Shulou(Shulou.com)06/02 Report--

This article is to share with you about how to implement Java interface signature. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

I. requirements

The following figure shows the specific requirements

II. Process

1. Assign appid and appsecret offline, and assign different appid and appsecret to different callers

2. Add timestamp (timestamp), and the data is valid for 10 minutes.

3. Add the serial number noncestr (to prevent repeated submission), at least 10 digits. For the query interface, the serial number is only used for log landing, which is convenient for later log verification. For the processing class interface, it is necessary to verify the uniqueness of the serial number within the validity period, in order to avoid repeated requests.

4. Join signature, the signature information of all data.

III. Realization

To put it simply, the business parameters of the caller's calling interface are passed in body, and four additional parameters signature, appkey, timestamp, and noncestr are added to header.

We get four parameters in the background, and the next three parameters plus the appSecret assigned by the caller are sorted by dictionary and encrypted with MD5, and compared with the first parameter signature. Consistency means that the caller has permission to call.

The following code verifies the demo implementation of the signature for the interface:

/ / reference jackson relies on @ Autowired private ObjectMapper objectMapper; @ Value ("${appsecret}") private String appSecret; / * verify signature * @ param preInfoItem * @ return * / boolean checkSignature (PreInfoItem preInfoItem) throws JsonProcessingException, IllegalAccessException {String signature= "signature"; String appkey= "appkey"; String timestamp= "timestamp"; String noncestr= "noncestr"; HttpServletRequest request = ServletUtils.getRequest () String headerSignature = request.getHeader (signature); String headerAppkey = request.getHeader (appkey); String headerTimestamp = request.getHeader (timestamp); String headerNoncestr = request.getHeader (noncestr); / / because sorting is needed, use TreeMap Map parms=new TreeMap (); parms.put (appkey,headerAppkey); parms.put (timestamp,headerTimestamp); parms.put (noncestr,headerNoncestr) Map stringObjectMap = objectToMap (parms, preInfoItem); String s = buildSignature (stringObjectMap); / / signature comparison if (s.equals (headerSignature)) {return true;} return false;} Map objectToMap (Map map,Object o) {Field [] declaredFields = o.getClass (). GetDeclaredFields (); for (Field field: declaredFields) {field.setAccessible (true) Try {if (field.getName () instanceof String) {map.put (field.getName (), field.get (o));}} catch (IllegalAccessException e) {throw new CustomException ("object to map exception");} return map } private String buildSignature (Map maps) {String S2; try {StringBuffer s = null; String S1 = objectMapper.writeValueAsString (maps); / / add appSecret s.append (S1) .append (appSecret); S2 = DigestUtils.md5DigestAsHex (s.toString (). GetBytes ());} catch (JsonProcessingException e) {throw new CustomException ("map to json exception") } return S2;} Thank you for your reading! This is the end of the article on "how to implement Java interface signature". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.