【JavaWeb】 接口鉴权
作者:互联网
一年前写过一篇,叫Webservice校验机制,叫法不太对,就是接口鉴权
https://www.cnblogs.com/mindzone/p/15078436.html
这东西就是说,你提供给外部的调用的这个接口,并不是随便一个请求就能访问的,需要增加一个校验的逻辑
只有符合这个逻辑的调用方才可以访问使用你的接口,算是安全性的措施吧:
这篇新增加了一个更为简单一点的,代码量稍微少一点的案例:
首先是SHA256的加密类:
package com.yonyou.dmscloud.interfaceManage.utils; import java.io.UnsupportedEncodingException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; /** * @Description: 实现Sha256实例 * @author: zkf * @date 2020年10月13日 */ public class Sha256 { /** * @Description: * @author: zkf * @date 2020年10月13日 * @param str 加密后的报文 * @param encoder 编码方式(例:UTF-8) * @return String */ public static String getSHA256(String str,String encoder) { MessageDigest messageDigest; String encodestr = ""; try { messageDigest = MessageDigest.getInstance("SHA-256"); messageDigest.update(str.getBytes(encoder)); encodestr = byte2Hex(messageDigest.digest()); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (UnsupportedEncodingException e) { e.printStackTrace(); } return encodestr; } /** * 将byte转为16进制 * * @param bytes * @return */ private static String byte2Hex(byte[] bytes) { StringBuffer stringBuffer = new StringBuffer(); String temp = null; for (int i = 0; i < bytes.length; i++) { temp = Integer.toHexString(bytes[i] & 0xFF); if (temp.length() == 1) { // 1得到一位的进行补0操作 stringBuffer.append("0"); } stringBuffer.append(temp); } return stringBuffer.toString(); } }
然后是接口处理的过程:
package com.yonyou.dmscloud.interfaceManage.utils; import java.io.IOException; import java.util.Date; import java.util.Map; import org.apache.http.HttpEntity; import org.apache.http.client.methods.CloseableHttpResponse; import org.apache.http.client.methods.HttpPost; import org.apache.http.entity.StringEntity; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClients; import org.apache.http.message.BasicHeader; import org.apache.http.protocol.HTTP; import org.apache.http.util.EntityUtils; import org.springframework.beans.factory.annotation.Autowired; public class HttpClientJsonUtilShuZi { @Autowired Sha256 sha256 = new Sha256(); /** * 数字门店鉴权字段 key */ private static final String apiKey = "4EA18E9EFB1F0EB645AD17B6BA01BA40"; /** * @Description: 1.数字门店 Aibee-Auth-Sign=sha256(Method + URL + Date + ApiSecret) * 编码方式: UTF-8;+表示字符串拼接;Date: 请求的时间戳;Method: GET/POST/PUT/DELETE * URL: 即本文档提供的接口url,不带域名或ip、端口号(举例:/function/updateCustomerTag)。 * ApiSecret: BABBED1ABEC3277092EE0BEE96A6D740 * apiKey: 4EA18E9EFB1F0EB645AD17B6BA01BA40 * @author: zkf * @date 2020年10月13日 * @param url * @param json * @param map map.get("method"); map.get("url"); * @return String */ public static String doPostJson(String url, String json,Map<String,String> map) { // 创建Httpclient对象 CloseableHttpClient httpClient = HttpClients.createDefault(); CloseableHttpResponse response = null; String resultString = ""; try { // 创建Http Post请求 HttpPost httpPost = new HttpPost(url); // 创建请求内容 StringEntity entity = new StringEntity(json, "utf-8"); entity.setContentEncoding(new BasicHeader(HTTP.CONTENT_TYPE,"application/json")); httpPost.setEntity(entity); httpPost.setHeader("Content-type", "application/json"); httpPost.setHeader("User-Agent", "Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt)"); //获得时间戳 String timeData = getTime(); httpPost.setHeader("Date", timeData); //Aibee-Auth-Sign=sha256(Method + URL + Date + ApiSecret) String method = map.get("method"); String notIpUrl = map.get("url"); String apiSecret = "BABBED1ABEC3277092EE0BEE96A6D740"; String aibeeAuthSign = method+notIpUrl+timeData+apiSecret; //Sha256加密 aibeeAuthSign = Sha256.getSHA256(aibeeAuthSign,"UTF-8"); httpPost.setHeader("Authorization", apiKey+":"+aibeeAuthSign); // 执行http请求 response = httpClient.execute(httpPost); //获取结果实体 HttpEntity entity = response.getEntity(); if (entity != null) { //按指定编码转换结果实体为String类型 resultString = EntityUtils.toString(htpEnti, "utf-8"); } EntityUtils.consume(entity); //释放链接 response.close(); return resultString; } catch (Exception e) { e.printStackTrace(); } finally { try { response.close(); } catch (IOException e) { e.printStackTrace(); } } return resultString; } /** * @Description: 返回时间戳 * @author: zkf * @date 2020年10月13日 * @return String */ private static String getTime() { Date date = new Date(); long time = date.getTime(); return String.valueOf(time);//获得时间戳 } }
标签:http,String,接口,return,org,apache,import,鉴权,JavaWeb 来源: https://www.cnblogs.com/mindzone/p/16036864.html