In the previous section, we made the payment page display, from the previous section of the payment page displayed in the JSP code can be seen, when the user clicks to confirm payment, will jump to ${shop}/pay_gobank.action action, that is to say, After submission we have to deal with some logic in the Payaction GoBank method (that is, the logic of the flowchart in the 21 demo), that is, to obtain clear text, encrypt the plaintext into the signature (ciphertext) and then visit the Easy Treasure Server, easy to connect the bank, complete payment.
But given the MVC design pattern, we'll put the above business logic in the service layer, so let's implement the payment logic for the demo in section 21.
1. First write a model to encapsulate the parameters
First we need to write a model (SendData) to receive the parameters of the JSP page, as well as their own add other need to send parameters, these parameters are easy to treasure official documents, we strictly follow the provisions of the document can:
* * Mall to the easy to pay the information sent, encapsulated as entity * */public
class SendData implements Serializable {
private static final long SE Rialversionuid = -6304103739907145812l;
(*) indicates a required field
private string p0_cmd//Business Type (*), fixed as: Buy
private string p1_merid;//merchant number (*)
private string p2_ order;//Merchant Order Number private string
p3_amt;//payment amount
private string p4_cur;//transaction currency (*)
private string p5_pid;// Product name
private string p6_pcat;//commodity type
private string p7_pdesc;//Commodity Description
private string p8_url;// The merchant receives the address of the payment success data
private string p9_saf;//shipping address
private string pa_mp;//merchant extension information
private string pd_frpid;// Payment channel encoding, i.e. bank
private String pr_needresponse;//Answering mechanism
//omitting Get and set methods
}
These attributes are to be passed to yeepay all the parameters, you can choose the parameters you need, not all of them, depending on the situation, generally in addition to P5, P6, P7, other we will pass through. Now let's look at the code for the action:
2. Implementation of Payaction
In Payaction, we mainly encapsulate some of the parameters of the JSP page into model, then call the service layer method to initialize the other parameters, as follows:
@Controller ("Payaction")
@Scope ("prototype") Public
class Payaction extends baseaction<object> Implements parameteraware{public
String GoBank () {
//1. Complement parameters: P2 P3 PD Pa, you need to get forder forder
= (Ford ER) session.get ("Oldforder");
User user = (user) session.get ("user");
Model.setp2_order (Forder.getid (). toString ()); Merchant Order number
Model.setp3_amt (Forder.gettotal (). toString ());//Payment Amount
MODEL.SETPA_MP (user.getemail () + "," + User.getphone ()); Merchant Extended information
//2. Append//3 to the parameter
. Encrypted get signature
//4. stored in the request domain
payservice.savedatatorequest (request, model); 2,3,4 business logic to the service layer to deal with
//5. Jump to Payment page return
"pay";
}
Next we write the service layer code, the service layer mainly implements the logic of the above 2,3,4 steps:
3. Implementation of Service layer
The specific code is as follows:
Payservice interface Public interface Payservice {//Store encrypted information in Requestmap public abstract map<string, object> Saveda
Tatorequest (map<string, object> request, SendData SendData);
Encrypt the returned data to the ciphertext, and compare it to the cipher text that was sent back (we'll do it later) public boolean checkbackdata (Backdata backdata); //payserviceimpl Implementation Class @Service ("Payservice") public class Payserviceimpl implements Payservice {//Key @Value ("#{prop.ke
Y} ") Private String key;
@Value ("#{prop.p1_merid}")//Merchant account (not order number) private String p1_merid;
Payment successful return address @Value ("#{prop.p8_url}") Private String P8_url; The above three properties are fixed values, I put them in the Pay.properties configuration file, directly using the spring annotation @value get/fill senddata data, P2 P3 PD Pa is the foreground injection, do not need to make up in this,
has been in action to get the private SendData finishsenddata (SendData senddata) {senddata.setp0_cmd ("buy");
Senddata.setp1_merid (P1_merid);
Senddata.setp4_cur ("CNY");
Senddata.setp5_pid ("");
Senddata.setp6_pcat ("");
Senddata.setp7_pdesc ("");
Senddata.setp8_url (P8_url);
Senddata.setp9_saf ("0"); Senddata.setpr_Needresponse ("0");
return senddata; //completes Append of data, returns appended plaintext private String Joinsenddataparam (SendData senddata) {//populated all data SendData = This.finishsen
Ddata (SendData);
StringBuffer InfoBuffer = new StringBuffer ();
Infobuffer.append (Senddata.getp0_cmd ());
Infobuffer.append (Senddata.getp1_merid ());
Infobuffer.append (Senddata.getp2_order ());
Infobuffer.append (Senddata.getp3_amt ());
Infobuffer.append (Senddata.getp4_cur ());
Infobuffer.append (Senddata.getp5_pid ());
Infobuffer.append (Senddata.getp6_pcat ());
Infobuffer.append (Senddata.getp7_pdesc ());
Infobuffer.append (Senddata.getp8_url ());
Infobuffer.append (Senddata.getp9_saf ());
Infobuffer.append (SENDDATA.GETPA_MP ());
Infobuffer.append (Senddata.getpd_frpid ());
Infobuffer.append (Senddata.getpr_needresponse ());
return infobuffer.tostring (); The encrypted information is stored in the Requestmap @Override public map<string, object> savedatatorequest (map<string, object> R Equest, SendData sendData) {//returns the appended string (that is, plaintext) string joinparam = Joinsenddataparam (SendData);
Request.put ("P0_cmd", Senddata.getp0_cmd ());
Request.put ("P1_merid", Senddata.getp1_merid ());
Request.put ("P2_order", Senddata.getp2_order ());
Request.put ("P3_amt", Senddata.getp3_amt ());
Request.put ("P4_cur", Senddata.getp4_cur ());
Request.put ("P5_pid", Senddata.getp5_pid ());
Request.put ("P6_pcat", Senddata.getp6_pcat ());
Request.put ("P7_pdesc", Senddata.getp7_pdesc ());
Request.put ("P8_url", Senddata.getp8_url ());
Request.put ("P9_saf", Senddata.getp9_saf ());
Request.put ("Pa_mp", Senddata.getpa_mp ());
Request.put ("Pd_frpid", Senddata.getpd_frpid ());
Request.put ("Pr_needresponse", Senddata.getpr_needresponse ());
Request.put ("HMAC", Digestutil.hmacsign (Joinparam, key));//appended signature (ciphertext) return request;
}
}
We can see, in fact, with the previous demo in the servlet implementation principle is the same, the above code used pay.properties files and annotations, the following look at the Pay.properties file and Beans.xml configuration:
#pay. Properties key=w0p75wmz203fr46r5i70v556whfa94j14yw5j6vuh4yo3nrl5jsqf3c41677 p1_merid=10000940764 p8_url=https\://www.hao123.com
<!--beans.xml--> <bean id= "prop" class= " Org.springframework.beans.factory.config.PropertiesFactoryBean "> <property name=" Locations "> <array> <value>classpath:public.properties</value><!----> <value> classpath:pay.properties</value> </array> </property> </bean>
OK, now that the action and service layers are written, let's configure the Struts.xml file:
4. Struts.xml Configuration and Pay.jsp page
<action name= "pay_*" class= "payaction" method= "{1}" >
<result name= "pay" >/user/pay.jsp</result >
</action>
Struts.xml configuration is very simple, mainly based on the return value to jump to the user/pay.jsp page, the above set of clear text (parameters) and ciphertext (signature) sent to the easy to the server side can:
<div class= "Payskip-inner" > <div> <span> Order number: </span><strong>${requestscope.p2_order} </strong><span>[Please remember this number in order to use in payment and enquiry] </span> </div> <div> <span> Payment amount: </ Span><strong>¥${requestscope.p3_amt}</strong> </div> <div> <span> payment method: </span > </div> <div> <span> Payment Bank: </SP An> </div> <div> <f ORM name= "Yeepay" action= ' Https://www.yeepay.com/app-merchant-proxy/node ' method= ' POST ' target= ' _blank ' > < Input type= ' hidden ' name= ' p0_cmd ' value= ' ${requestscope.p0_cmd} ' > <input type= ' hidden ' name= ' P1_merid ' {Requestscope.p1_merid} ' > <input type= ' hidden ' name= ' p2_order ' value= ' ${requestscope.p2_order} ' > <input Type= ' hidden ' name= ' P3_amt ' value= ' ${requesTscope.p3_amt} ' > <input type= ' hidden ' name= ' p4_cur ' value= ' ${requestscope.p4_cur} ' > <input type= ' hidden ' Name= ' p5_pid ' value= ' ${requestscope.p5_pid} ' > <input type= ' hidden ' name= ' p6_pcat ' value= ' Pcat} ' > <input type= ' hidden ' name= ' p7_pdesc ' value= ' ${requestscope.p7_pdesc} ' > <input type= ' hidden ' name = ' P8_url ' value= ' ${requestscope.p8_url} ' > <input type= ' hidden ' name= ' P9_saf ' "value= ' > <input type= ' hidden ' name= ' pa_mp ' value= ' ${requestscope.pa_mp} ' > <input type= ' hidden ' name= ' pd_frpid ' Value= ' ${requestscope.pd_frpid} ' > <input type= ' hidden ' name= ' pr_needresponse ' value= ' ${requestscope.pr_ Needresponse} "> <input type= ' hidden ' name= ' HMAC ' value= ' ${requestscope.hmac} ' > <div class= ' pay-inner ' &G
T <input type= "Submit" style= "width:80px;
height:40px "value=" immediate payment/> </div> </form> </div> </div>
The pay.jsp will send all the plaintext and the corresponding ciphertext to the Yeepay server, Yi Bao there will be based on these clear text, the same way encrypted into ciphertext, and then we pass the cipher to match, if the same description of data security, transmission process has not been tampered with, normal jump to the payment page, and then normal payment can; , you are not allowed to pay, pop-up a friendly tip page.
It's clear that this online payment process is here, the reason is very simple, is that I add the parameters to form together, and then add a secret generated ciphertext, and then the parameters and ciphertext to the third party, he also used the same encryption method to add a secret, and I sent the past comparison can, as to how to call the Bank interface, It's not our business, it's a third party, it includes some security stuff, and it's good for everyone to focus on their own business: I just need to butt in with a third party to get the useful information to him; the third party just needs to focus on how to dock with the different banks, which brings great convenience to the development. Because with different banks docking interface is certainly not the same, if we go directly to the bank docking, the cost is too high, and not easy to maintain, the Bank of the promotion level, I have to follow the upgrade ... With a third party, we never have to, the upgrade is a third party, our interface with the third party will not change ~
Original link: http://blog.csdn.net/eson_15/article/details/51464415
The above is the entire content of this article, I hope to help you learn, but also hope that we support the cloud habitat community.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
