背景
其他系统需要通过阿里奇门调用公司自研erp系统的接口进行数据的同步,此时erp系统作为服务端需要在阿里奇门平台上配置对应的api信息。erp接口中除了实现自己的逻辑外还需完成验签逻辑,否则发布时会提示失败
简单的图示如下
奇门文档
验签逻辑 (来源于奇门文档中)
CheckResult result = SpiUtils.checkSign(request, targetAppSecret);? //这里执行验签逻辑
if(!result.isSuccess()) { //如果验签失败则需要返回 验签失败的结果,并且需要和配置对应的上,系统才认为是验签成功
HttpSampleResponse httpSampleResponse = new HttpSampleResponse();
httpSampleResponse.setErrorMessage("Illegal request");
httpSampleResponse.setErrorCode("sign-check-failure");
httpSampleResponse.setFlag("failure);
//return
}
接口实现部分
@Controller
@RequestMapping("/api/qimen")
public class AliqmController {
@RequestMapping(value = "/demo")
@ResponseBody
public Map<String,Object> demo(HttpServletRequest request) {
Map<String,Object> res = new HashMap<>();
CheckResult result = null;
try {
result = SpiUtils.checkSign(request, "申请应用成功后的AppSecret");
if(!result.isSuccess()) { //如果验签失败则需要返回 验签失败的结果,并且需要和配置对应的上,系统才认为是验签成功
//以下三个返回字段以及内容固定返回,api在奇门上发布验签时需要用到,否则会发布失败
res.put("sub_code","sign-check-failure");
res.put("sub_message","Illegal request");
res.put("flag","failure");
return res;
}
}catch (Exception e){
res.put("sub_code","sign-check-failure");
res.put("sub_message","Illegal request");
res.put("flag","failure");
return res;
}
//result.getRequestBody() --获取奇门配置的请求body
/*逻辑实现*/
res.put("sub_code","0");
res.put("sub_message","success");
res.put("flag","success");
return res;
}
}
AppSecret
奇门配置API-自测
(官方文档很详细)