加密传参流程
每个接口固定参数timestamp,appkey,sign参数必传!
1. 参数按照参数名ASCII码从小到大排序(字典序),使用URL键值对的格式
(即key1=value1&key2=value2…)
注:时间戳timestamp和appkey参数也参与排序并url拼接
最终拼接得到字符串stringA
2. 在stringA最后拼接上appsecret参数 得到stringSignTemp字符串,并对stringSignTemp进行MD5运算得到32位小写sign加密字符串
假设一个查询接口提供2个参数id和name
则
StringA=” appkey=xxx&id=100&name=张三×tamp=1551528809”
stringSignTemp= StringA +”&appsecret=yyy”
sign=MD5(stringSignTemp)
最终Post表单传参
参数名 | 说明 | 是否必选 | 类型 | 备注 |
id |
| 否 | int |
|
name |
| 否 | string |
|
timestamp | 时间戳字符串 | 是 | string | 时间戳字符串”1551528809” |
appkey | appkey值 | 是 | string |
|
sign | sign签名值 | 是 | string |
|
拦截器代码
public class ApiInterceptor implements HandlerInterceptor {
private static final Logger log = LoggerFactory.getLogger(ApiInterceptor.class);
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
Gson gson = new GsonBuilder().serializeNulls().enableComplexMapKeySerialization().setDateFormat("yyyy-MM-dd HH:mm:ss").create();
Map parameterMap = MapUtil.getParameterMap(request);
String requestUrl = request.getServletPath();
log.info(" 请求地址为: " + requestUrl + " 请求参数为: " + gson.toJson(parameterMap));
try {
String timestamp = "";
String appkey = "";
String sign = "";
if (parameterMap.containsKey("timestamp")) {
timestamp = parameterMap.get("timestamp").toString();
//验证时间戳
Long timestampL = new Long(timestamp);
Calendar timestampCalendar = Calendar.getInstance();
timestampCalendar.setTimeInMillis(timestampL * 1000L);
//设置过期时间
timestampCalendar.add(Calendar.MINUTE, 10);
Date timestampDate = timestampCalendar.getTime();
Date nowDate = new Date();
if (timestampDate.compareTo(nowDate) < 0) {
responseJson(response, gson.toJson(ResponseBean.error(ResponseCodeMsg.FAIL_STATUS, ResponseCodeMsg.TIMESTAMP_EXPIRE_MSG, null)));
return false;
}
} else {
responseJson(response, gson.toJson(ResponseBean.error(ResponseCodeMsg.FAIL_STATUS, ResponseCodeMsg.TIMESTAMP_ERROR_MSG, null)));
return false;
}
if (parameterMap.containsKey("appkey")) {
appkey = parameterMap.get("appkey").toString();
} else {
responseJson(response, gson.toJson(ResponseBean.error(ResponseCodeMsg.FAIL_STATUS, ResponseCodeMsg.APPKEY_ERROR_MSG, null)));
return false;
}
if (parameterMap.containsKey("sign")) {
sign = parameterMap.get("sign").toString();
} else {
responseJson(response, gson.toJson(ResponseBean.error(ResponseCodeMsg.FAIL_STATUS, ResponseCodeMsg.SIGN_ERROR_MSG, null)));
return false;
}
Map map2 = new HashMap();
map2.putAll(parameterMap);
map2.remove("sign");
String urls = MapUtil.formatMapToUrl(map2, false);
urls += "&appsecret=" + OakConfig.getApiAppSecret();
String newSign = MD5Util.md5(urls);
//log.info("拼接urls参数为:" + urls + " 服务器端签名sign为:" + newSign);
if (!sign.equals(newSign)) {
responseJson(response, gson.toJson(ResponseBean.error(ResponseCodeMsg.FAIL_STATUS, ResponseCodeMsg.SIGN_CHECK_ERROR_MSG, null)));
return false;
}
return true;
} catch (Exception e) {
log.error(e.toString());
responseJson(response, gson.toJson(ResponseBean.error(ResponseCodeMsg.FAIL_STATUS, "请求异常!", null)));
return false;
}
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
throws Exception {
}
private void responseJson(HttpServletResponse response, String json) throws Exception {
PrintWriter writer = null;
response.setCharacterEncoding("UTF-8");
response.setContentType("text/json; charset=utf-8");
try {
writer = response.getWriter();
writer.print(json);
} catch (IOException e) {
log.error(e.toString());
} finally {
if (writer != null)
writer.close();
}
}
}