我方位数据源,与三方做数据对接要做的两件事情
1.因三方pull数据需要三方提供生产环境 IP 地址,我方配置IP白名单
2.三方公司会下发提供测试、生产环境的 securityKey=xxooYYxx 做签名认证,请求参数多加一个 signature=xxyyddd
通常会用MD5做数据签名认证
1.三方对请求参数做按字段顺序排序做加密
Map<String,String> map = new TreeMap<>();
map.put("Java","1");
map.put("PHP","2");
map.put("GO","3");
map.put("Python","4");
StringBuilder reqbuff = new StringBuilder();
for(Map.Entry<String,String> entry : map.entrySet()){
reqbuff.append(entry.getKey()).append("=").append(entry.getValue()).append("&");
}
reqbuff.delete(reqbuff.length()-1,reqbuff.length());
System.out.println("请求字符串:" + reqbuff);
String reqSign = DigestUtils.md5Hex(reqbuff.toString());
System.out.println("MD5签名:" + reqSign);
map.put("signature",reqSign);
//http.potst(url,map); post提交
2.我方对请求参数做签名认证
// HttpServletRequest request = null;
// Map<String, String[]> paramMap = request.getParameterMap();
//从paramMap解析出key-value值 赋值到TreeMap 中
Map<String,String> map = new TreeMap<>();
map.put("Java","1");
map.put("PHP","2");
map.put("GO","3");
map.put("Python","4");
map.put("signature","5");
map.put("publickey","6");
//删除掉签名的字段
map.remove("signature");
//拼接签名的字符串
StringBuilder sb = new StringBuilder();
for(Map.Entry<String,String> entry : map.entrySet()){
sb.append(entry.getKey()).append("=").append(entry.getValue()).append("&");
}
sb.delete(sb.length()-1,sb.length());
System.out.println("拼接好参数:" + sb);
String sign = DigestUtils.md5Hex(sb.toString());
System.out.println("MD5签名:" + sign);
if(map.get("signature").equals(sign)){
System.out.println("验签成功:" + sign);
}
如果Content-type=application/json的也用相同的方式处理
扫描二维码关注公众号,回复:
4427698 查看本文章
