为什么80%的码农都做不了架构师?>>> 
当一请求一个链接或者是扫描二维码时,会请求后台方法,当然对于微信和支付宝来说,大多数时候是扫
码
一、首先说微信:
1、首先会判断请求中是否有code和state参数,没有的话就是还未授权,这时候走红框内进行授权,附授权方法代码:
/*** * @方法功能说明:微信授权* @方法修改者:* @修改日期:* @修改说明:* @作者:anyou* @创建时间:2017年3月8日 上午11:39:59 * @param @param response* @param @param url* @param @param request * @return void * @throws*/public static void oauthResp(HttpServletResponse response,String url, HttpServletRequest request){String reqUrl = getBaseUrl(request)+url+getUrlParameter(request);try {reqUrl = URLEncoder.encode(reqUrl, "utf-8");} catch (UnsupportedEncodingException e1) {e1.printStackTrace();}String _url = getWEXIN_USER_GETCODE(APPID, reqUrl, "code", "snsapi_base","sn_b");//snsapi_base sn_b静默授权 snsapi_userinfo sn_u提示授权try {response.sendRedirect(_url);} catch (IOException e) {e.printStackTrace();}}对于oauthResp这个授权方法,核心就是请求微信的授权接口(
"https://open.weixin.qq.com/connect/oauth2/authorize?appid=APPID&redirect_uri=REDIRECT_URI&response_type=code&scope=SCOPE&state=STATE#wechat_redirect";),这个接口需要公众号的appid,一个授权后重定向的路径redirect_uri,还有一个是scope,就是授权方式,分为静默授权和手动授权(感兴趣的自己研究,这里就不详细说了),其中redirect_uri一般就是你的后台method,此文中就是图片中所对应的方法,这样的目的在于它授权后会携带者code再去访问你的方法。
2、如果已经授权,就去获取openid,代码如下:
/*** * @方法功能说明:获取微信用户的openid* @方法修改者:* @修改日期:* @修改说明:* @作者:anyou* @创建时间:2017年3月8日 上午11:29:35 * @param @param code* @param @return * @return String * @throws*/public static String getOpenid(String code){String openid = "";String url = getWEXIN_USER_TOKEN(APPID,APPSECRET,code);String resp = httpsRequest(url, "GET", null);if(!resp.contains("errcode")){JSONObject object = JSONObject.parseObject(resp);openid = object.getString("openid");}return openid;}获取openid,请求的是微信如下接口("https://api.weixin.qq.com/sns/oauth2/access_token?appid=APPID&secret=SECRET&code=CODE&grant_type=authorization_code";)这个接口同样需要公众号的appid,再加上公众号的appsecret,还有授权成功后获取的授权码code,最后的grant_type是固定值authorization_code。请求这个接口成功后就会获得openid。
二、然后支付宝,其实微信支付宝大概流程一样,区别就在于封装的参数和签名方式不同
1、对于支付宝授权,也是判断一个code,在支付宝中名字叫auth_code,如果auth_code不存在,就进行支付宝授权,支付宝授权方法如下:
/*** * @方法功能说明:支付宝授权* @方法修改者:* @修改日期:* @修改说明:* @作者:anyou* @创建时间:2017年3月8日 下午6:43:12 * @param @param response* @param @param url* @param @param request * @return void * @throws*/public static void zfboauthResp(HttpServletResponse response,String url, HttpServletRequest request){String reqUrl = getBaseUrl(request)+url+getUrlParameter(request);try {reqUrl = URLEncoder.encode(reqUrl, "utf-8");} catch (UnsupportedEncodingException e1) {e1.printStackTrace();}String _url = getZFBOUATH(APP_ID, reqUrl, "auth_base");try {response.sendRedirect(_url);} catch (IOException e) {e.printStackTrace();}}支付宝授权请求的是支付宝的授权接口("https://openauth.alipay.com/oauth2/publicAppAuthorize.htm?app_id=APPID&scope=SCOPE&redirect_uri=ENCODED_URL"),这个接口需要支付宝的appid和授权类型,同样也需要一个重定向的路径,这跟微信基本一样。
2、授权成功后,获取支付宝用户的user_id,先上代码:
/*** * @方法功能说明:获取支付宝的userid* @方法修改者:* @修改日期:* @修改说明:* @作者:anyou* @创建时间:2017年3月8日 下午4:14:39 * @param @param url* @param @param request* @param @return * @return String * @throws*/public static String getZfbUserId(String auth_code){String userId = "";//组装参数HashMap<String,String> hashMap = new HashMap<String, String>();hashMap.put("app_id", APP_ID);hashMap.put("method", "alipay.system.oauth.token");hashMap.put("charset", "GBK");hashMap.put("sign_type", "RSA");hashMap.put("timestamp", DateUtils.getTime(new Date()));hashMap.put("grant_type", "authorization_code");hashMap.put("code", auth_code);hashMap.put("version", "1.0");String createLinkString = createLinkString(hashMap);String sign = RSA.sign(createLinkString, PRIVATE_KEY, "GBK");//RSA签名hashMap.put("sign", sign);String post;try {//请求支付宝接口post = HttpRequestsUtils.post(ZFB, hashMap, true);if(!post.contains("error_response")){JSONObject object = JSONObject.parseObject(post);String alipay_system_oauth_token_response = object.getString("alipay_system_oauth_token_response");if(alipay_system_oauth_token_response != null){JSONObject object2 = JSONObject.parseObject(alipay_system_oauth_token_response);if(object2 != null){userId = object2.getString("user_id");} }}//得到结果System.out.println(userId);} catch (IOException e) {e.printStackTrace();}return userId; }这与微信的区别有点大,封装的参数比较多,获取个userid就得封装这么多参数,也可能是支付宝的安全机制要求的较高吧,这里需要支付宝的appid;要请求的方法method,就是上面的alipay.system.oauth.token;编码charset,一般是GBK,也支持utf-8,根据自己的需要来;然后是签名类型sign_type,这个比较重要,支付宝用的签名方式是RSA,为什么安全性较高,也许就在这吧;然后是时间戳timestamp;然后是grant_type,获取用户信息时填写固定值authorization_code;然后是code,就是授权成功后获取到的那个auth_code,特别注意,请求这个接口时键名为code,而不是auth_code;最后是版本号version,写固定值1.0即可;封装好参数之后利用RSA进行签名,签名后将sign参数也封装到参数的map中,最后请求支付宝的接口("https://openapi.alipay.com/gateway.do")获取数据就ok了。
三、我已将上述功能封装为工具类,实在不懂的话就copy and paste , then run:
1、支付请求工具类
package com.hc360.rhfgateway.web.util;import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.net.URL;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.ResourceBundle;import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;import com.alibaba.fastjson.JSONObject;
import com.hc360.rhfgateway.common.util.DateUtils;
import com.hc360.rhfgateway.common.util.HttpRequestsUtils;
import com.hc360.rhfgateway.web.util.alipay.RSA;/*** * @项目名称:rhfgateway* @类功能说明:支付请求工具类* @类修改者:* @修改日期:* @修改说明:* @公司名称:慧聪云信大数据科技有限公司* @作者:anyou* @创建时间:2017年3月8日 上午10:22:26* @版本:V1.0*/
public class PayRequestUtil {private static ResourceBundle resb1 = ResourceBundle.getBundle("payapi");public static String WEXIN_USER_TOKEN = "https://api.weixin.qq.com/sns/oauth2/access_token?appid=APPID&secret=SECRET&code=CODE&grant_type=authorization_code";public static String WEXIN_USER_GETCODE = "https://open.weixin.qq.com/connect/oauth2/authorize?appid=APPID&redirect_uri=REDIRECT_URI&response_type=code&scope=SCOPE&state=STATE#wechat_redirect";public static String ZFB = "https://openapi.alipay.com/gateway.do";public static String ZFBOUATH = "https://openauth.alipay.com/oauth2/publicAppAuthorize.htm?app_id=APPID&scope=SCOPE&redirect_uri=ENCODED_URL";// APPIDprivate static String APPID = resb1.getString("APPID");//APPSECRETprivate static String APPSECRET = resb1.getString("APPSECRET");//支付宝app_idprivate static String APP_ID = resb1.getString("app_id");//支付宝开发这私钥private static String PRIVATE_KEY = resb1.getString("private_key");//支付宝公钥private static String ALIPAY_PUBLIC_KEY = resb1.getString("alipay_public_key");/*** * @方法功能说明:判断请求来自于什么支付客户端;wechat:微信,alipay:支付宝,baiduwallet:百度钱包,qq:qq钱包* @方法修改者:* @修改日期:* @修改说明:* @作者:anyou* @创建时间:2017年3月8日 上午10:44:15 * @param @param request* @param @return * @return String * @throws*/public static String payClient(HttpServletRequest request){String payType = "";String agent = request.getHeader("User-Agent").toLowerCase();if (agent.contains("micromessenger")) {payType = "wechat"; }else if(agent.contains("alipaydefined")){payType = "alipay";}else if(agent.contains("baiduwallet")){payType = "baiduwallet";}else if(agent.contains("qq")){payType = "qq";}return payType;}/*** * @方法功能说明:https请求忽略证书* @方法修改者:* @修改日期:* @修改说明:* @作者:anyou* @创建时间:2017年3月8日 上午11:03:45 * @param @param url* @param @param method* @param @param data* @param @return * @return String * @throws*/public static String httpsRequest(String url, String method, String data) {// 创建SSLContext对象TrustManager[] tm = { new Webtrust() };try {SSLContext sslContext = SSLContext.getInstance("SSL", "SunJSSE");sslContext.init(null, tm, new java.security.SecureRandom());SSLSocketFactory ssf = sslContext.getSocketFactory();URL _url = new URL(url);HttpsURLConnection conn = (HttpsURLConnection) _url.openConnection();conn.setSSLSocketFactory(ssf);conn.setDoOutput(true);conn.setDoInput(true);conn.setUseCaches(false);conn.setRequestMethod(method);// 传送数据if (null != data) {OutputStream outputStream = conn.getOutputStream();// 注意编码格式outputStream.write(data.getBytes("UTF-8"));outputStream.close();}// 读取返回数据InputStream inputStream = conn.getInputStream();InputStreamReader inputStreamReader = new InputStreamReader(inputStream, "UTF-8");BufferedReader bufferedReader = new BufferedReader(inputStreamReader);String str = null;StringBuffer buffer = new StringBuffer();while ((str = bufferedReader.readLine()) != null) {buffer.append(str);}// 释放资源bufferedReader.close();inputStreamReader.close();inputStream.close();inputStream = null;conn.disconnect();return buffer.toString();} catch (Exception e) {e.printStackTrace();}return null;}/*** * @方法功能说明:获取微信用户token* @方法修改者:* @修改日期:* @修改说明:* @作者:anyou* @创建时间:2017年3月8日 上午11:06:53 * @param @param appid* @param @param secret* @param @param code* @param @return * @return String * @throws*/public static String getWEXIN_USER_TOKEN(String appid,String secret,String code) {return WEXIN_USER_TOKEN.replace("APPID", appid).replace("SECRET", secret).replace("CODE", code);}/*** * @方法功能说明:获取支付宝授权* @方法修改者:* @修改日期:* @修改说明:* @作者:anyou* @创建时间:2017年3月8日 下午3:52:37 * @param @param app_id* @param @param redirect_uri* @param @return * @return String * @throws*/public static String getZFBOUATH(String app_id,String redirect_uri, String scope) {return ZFBOUATH.replace("APPID", app_id).replace("ENCODED_URL", redirect_uri).replace("SCOPE", scope);}/*** * @方法功能说明:获取code* @方法修改者:* @修改日期:* @修改说明:* @作者:anyou* @创建时间:2017年3月8日 上午11:38:32 * @param @param appid* @param @param redirect_uri* @param @param response_type* @param @param scope* @param @param state* @param @return * @return String * @throws*/public static String getWEXIN_USER_GETCODE(String appid,String redirect_uri,String response_type,String scope,String state) {return WEXIN_USER_GETCODE.replace("APPID", appid).replace("REDIRECT_URI", redirect_uri).replace("RESPONSE_TYPE", response_type).replace("SCOPE", scope).replace("STATE", state);}/*** * @方法功能说明:获取微信用户的openid* @方法修改者:* @修改日期:* @修改说明:* @作者:anyou* @创建时间:2017年3月8日 上午11:29:35 * @param @param code* @param @return * @return String * @throws*/public static String getOpenid(String code){String openid = "";String url = getWEXIN_USER_TOKEN(APPID,APPSECRET,code);String resp = httpsRequest(url, "GET", null);if(!resp.contains("errcode")){JSONObject object = JSONObject.parseObject(resp);openid = object.getString("openid");}return openid;}/*** * @方法功能说明:获取支付宝的userid* @方法修改者:* @修改日期:* @修改说明:* @作者:anyou* @创建时间:2017年3月8日 下午4:14:39 * @param @param url* @param @param request* @param @return * @return String * @throws*/public static String getZfbUserId(String auth_code){String userId = "";//组装参数HashMap<String,String> hashMap = new HashMap<String, String>();hashMap.put("app_id", APP_ID);hashMap.put("method", "alipay.system.oauth.token");hashMap.put("charset", "GBK");hashMap.put("sign_type", "RSA");hashMap.put("timestamp", DateUtils.getTime(new Date()));hashMap.put("grant_type", "authorization_code");hashMap.put("code", auth_code);hashMap.put("version", "1.0");String createLinkString = createLinkString(hashMap);String sign = RSA.sign(createLinkString, PRIVATE_KEY, "GBK");//RSA签名hashMap.put("sign", sign);String post;try {//请求支付宝接口post = HttpRequestsUtils.post(ZFB, hashMap, true);if(!post.contains("error_response")){JSONObject object = JSONObject.parseObject(post);String alipay_system_oauth_token_response = object.getString("alipay_system_oauth_token_response");if(alipay_system_oauth_token_response != null){JSONObject object2 = JSONObject.parseObject(alipay_system_oauth_token_response);if(object2 != null){userId = object2.getString("user_id");} }}//得到结果System.out.println(userId);} catch (IOException e) {e.printStackTrace();}return userId; }/*** * @方法功能说明:支付宝授权* @方法修改者:* @修改日期:* @修改说明:* @作者:anyou* @创建时间:2017年3月8日 下午6:43:12 * @param @param response* @param @param url* @param @param request * @return void * @throws*/public static void zfboauthResp(HttpServletResponse response,String url, HttpServletRequest request){String reqUrl = getBaseUrl(request)+url+getUrlParameter(request);try {reqUrl = URLEncoder.encode(reqUrl, "utf-8");} catch (UnsupportedEncodingException e1) {e1.printStackTrace();}String _url = getZFBOUATH(APP_ID, reqUrl, "auth_base");try {response.sendRedirect(_url);} catch (IOException e) {e.printStackTrace();}}/*** * @方法功能说明:微信授权* @方法修改者:* @修改日期:* @修改说明:* @作者:anyou* @创建时间:2017年3月8日 上午11:39:59 * @param @param response* @param @param url* @param @param request * @return void * @throws*/public static void oauthResp(HttpServletResponse response,String url, HttpServletRequest request){String reqUrl = getBaseUrl(request)+url+getUrlParameter(request);try {reqUrl = URLEncoder.encode(reqUrl, "utf-8");} catch (UnsupportedEncodingException e1) {e1.printStackTrace();}String _url = getWEXIN_USER_GETCODE(APPID, reqUrl, "code", "snsapi_base","sn_b");//snsapi_base sn_b静默授权 snsapi_userinfo sn_u提示授权try {response.sendRedirect(_url);} catch (IOException e) {e.printStackTrace();}}/*** * @方法功能说明:获取初参数外的全地址路径* @方法修改者:* @修改日期:* @修改说明:* @作者:anyou* @创建时间:2017年3月8日 上午11:34:35 * @param @param request* @param @return * @return String * @throws*/public static String getBaseUrl(HttpServletRequest request){String path = request.getContextPath();String url = "";String _port = ":"+request.getServerPort();if(_port.equals(":80")||_port.equals(":443"))_port = "";url = request.getScheme()+"://"+request.getServerName()+_port+path;return url;}/*** * @方法功能说明:参数封装* @方法修改者:* @修改日期:* @修改说明:* @作者:anyou* @创建时间:2017年3月8日 上午11:36:38 * @param @param request* @param @return * @return String * @throws*/public static String getUrlParameter(HttpServletRequest request){@SuppressWarnings("unchecked")Map<String, String[]> map = request.getParameterMap();String pul = "";if(map.size() > 0){pul += "?";for (String key : map.keySet()) {String value = map.get(key)[0];pul += key + "=" + value +"&";}pul = pul.substring(0, pul.length()-1);}return pul;}/*** * @方法功能说明:把数组所有元素排序,并按照“参数=参数值”的模式用“&”字符拼接成字符串* @方法修改者:* @修改日期:* @修改说明:* @作者:anyou* @创建时间:2017年3月23日 下午12:35:17 * @param @param params* @param @return * @return String * @throws*/public static String createLinkString(Map<String, String> params) {List<String> keys = new ArrayList<String>(params.keySet());Collections.sort(keys);String prestr = "";for (int i = 0; i < keys.size(); i++) {String key = keys.get(i);String value = params.get(key);if (i == keys.size() - 1) {//拼接时,不包括最后一个&字符prestr = prestr + key + "=" + value;} else {prestr = prestr + key + "=" + value + "&";}}return prestr;}
}
2、http请求工具类(这是我公司一个大牛封装的,牛的一比)
package com.hc360.rhfgateway.common.util;import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;import javax.net.ssl.SSLContext;import org.apache.http.HttpEntity;
import org.apache.http.NameValuePair;
import org.apache.http.client.ResponseHandler;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLContextBuilder;
import org.apache.http.conn.ssl.TrustStrategy;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.BasicResponseHandler;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;/*** * @ClassName: HttpRequestsUtils* @Description: http请求工具类* @author Qawine* @version v1.0* @date 2017年3月5日 下午5:37:26**/
public class HttpRequestsUtils {public static final String DEFAULT_CHARST = "GBK";/*** 方法功能说明:http client post请求 创建:2016-8-11 by 朤朤先生 修改:日期 by 修改者 修改内容:* * @参数: @param url @参数: @param params @参数: @return @参数: @throws* IOException @return String @throws*/public static String httpsPost(String url, List<NameValuePair> params, boolean b) throws IOException {CloseableHttpClient httpclient = null;if (b)httpclient = defaultSSL();elsehttpclient = HttpClientBuilder.create().build();HttpPost httppost = new HttpPost(url);httppost.setEntity(new UrlEncodedFormEntity(params));CloseableHttpResponse response = httpclient.execute(httppost);HttpEntity entity = response.getEntity();String jsonStr = EntityUtils.toString(entity, DEFAULT_CHARST);httppost.releaseConnection();return jsonStr;}/*** 方法功能说明:post 数据 创建:2016-8-11 by 朤朤先生 修改:日期 by 修改者 修改内容:* * @参数: @param url @参数: @param map @参数: @return @参数: @throws* IOException @return String @throws*/public static String post(String url, Map<String, String> map, boolean b) throws IOException {List<NameValuePair> params = new ArrayList<NameValuePair>();if (map != null && map.size() > 0) {for (String key : map.keySet()) {params.add(new BasicNameValuePair(key, map.get(key)));}}return httpsPost(url, params, b);}/*** 方法功能说明:post json或者XML数据 创建:2016-8-11 by 朤朤先生 修改:日期 by 修改者* 修改内容: @参数: @param url @参数: @param data @参数: @param b true为xml false为json @参数: @return @return* String @throws*/public static String postXMLorJson(String url, String data, boolean b) {String returnValue = "这是默认返回值,接口调用失败";CloseableHttpClient httpClient = HttpClients.createDefault();ResponseHandler<String> responseHandler = new BasicResponseHandler();try {// 第一步:创建HttpClient对象httpClient = HttpClients.createDefault();// 第二步:创建httpPost对象HttpPost httpPost = new HttpPost(url);// 第三步:给httpPost设置JSON格式的参数StringEntity requestEntity = new StringEntity(data, DEFAULT_CHARST);requestEntity.setContentEncoding(DEFAULT_CHARST);if (b)httpPost.setHeader("Content-type", "text/xml");elsehttpPost.setHeader("Content-type", "application/json");httpPost.setEntity(requestEntity);// 第四步:发送HttpPost请求,获取返回值returnValue = httpClient.execute(httpPost, responseHandler);} catch (Exception e) {e.printStackTrace();}finally {try {httpClient.close();} catch (IOException e) {// TODO Auto-generated catch blocke.printStackTrace();}}// 第五步:处理返回值return returnValue;}/*** @throws IOException @throws ClientProtocolException 方法功能说明:get请求* 创建:2016-8-11 by 朤朤先生 修改:日期 by 修改者 修改内容: @参数: @param url @参数: @param* b @参数: @return @return String @throws*/public static String get(String url, boolean b) throws IOException {String returnValue = "error";CloseableHttpClient httpclient = null;if (b)httpclient = defaultSSL();elsehttpclient = HttpClientBuilder.create().build();HttpGet httpget = new HttpGet(url);// 配置请求超时RequestConfig requestConfig = RequestConfig.custom().setConnectionRequestTimeout(50).setConnectTimeout(50).setSocketTimeout(50).build();httpget.setConfig(requestConfig);CloseableHttpResponse response = httpclient.execute(httpget);HttpEntity entity = response.getEntity();returnValue = EntityUtils.toString(entity);//httpget.releaseConnection();return returnValue;}/*** 方法功能说明:忽略证书 创建:2016-8-11 by 朤朤先生 修改:日期 by 修改者 修改内容: @参数: @return @return* CloseableHttpClient @throws*/@SuppressWarnings("deprecation")private static CloseableHttpClient defaultSSL() {try {SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() {// 信任所有public boolean isTrusted(X509Certificate[] chain, String authType) {return true;}}).build();SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext);return HttpClients.custom().setSSLSocketFactory(sslsf).build();} catch (KeyManagementException e) {e.printStackTrace();} catch (NoSuchAlgorithmException e) {e.printStackTrace();} catch (KeyStoreException e) {e.printStackTrace();}return HttpClients.createDefault();}
}
