputElements) {
            if (inputElement instanceof HtmlImageInput) {
                agreeButton = (HtmlImageInput) inputElement;
                break;
            }
        }

        Page agreeRsp = null;
        try {
            agreeRsp = agreeButton.click();
        } catch (FailingHttpStatusCodeException e) {
            if (e.getStatusCode() == 404) {
                return extractSession(e.getMessage());
            }
        } catch (Exception e) {
        }
        return extractSession(agreeRsp.getWebResponse().getRequestSettings().getUrl().toString());
    }

    private static String extractSession(String response) {
        Matcher matcher = P_SESSION.matcher(response);
        if (matcher.find()) {
            return matcher.group(1);
        } else {
            return null;
        }
    }

}

经测试，上面的程序可以获取任何类型的应用（Web，客户端）的SessionKey，ISV们有福了。

上面的程序依赖于HtmlUnit这个工具的所有Jar包，需要的请到 HtmlUnit的官方网站下载。

这样做是方便了用户，但好想违反了TOP的审核规则，这样做估计审核会通不过：
审核规则第二条：“2、应用不允许出现二次登陆、注册入口 ”
http://wiki.open.taobao.com/index.php/%E5%AE%A1%E6%A0%B8%E8%A7%84%E5%88%99