支付宝回调请求通常遵守文档规范采用post请求,我们对接时只需从request中获取表单中的回调参数即可进行自主验签或调用sdk验签.
但是不知道什么原因导致我方服务接收到的回调请求参数从请求表单中拿不到,此时参数会在请求流中可以通过request.getInputStream()获取但是参数sign却是不完整的,如下:
gmt_create=2019-08-02+13%3A24%3A37&charset=UTF-8&seller_email=gaojie%40zimonet.com&subject=%E5%A0%A1%E5%9E%92%E4%B9%8B%E5%A4%9C%EF%BC%8C%E5%85%A8%E6%96%B0%E6%A8%A1%E5%BC%8F%E8%B5%A2%E7%9A%AE%E8%82%A4&sign=BmZrx3xY1eb7weiOKR6i4nHvCC%2FeXN9IZ9ppssGvFacZhQ2kfhhJp2ZcS2IDnrnf7KGhHAz2ea4WRSnCVHfiNtXLUNTm5mEHaMPSVAJE59r4BV9MVvz3z3HGrjybklz%2BNuS%2B0WHBnj5Zspld%2FqZybzGjauC0VNUtfDXkLfzFzoiPe7d3%2BYKOCGLRRQ%2BsxjERoM0ckuqEVDRyKDeMIMmfwNxWNF7MAY73692MMXtX5q3QbDDXqWBa6LqWErvf7TGGZkEu%2B%2BVkKHkGCqXsgJlPmJ5vfE66TxLOxs5mIjPbt3m%2BqOZNiCUjqG9u4N0m3guMp768%2B81%2B%2B%2B%2F11QWw3Ibbsg%3D%3D&buyer_id=2088702798748343&invoice_amount=0.01¬ify_id=2019080200222132438048340533036974&fund_bill_list=%5B%7B%22amount%22%3A%220.01%22%2C%22fundChannel%22%3A%22ALIPAYACCOUNT%22%7D%5D¬ify_type=trade_status_sync&trade_status=TRADE_SUCCESS&receipt_amount=0.01&buyer_pay_amount=0.01&sign_type=RSA2&seller_id=2088621462087383&gmt_payment=2019-08-02+13%3A24%3A38¬ify_time=2019-08-02+13%3A24%3A38&version=1.0&out_trade_no=1908023473111420&total_amount=0.01&trade_no=2019080222001448340580436944&auth_app_id=2019022563352241&buyer_logon_id=182****0115&point_amount=0.00
这是从输入流中解析出来的参数签名sign缺少了"=="调用URLDecoder.decode后获得的参数调用sdk验签会报错,于是在解析完成转化为map后重新为sign手动拼接上"=="验签通过,但是导致回调请求参数变化的原因始终不明,有哪位大佬知道原因的敬请指点.