Online payment function Realization of SSH Framework Online Mall Project 23rd _java

Source: Internet
Author: User
Tags hmac ssh stringbuffer

In the previous section, we made the payment page display, from the previous section of the payment page displayed in the JSP code can be seen, when the user clicks to confirm payment, will jump to ${shop}/pay_gobank.action action, that is to say, After submission we have to deal with some logic in the Payaction GoBank method (that is, the logic of the flowchart in the 21 demo), that is, to obtain clear text, encrypt the plaintext into the signature (ciphertext) and then visit the Easy Treasure Server, easy to connect the bank, complete payment.
But given the MVC design pattern, we'll put the above business logic in the service layer, so let's implement the payment logic for the demo in section 21.

1. First write a model to encapsulate the parameters

First we need to write a model (SendData) to receive the parameters of the JSP page, as well as their own add other need to send parameters, these parameters are easy to treasure official documents, we strictly follow the provisions of the document can:


 * * Mall to the easy to pay the information sent, encapsulated as entity * */public
class SendData implements Serializable {

 private static final long SE Rialversionuid = -6304103739907145812l;
 (*) indicates a required field
 private string p0_cmd//Business Type (*), fixed as: Buy
 private string p1_merid;//merchant number (*)
 private string p2_ order;//Merchant Order Number private string
 p3_amt;//payment amount
 private string p4_cur;//transaction currency (*)
 private string p5_pid;// Product name
 private string p6_pcat;//commodity type
 private string p7_pdesc;//Commodity Description
 private string p8_url;// The merchant receives the address of the payment success data
 private string p9_saf;//shipping address
 private string pa_mp;//merchant extension information
 private string pd_frpid;// Payment channel encoding, i.e. bank
 private String pr_needresponse;//Answering mechanism

 //omitting Get and set methods
}

These attributes are to be passed to yeepay all the parameters, you can choose the parameters you need, not all of them, depending on the situation, generally in addition to P5, P6, P7, other we will pass through. Now let's look at the code for the action:

2. Implementation of Payaction

In Payaction, we mainly encapsulate some of the parameters of the JSP page into model, then call the service layer method to initialize the other parameters, as follows:

@Controller ("Payaction")
@Scope ("prototype") Public
class Payaction extends baseaction<object> Implements parameteraware{public

 String GoBank () {
  //1. Complement parameters: P2 P3 PD Pa, you need to get forder forder
  = (Ford ER) session.get ("Oldforder");
  User user = (user) session.get ("user");
  Model.setp2_order (Forder.getid (). toString ()); Merchant Order number
  Model.setp3_amt (Forder.gettotal (). toString ());//Payment Amount
  MODEL.SETPA_MP (user.getemail () + "," + User.getphone ()); Merchant Extended information
  //2. Append//3 to the parameter  
  . Encrypted get signature  
  //4. stored in the request domain
  payservice.savedatatorequest (request, model); 2,3,4 business logic to the service layer to deal with
  //5. Jump to Payment page return  
  "pay";
 }


Next we write the service layer code, the service layer mainly implements the logic of the above 2,3,4 steps:

3. Implementation of Service layer

The specific code is as follows:

Payservice interface Public interface Payservice {//Store encrypted information in Requestmap public abstract map<string, object> Saveda

 Tatorequest (map<string, object> request, SendData SendData);
Encrypt the returned data to the ciphertext, and compare it to the cipher text that was sent back (we'll do it later) public boolean checkbackdata (Backdata backdata); //payserviceimpl Implementation Class @Service ("Payservice") public class Payserviceimpl implements Payservice {//Key @Value ("#{prop.ke 
 Y} ") Private String key; 
 @Value ("#{prop.p1_merid}")//Merchant account (not order number) private String p1_merid; 
 Payment successful return address @Value ("#{prop.p8_url}") Private String P8_url; The above three properties are fixed values, I put them in the Pay.properties configuration file, directly using the spring annotation @value get/fill senddata data, P2 P3 PD Pa is the foreground injection, do not need to make up in this,
   has been in action to get the private SendData finishsenddata (SendData senddata) {senddata.setp0_cmd ("buy");
   Senddata.setp1_merid (P1_merid);
   Senddata.setp4_cur ("CNY");
   Senddata.setp5_pid ("");
   Senddata.setp6_pcat ("");
   Senddata.setp7_pdesc ("");
   Senddata.setp8_url (P8_url);
   Senddata.setp9_saf ("0"); Senddata.setpr_Needresponse ("0");
  return senddata; //completes Append of data, returns appended plaintext private String Joinsenddataparam (SendData senddata) {//populated all data SendData = This.finishsen
   Ddata (SendData);
   StringBuffer InfoBuffer = new StringBuffer ();
   Infobuffer.append (Senddata.getp0_cmd ());
   Infobuffer.append (Senddata.getp1_merid ());
   Infobuffer.append (Senddata.getp2_order ());
   Infobuffer.append (Senddata.getp3_amt ());
   Infobuffer.append (Senddata.getp4_cur ());
   Infobuffer.append (Senddata.getp5_pid ());
   Infobuffer.append (Senddata.getp6_pcat ());
   Infobuffer.append (Senddata.getp7_pdesc ());
   Infobuffer.append (Senddata.getp8_url ());
   Infobuffer.append (Senddata.getp9_saf ());
   Infobuffer.append (SENDDATA.GETPA_MP ());
   Infobuffer.append (Senddata.getpd_frpid ());
   Infobuffer.append (Senddata.getpr_needresponse ());
  return infobuffer.tostring (); The encrypted information is stored in the Requestmap @Override public map<string, object> savedatatorequest (map<string, object> R Equest, SendData sendData) {//returns the appended string (that is, plaintext) string joinparam = Joinsenddataparam (SendData);
   Request.put ("P0_cmd", Senddata.getp0_cmd ());
   Request.put ("P1_merid", Senddata.getp1_merid ());
   Request.put ("P2_order", Senddata.getp2_order ());
   Request.put ("P3_amt", Senddata.getp3_amt ());
   Request.put ("P4_cur", Senddata.getp4_cur ());
   Request.put ("P5_pid", Senddata.getp5_pid ());
   Request.put ("P6_pcat", Senddata.getp6_pcat ());
   Request.put ("P7_pdesc", Senddata.getp7_pdesc ());
   Request.put ("P8_url", Senddata.getp8_url ());
   Request.put ("P9_saf", Senddata.getp9_saf ());
   Request.put ("Pa_mp", Senddata.getpa_mp ());
   Request.put ("Pd_frpid", Senddata.getpd_frpid ());
   Request.put ("Pr_needresponse", Senddata.getpr_needresponse ());
  Request.put ("HMAC", Digestutil.hmacsign (Joinparam, key));//appended signature (ciphertext) return request;

 } 
}

We can see, in fact, with the previous demo in the servlet implementation principle is the same, the above code used pay.properties files and annotations, the following look at the Pay.properties file and Beans.xml configuration:

#pay. Properties
key=w0p75wmz203fr46r5i70v556whfa94j14yw5j6vuh4yo3nrl5jsqf3c41677
p1_merid=10000940764
p8_url=https\://www.hao123.com

<!--beans.xml-->
<bean id= "prop" class= " Org.springframework.beans.factory.config.PropertiesFactoryBean ">
  <property name=" Locations ">
  <array>
   <value>classpath:public.properties</value><!---->
   <value> classpath:pay.properties</value>
  </array>
  </property>
</bean>

OK, now that the action and service layers are written, let's configure the Struts.xml file:

4. Struts.xml Configuration and Pay.jsp page

<action name= "pay_*" class= "payaction" method= "{1}" >
  <result name= "pay" >/user/pay.jsp</result >
</action>

Struts.xml configuration is very simple, mainly based on the return value to jump to the user/pay.jsp page, the above set of clear text (parameters) and ciphertext (signature) sent to the easy to the server side can:

<div class= "Payskip-inner" > <div> <span> Order number: </span><strong>${requestscope.p2_order} </strong><span>[Please remember this number in order to use in payment and enquiry] </span> </div> <div> <span> Payment amount: </ Span><strong>¥${requestscope.p3_amt}</strong> </div> <div> <span> payment method: </span > </div> <div> <span> Payment Bank: &LT;/SP An> </div> <div> <f ORM name= "Yeepay" action= ' Https://www.yeepay.com/app-merchant-proxy/node ' method= ' POST ' target= ' _blank ' > < Input type= ' hidden ' name= ' p0_cmd ' value= ' ${requestscope.p0_cmd} ' > <input type= ' hidden ' name= ' P1_merid '  {Requestscope.p1_merid} ' > <input type= ' hidden ' name= ' p2_order ' value= ' ${requestscope.p2_order} ' > <input Type= ' hidden ' name= ' P3_amt ' value= ' ${requesTscope.p3_amt} ' > <input type= ' hidden ' name= ' p4_cur ' value= ' ${requestscope.p4_cur} ' > <input type= ' hidden ' Name= ' p5_pid ' value= ' ${requestscope.p5_pid} ' > <input type= ' hidden ' name= ' p6_pcat ' value= ' Pcat} ' > <input type= ' hidden ' name= ' p7_pdesc ' value= ' ${requestscope.p7_pdesc} ' > <input type= ' hidden ' name = ' P8_url ' value= ' ${requestscope.p8_url} ' > <input type= ' hidden ' name= ' P9_saf ' "value= ' > <input type= ' hidden ' name= ' pa_mp ' value= ' ${requestscope.pa_mp} ' > <input type= ' hidden ' name= ' pd_frpid ' Value= ' ${requestscope.pd_frpid} ' > <input type= ' hidden ' name= ' pr_needresponse ' value= ' ${requestscope.pr_ Needresponse} "> <input type= ' hidden ' name= ' HMAC ' value= ' ${requestscope.hmac} ' > <div class= ' pay-inner ' &G
     T <input type= "Submit" style= "width:80px;

 height:40px "value=" immediate payment/> </div> </form> </div> </div>

The pay.jsp will send all the plaintext and the corresponding ciphertext to the Yeepay server, Yi Bao there will be based on these clear text, the same way encrypted into ciphertext, and then we pass the cipher to match, if the same description of data security, transmission process has not been tampered with, normal jump to the payment page, and then normal payment can; , you are not allowed to pay, pop-up a friendly tip page.
It's clear that this online payment process is here, the reason is very simple, is that I add the parameters to form together, and then add a secret generated ciphertext, and then the parameters and ciphertext to the third party, he also used the same encryption method to add a secret, and I sent the past comparison can, as to how to call the Bank interface, It's not our business, it's a third party, it includes some security stuff, and it's good for everyone to focus on their own business: I just need to butt in with a third party to get the useful information to him; the third party just needs to focus on how to dock with the different banks, which brings great convenience to the development. Because with different banks docking interface is certainly not the same, if we go directly to the bank docking, the cost is too high, and not easy to maintain, the Bank of the promotion level, I have to follow the upgrade ... With a third party, we never have to, the upgrade is a third party, our interface with the third party will not change ~

Original link: http://blog.csdn.net/eson_15/article/details/51464415

The above is the entire content of this article, I hope to help you learn, but also hope that we support the cloud habitat community.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.