Api接口加簽驗籤

加密傳參流程

 

每一個接口固定參數timestamp，appkey，sign參數必傳!

1.       參數按照參數名ASCII碼從小到大排序（字典序），使用URL鍵值對的格式

（即key1=value1&key2=value2…）

注：時間戳timestamp和appkey參數也參與排序並url拼接

最終拼接獲得字符串stringA

 

2.       在stringA最後拼接上appsecret參數 獲得stringSignTemp字符串，並對stringSignTemp進行MD5運算獲得32位小寫sign加密字符串

 

 

假設一個查詢接口提供2個參數id和name

則

StringA=」 appkey=xxx&id=100&name=張三&timestamp=1551528809」

stringSignTemp= StringA +」&appsecret=yyy」

sign=MD5(stringSignTemp)

 

最終Post表單傳參

參數名	說明	是否必選	類型	備註
id		否	int
name		否	string
timestamp	時間戳字符串	是	string	時間戳字符串」1551528809」
appkey	appkey值	是	string
sign	sign簽名值	是	string

 

攔截器代碼

public class ApiInterceptor implements HandlerInterceptor {
        private static final Logger log = LoggerFactory.getLogger(ApiInterceptor.class);

        @Override
        public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
                throws Exception {
            Gson gson = new GsonBuilder().serializeNulls().enableComplexMapKeySerialization().setDateFormat("yyyy-MM-dd HH:mm:ss").create();
            Map parameterMap = MapUtil.getParameterMap(request);
            String requestUrl = request.getServletPath();
            log.info(" 請求地址爲: " + requestUrl + " 請求參數爲: " + gson.toJson(parameterMap));

            try {
                String timestamp = "";
                String appkey = "";
                String sign = "";
                if (parameterMap.containsKey("timestamp")) {
                    timestamp = parameterMap.get("timestamp").toString();
                    //驗證時間戳
                    Long timestampL = new Long(timestamp);
                    Calendar timestampCalendar = Calendar.getInstance();
                    timestampCalendar.setTimeInMillis(timestampL * 1000L);
                    //設置過時時間
                    timestampCalendar.add(Calendar.MINUTE, 10);
                    Date timestampDate = timestampCalendar.getTime();
                    Date nowDate = new Date();
                    if (timestampDate.compareTo(nowDate) < 0) {
                        responseJson(response, gson.toJson(ResponseBean.error(ResponseCodeMsg.FAIL_STATUS, ResponseCodeMsg.TIMESTAMP_EXPIRE_MSG, null)));
                        return false;
                    }
                } else {
                    responseJson(response, gson.toJson(ResponseBean.error(ResponseCodeMsg.FAIL_STATUS, ResponseCodeMsg.TIMESTAMP_ERROR_MSG, null)));
                    return false;
                }
                if (parameterMap.containsKey("appkey")) {
                    appkey = parameterMap.get("appkey").toString();
                } else {
                    responseJson(response, gson.toJson(ResponseBean.error(ResponseCodeMsg.FAIL_STATUS, ResponseCodeMsg.APPKEY_ERROR_MSG, null)));
                    return false;
                }
                if (parameterMap.containsKey("sign")) {
                    sign = parameterMap.get("sign").toString();
                } else {
                    responseJson(response, gson.toJson(ResponseBean.error(ResponseCodeMsg.FAIL_STATUS, ResponseCodeMsg.SIGN_ERROR_MSG, null)));
                    return false;
                }

                Map map2 = new HashMap();
                map2.putAll(parameterMap);
                map2.remove("sign");
                String urls = MapUtil.formatMapToUrl(map2, false);
                urls += "&appsecret=" + OakConfig.getApiAppSecret();
                String newSign = MD5Util.md5(urls);
                //log.info("拼接urls參數爲：" + urls + " 服務器端簽名sign爲：" + newSign);
                if (!sign.equals(newSign)) {
                    responseJson(response, gson.toJson(ResponseBean.error(ResponseCodeMsg.FAIL_STATUS, ResponseCodeMsg.SIGN_CHECK_ERROR_MSG, null)));
                    return false;
                }
                return true;
            } catch (Exception e) {
                log.error(e.toString());
                responseJson(response, gson.toJson(ResponseBean.error(ResponseCodeMsg.FAIL_STATUS, "請求異常!", null)));
                return false;
            }
        }

        @Override
        public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
                               ModelAndView modelAndView) throws Exception {

        }

        @Override
        public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
                throws Exception {

        }

        private void responseJson(HttpServletResponse response, String json) throws Exception {
            PrintWriter writer = null;
            response.setCharacterEncoding("UTF-8");
            response.setContentType("text/json; charset=utf-8");
            try {
                writer = response.getWriter();
                writer.print(json);
            } catch (IOException e) {
                log.error(e.toString());
            } finally {
                if (writer != null)
                    writer.close();
            }
        }

    }