微信APP支付Java后端回调处理
package com.gaoxiao.framework.controller.gaojia; import com.gaoxiao.framework.commonfiles.entity.StatusResult; import com.gaoxiao.framework.commonfiles.utils.PayCommonUtil; import com.gaoxiao.framework.modules.user.entity.MemberOrder; import com.gaoxiao.framework.modules.user.enums.StatusEnum; import com.gaoxiao.framework.modules.user.service.MemberCouponService; import com.gaoxiao.framework.modules.user.service.MemberOrderService; import com.tenpay.util.XMLUtil; import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Controller; import org.springframework.transaction.annotation.Transactional; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.BufferedReader; import java.util.HashMap; import java.util.Map; import java.util.SortedMap; import java.util.TreeMap; /** * Created by xuxiang on 2016/8/23. */ @Controller @RequestMapping("pay/aliPay") public class GetAliNotifyUrl { protected static final Logger LOG = LoggerFactory .getLogger(GetAliNotifyUrl.class); @Autowired private MemberOrderService memberOrderService; @Autowired private MemberCouponService memberCouponService; @RequestMapping(value = "payNotifyUrl", produces = "application/json;charset=UTF-8") @ResponseBody public String payNotifyUrl(HttpServletRequest request, HttpServletResponse response) throws Exception { BufferedReader reader = null; reader = request.getReader(); String line = ""; String xmlString = null; StringBuffer inputString = new StringBuffer(); while ((line = reader.readLine()) != null) { inputString.append(line); } xmlString = inputString.toString(); request.getReader().close(); System.out.println("----接收到的数据如下:---" + xmlString); Map<String, String> map = new HashMap<String, String>(); String result_code = ""; String return_code = ""; String out_trade_no = ""; map = XMLUtil.doXMLParse(xmlString); result_code = map.get("result_code"); out_trade_no = map.get("out_trade_no"); return_code = map.get("return_code"); if (checkSign(xmlString)) { this.memberOrderService.updateOrderInfo(out_trade_no); MemberOrder memberOrder = memberOrderService.get(out_trade_no); String couponId = memberOrder.getCouponId(); if (StringUtils.isNotEmpty(couponId)) { memberCouponService.updateStatus(couponId); } return returnXML(result_code); } else { return returnXML("FAIL"); } } private boolean checkSign(String xmlString) { Map<String, String> map = null; try { map = XMLUtil.doXMLParse(xmlString); } catch (Exception e) { e.printStackTrace(); } String signFromAPIResponse = map.get("sign").toString(); if (signFromAPIResponse == "" || signFromAPIResponse == null) { System.out.println("API返回的数据签名数据不存在,有可能被第三方篡改!!!"); return false; } System.out.println("服务器回包里面的签名是:" + signFromAPIResponse); //清掉返回数据对象里面的Sign数据(不能把这个数据也加进去进行签名),然后用签名算法进行签名 map.put("sign", ""); //将API返回的数据根据用签名算法进行计算新的签名,用来跟API返回的签名进行比较 String signForAPIResponse = getSign(map); if (!signForAPIResponse.equals(signFromAPIResponse)) { //签名验不过,表示这个API返回的数据有可能已经被篡改了 System.out.println("API返回的数据签名验证不通过,有可能被第三方篡改!!! signForAPIResponse生成的签名为" + signForAPIResponse); return false; } System.out.println("恭喜,API返回的数据签名验证通过!!!"); return true; } private String returnXML(String return_code) { return "<xml><return_code><![CDATA[" + return_code + "]]></return_code><return_msg><![CDATA[OK]]></return_msg></xml>"; } public String getSign(Map<String, String> map) { SortedMap<String, String> signParams = new TreeMap<String, String>(); for (Map.Entry<String, String> stringStringEntry : map.entrySet()) { signParams.put(stringStringEntry.getKey(), stringStringEntry.getValue()); } signParams.remove("sign"); String sign = PayCommonUtil.createSign("UTF-8", signParams); return sign; } }
(注:工具类可以参考http://www.cnblogs.com/xu-xiang/p/5797575.html)
我喜欢程序员,他们单纯、固执、容易体会到成就感;面对压力,能够挑灯夜战不眠不休;面对困难,能够迎难而上挑战自我。他
们也会感到困惑与傍徨,但每个程序员的心中都有一个比尔盖茨或是乔布斯的梦想“用智慧开创属于自己的事业”。我想说的是,其
实我是一个程序员