1.[代码][Java]代码跳至String requestData = request.getParameter(ConstantField.API_PARAMS); // 加密后的数据String timestamp = request.getParameter(ConstantField.SIGN_TIMESTAP);String api_version = request.getParameter(ConstantField.SIGN_API_VERSION);String secret_key = request.getParameter(ConstantField.SIGN_AES_KEY);String sign = request.getParameter(ConstantField.API_SIGN);String httpMethod = httpRequest.getMethod();StringBuffer url = httpRequest.getRequestURL();long expires = 0;try {expires = Long.valueOf(request.getParameter(ConstantField.SIGN_EXPIRES));} catch (Exception e) {expires = 0;}// 提取Session绑定的秘钥HttpSession session = httpRequest.getSession(true);String aes_secret_key = String.valueOf(session.getAttribute(ConstantField.SIGN_AES_KEY)); // aes_secret_key// 用户是否切换动态密钥,是新密要解密if (enable_cryptic&& secret_key != null&& !secret_key.equals(String.valueOf(session.getAttribute(ConstantField.SIGN_RSA_KEY)))) {aes_secret_key = RSAUtils.decrypt(secret_key, RSA.getPrivateKey());// 记录用户AES秘钥,加密后密钥和明文密钥均记录session.setAttribute(ConstantField.SIGN_AES_KEY, aes_secret_key);session.setAttribute(ConstantField.SIGN_RSA_KEY, secret_key);}// 验签认证Status status = SignAuthUtil.verifySign(httpMethod, url, requestData,timestamp, expires, api_version, aes_secret_key, sign);if (enable_sing_auth && Status.SUCCESS != status) {writeResponse(httpResponse, status);return;}// 数据解密处理if (enable_cryptic && requestData != null && !””.equals(requestData)) {try {paramMap.put(ConstantField.API_PARAMS,AESUtils.decrypt(aes_secret_key, requestData));} catch (Exception e) {e.printStackTrace();}}// 根据请求设置返回数据格式HTTP headresponseWrapper.setContentType(“text/json;charset=” + encoding);responseWrapper.setCharacterEncoding(encoding);chain.doFilter(new ParameterRequestWrapper(httpRequest, paramMap),responseWrapper); // 数据给action
,有的旅行是为了拓宽眼界,浏览风景名胜。
