Api接口加签验签

最新推荐文章于 2024-05-14 09:00:00 发布

weixin_33985679

最新推荐文章于 2024-05-14 09:00:00 发布

阅读量1.3k

点赞数

文章标签： json

原文链接：http://www.cnblogs.com/zengnansheng/p/10578982.html

版权

加密传参流程

每个接口固定参数timestamp，appkey，sign参数必传!

1. 参数按照参数名ASCII码从小到大排序（字典序），使用URL键值对的格式

（即key1=value1&key2=value2…）

注：时间戳timestamp和appkey参数也参与排序并url拼接

最终拼接得到字符串stringA

2. 在stringA最后拼接上appsecret参数得到stringSignTemp字符串，并对stringSignTemp进行MD5运算得到32位小写sign加密字符串

假设一个查询接口提供2个参数id和name

则

StringA=” appkey=xxx&id=100&name=张三&timestamp=1551528809”

stringSignTemp= StringA +”&appsecret=yyy”

sign=MD5(stringSignTemp)

最终Post表单传参

参数名	说明	是否必选	类型	备注
id		否	int
name		否	string
timestamp	时间戳字符串	是	string	时间戳字符串”1551528809”
appkey	appkey值	是	string
sign	sign签名值	是	string

拦截器代码

public class ApiInterceptor implements HandlerInterceptor {
private static final Logger log = LoggerFactory.getLogger(ApiInterceptor.class);

@Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
        Gson gson = new GsonBuilder().serializeNulls().enableComplexMapKeySerialization().setDateFormat("yyyy-MM-dd HH:mm:ss").create();
        Map parameterMap = MapUtil.getParameterMap(request);
        String requestUrl = request.getServletPath();
log.info(" 请求地址为: " + requestUrl + " 请求参数为: " + gson.toJson(parameterMap));

try {
            String timestamp = "";
            String appkey = "";
            String sign = "";
if (parameterMap.containsKey("timestamp")) {
                timestamp = parameterMap.get("timestamp").toString();
//验证时间戳
                Long timestampL = new Long(timestamp);
                Calendar timestampCalendar = Calendar.getInstance();
                timestampCalendar.setTimeInMillis(timestampL * 1000L);
//设置过期时间
                timestampCalendar.add(Calendar.MINUTE, 10);
                Date timestampDate = timestampCalendar.getTime();
                Date nowDate = new Date();
if (timestampDate.compareTo(nowDate) < 0) {
                    responseJson(response, gson.toJson(ResponseBean.error(ResponseCodeMsg.FAIL_STATUS, ResponseCodeMsg.TIMESTAMP_EXPIRE_MSG, null)));
return false;
                }
            } else {
                responseJson(response, gson.toJson(ResponseBean.error(ResponseCodeMsg.FAIL_STATUS, ResponseCodeMsg.TIMESTAMP_ERROR_MSG, null)));
return false;
            }
if (parameterMap.containsKey("appkey")) {
                appkey = parameterMap.get("appkey").toString();
            } else {
                responseJson(response, gson.toJson(ResponseBean.error(ResponseCodeMsg.FAIL_STATUS, ResponseCodeMsg.APPKEY_ERROR_MSG, null)));
return false;
            }
if (parameterMap.containsKey("sign")) {
                sign = parameterMap.get("sign").toString();
            } else {
                responseJson(response, gson.toJson(ResponseBean.error(ResponseCodeMsg.FAIL_STATUS, ResponseCodeMsg.SIGN_ERROR_MSG, null)));
return false;
            }

            Map map2 = new HashMap();
            map2.putAll(parameterMap);
            map2.remove("sign");
            String urls = MapUtil.formatMapToUrl(map2, false);
            urls += "&appsecret=" + OakConfig.getApiAppSecret();
            String newSign = MD5Util.md5(urls);
//log.info("拼接urls参数为：" + urls + " 服务器端签名sign为：" + newSign);
            if (!sign.equals(newSign)) {
                responseJson(response, gson.toJson(ResponseBean.error(ResponseCodeMsg.FAIL_STATUS, ResponseCodeMsg.SIGN_CHECK_ERROR_MSG, null)));
return false;
            }
return true;
        } catch (Exception e) {
log.error(e.toString());
            responseJson(response, gson.toJson(ResponseBean.error(ResponseCodeMsg.FAIL_STATUS, "请求异常!", null)));
return false;
        }
    }

@Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
                           ModelAndView modelAndView) throws Exception {

    }

@Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
throws Exception {

    }

private void responseJson(HttpServletResponse response, String json) throws Exception {
        PrintWriter writer = null;
        response.setCharacterEncoding("UTF-8");
        response.setContentType("text/json; charset=utf-8");
try {
            writer = response.getWriter();
            writer.print(json);
        } catch (IOException e) {
log.error(e.toString());
        } finally {
if (writer != null)
                writer.close();
        }
    }

}

转载于:https://www.cnblogs.com/zengnansheng/p/10578982.html

weixin_33985679

关注

0
点赞
踩
2

收藏

觉得还不错? 一键收藏
0
评论
Api接口加签验签

加密传参流程每个接口固定参数timestamp，appkey，sign参数必传! 1. 参数按照参数名ASCII码从小到大排序（字典序），使用URL键值对的格式（即key1=value1&key2=value2…）注：时间戳timestamp和appkey参数也参与排序并url拼接最终拼接得到字符串stringA 2. 在string...
复制链接

扫一扫