我方位数据源,与三方做数据对接要做的两件事情
1.因三方pull数据需要三方提供生产环境 IP 地址,我方配置IP白名单
2.三方公司会下发提供测试、生产环境的 securityKey=xxooYYxx 做签名认证,请求参数多加一个 signature=xxyyddd
通常会用MD5做数据签名认证
1.三方对请求参数做按字段顺序排序做加密
Map<String,String> map = new TreeMap<>(); map.put("Java","1"); map.put("PHP","2"); map.put("GO","3"); map.put("Python","4"); StringBuilder reqbuff = new StringBuilder(); for(Map.Entry<String,String> entry : map.entrySet()){ reqbuff.append(entry.getKey()).append("=").append(entry.getValue()).append("&"); } reqbuff.delete(reqbuff.length()-1,reqbuff.length()); System.out.println("请求字符串:" + reqbuff); String reqSign = DigestUtils.md5Hex(reqbuff.toString()); System.out.println("MD5签名:" + reqSign); map.put("signature",reqSign); //http.potst(url,map); post提交
2.我方对请求参数做签名认证
// HttpServletRequest request = null; // Map<String, String[]> paramMap = request.getParameterMap(); //从paramMap解析出key-value值 赋值到TreeMap 中 Map<String,String> map = new TreeMap<>(); map.put("Java","1"); map.put("PHP","2"); map.put("GO","3"); map.put("Python","4"); map.put("signature","5"); map.put("publickey","6"); //删除掉签名的字段 map.remove("signature"); //拼接签名的字符串 StringBuilder sb = new StringBuilder(); for(Map.Entry<String,String> entry : map.entrySet()){ sb.append(entry.getKey()).append("=").append(entry.getValue()).append("&"); } sb.delete(sb.length()-1,sb.length()); System.out.println("拼接好参数:" + sb); String sign = DigestUtils.md5Hex(sb.toString()); System.out.println("MD5签名:" + sign); if(map.get("signature").equals(sign)){ System.out.println("验签成功:" + sign); }
如果Content-type=application/json的也用相同的方式处理
扫描二维码关注公众号,回复:
4427698 查看本文章