用Spring MVC做api接口,在请求中加入token做简单的验证
服务器:
拼接token之外所有参数,最后拼接token_key,做MD5,与token参数比对
如果token比对失败返回状态码 500
public class APIInterceptor extends HandlerInterceptorAdapter {@Overridepublic boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {Log.info(request);String token = request.getParameter("token");// token is not needed when debugif(token == null) return true; // !! remember to comment this when deploy on server !!Enumeration paraKeys = request.getParameterNames();String encodeStr = "";while (paraKeys.hasMoreElements()) {String paraKey = (String) paraKeys.nextElement();if(paraKey.equals("token")) break;String paraValue = request.getParameter(paraKey);encodeStr += paraValue;}encodeStr += Default.TOKEN_KEY;Log.out(encodeStr);if ( ! token.equals(DigestUtils.md5Hex(encodeStr))) {response.setStatus(500);return false;}return true;}@Overridepublic void postHandle(HttpServletRequest request,HttpServletResponse response, Object handler,ModelAndView modelAndView) throws Exception {Log.info(request);}@Overridepublic void afterCompletion(HttpServletRequest request,HttpServletResponse response, Object handler, Exception ex)throws Exception {}}
spring-config.xml配置中加入
<mvc:interceptors><mvc:interceptor><mvc:mapping path="/api/*" /><bean class="cn.web.interceptor.APIInterceptor" /></mvc:interceptor></mvc:interceptors>
客户端:
拼接请求接口的所有参数,最后拼接token_key,做MD5,作为token参数
请求样例:http://127.0.0.1:8080/interface/api?key0=param0&key1=param1&token=md5(concat(param0, param1))
api测试页面,用到了Bootstrap和AngularJS,还有一个js的hex_md5函数
<!doctype html><html ng-app><head><meta charset="UTF-8"><title>API test</title><link href="../css/bootstrap.min.css" rel="stylesheet"><script src="../js/md5.min.js"></script><script src="../js/angular.min.js"></script><script>function API(url){this.url = arguments[0];this.params = Array.prototype.slice.call(arguments, 1, arguments.length);this.request = function(params){var addr = url;var values = Array.prototype.slice.call(arguments, 1, arguments.length);if(params[0] != undefined && values[0] != undefined && values[0] != '')addr += '?' + params[0] + "=" + values[0];for(var i=1; i < values.length; i++)if(params[i] != undefined && values[i] != undefined && values[i] != '')addr += "&" + params[i] + "=" + values[i];return addr;}}function APIListCtrl($scope) {$scope.md5 = hex_md5;$scope.token_key = "9ae5r06fs8";$scope.concat = function(){var args = Array.prototype.slice.call(arguments, 0, arguments.length);args.push($scope.token_key);return args.join("");}$scope.apilist = [new API("account/login", "username", "pwd"),new API("account/register", "username", "pwd", "tel", "code"),] ;}</script></head><body><div ng-controller="APIListCtrl"><div> Search: <input type="text" ng-model="search"><hr> token_key <input type="text" ng-model="token_key"> md5 <input type="text" ng-model="str"> {{md5(str)}} </div><hr><div ng-repeat="api in apilist | filter:search" ><form action="{{api.url}}" method="post"><a href="{{api.request(api.params, value0, value1, value2, value3, value4, value5, value6, value7, value8, value9)}}">{{api.request(api.params, value0, value1, value2, value3, value4, value5, value6, value7, value8, value9)}}</a><br>{{concat(value0, value1, value2, value3, value4, value5, value6, value7, value8, value9)}}<br>{{api.params[0]}} <input id="{{api.params[0]}}" name="{{api.params[0]}}" ng-model="value0" ng-hide="api.params[0]==undefined">{{api.params[1]}} <input id="{{api.params[1]}}" name="{{api.params[1]}}" ng-model="value1" ng-hide="api.params[1]==undefined">{{api.params[2]}} <input id="{{api.params[2]}}" name="{{api.params[2]}}" ng-model="value2" ng-hide="api.params[2]==undefined">{{api.params[3]}} <input id="{{api.params[3]}}" name="{{api.params[3]}}" ng-model="value3" ng-hide="api.params[3]==undefined">{{api.params[4]}} <input id="{{api.params[4]}}" name="{{api.params[4]}}" ng-model="value4" ng-hide="api.params[4]==undefined">{{api.params[5]}} <input id="{{api.params[5]}}" name="{{api.params[5]}}" ng-model="value5" ng-hide="api.params[5]==undefined">{{api.params[6]}} <input id="{{api.params[6]}}" name="{{api.params[6]}}" ng-model="value6" ng-hide="api.params[6]==undefined">{{api.params[7]}} <input id="{{api.params[7]}}" name="{{api.params[7]}}" ng-model="value7" ng-hide="api.params[7]==undefined">{{api.params[8]}} <input id="{{api.params[8]}}" name="{{api.params[8]}}" ng-model="value8" ng-hide="api.params[8]==undefined">{{api.params[9]}} <input id="{{api.params[9]}}" name="{{api.params[9]}}" ng-model="value9" ng-hide="api.params[9]==undefined">token <input id="token" name="token" value="{{md5(concat(value0, value1, value2, value3, value4, value5, value6, value7, value8, value9))}}"><input type="submit" class="btn" ng-hide="api.params[0]==undefined"></form><hr></div></div></body></html>