案例3-在线支付 在线支付: 1.发送那些数据? 第三方规定 2.如何保证数据安全? 数字签名 需要商城将第三方需要的数据,及加密后的数据发送给第三方支付, 第三方获取所有的数据之后,将商城发送过来的数据重新按照分配的商城的密钥和算法重新生成一个数据, 然后和商城传递过来的加密后的数据做对比,若一致,就是没有问题. 商城在第三方开的账户 第三方给商城的密钥 第三方给商城的算法 步骤分析: 在order_info.jsp页面上 填写收货人信息,然后点击 确认订单 /store/order?method=pay 在orderservlet中的pay操作: 1.获取收货人信息 更新数据库中orders表 2.拼装url 给第三方的数据 3.重定向 第三方 在用户完成支付之后,银行通知第三方支付成功,第三方需要通知 用户和商城 支付成功了 要求商城必须有固定的ip 支付结果需要通知商城和客户 url:回调函数 http://localhost:80/store/order?method=callback 在callback中 获取第三方发送过来的数据 判断数据是否被篡改过 若没有被篡改,修改订单状态 若被篡改,提示信息被篡改
/store/WebContent/jsp/order_info.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> <!doctype html> <html> <head> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>会员登录</title> <link rel="stylesheet" href="${pageContext.request.contextPath}/css/bootstrap.min.css" type="text/css" /> <script src="${pageContext.request.contextPath}/js/jquery-1.11.3.min.js" type="text/javascript"></script> <script src="${pageContext.request.contextPath}/js/bootstrap.min.js" type="text/javascript"></script> <!-- 引入自定义css文件 style.css --> <link rel="stylesheet" href="${pageContext.request.contextPath}/css/style.css" type="text/css" /> <style> body { margin-top: 20px; margin: 0 auto; } .carousel-inner .item img { 100%; height: 300px; } </style> </head> <body> <!-- 动态包含 --> <jsp:include page="/jsp/head.jsp"></jsp:include> <div class="container"> <div class="row"> <div style="margin:0 auto;margin-top:10px;950px;"> <strong>订单详情</strong> <table class="table table-bordered"> <tbody> <tr class="warning"> <th colspan="5">订单编号:${bean.oid } </th> </tr> <tr class="warning"> <th>图片</th> <th>商品</th> <th>价格</th> <th>数量</th> <th>小计</th> </tr> <c:forEach items="${bean.items }" var="oi"> <tr class="active"> <td width="60" width="40%"> <input type="hidden" name="id" value="22"> <img src="${pageContext.request.contextPath}/${oi.product.pimage}" width="70" height="60"> </td> <td width="30%"> <a target="_blank">${oi.product.pname }</a> </td> <td width="20%"> ¥${oi.product.shop_price } </td> <td width="10%"> ${oi.count } </td> <td width="15%"> <span class="subtotal">¥${oi.subtotal }</span> </td> </tr> </c:forEach> </tbody> </table> </div> <div style="text-align:right;margin-right:120px;"> 商品金额: <strong style="color:#ff6600;">¥${bean.total }元</strong> </div> </div> <div> <hr/> <form id="orderForm" class="form-horizontal" style="margin-top:5px;margin-left:150px;" action="${pageContext.request.contextPath }/order?method=pay" method="post"> <input type="hidden" name="oid" value="${bean.oid }"> <div class="form-group"> <label for="username" class="col-sm-1 control-label">地址</label> <div class="col-sm-5"> <input type="text" class="form-control" id="username" name="address" placeholder="请输入收货地址"> </div> </div> <div class="form-group"> <label for="inputPassword3" class="col-sm-1 control-label">收货人</label> <div class="col-sm-5"> <input type="text" name="name" class="form-control" id="inputPassword3" placeholder="请输收货人"> </div> </div> <div class="form-group"> <label for="confirmpwd" class="col-sm-1 control-label">电话</label> <div class="col-sm-5"> <input type="text" name="telephone" class="form-control" id="confirmpwd" placeholder="请输入联系方式"> </div> </div> <hr/> <div style="margin-top:5px;margin-left:150px;"> <strong>选择银行:</strong> <p> <br/> <input type="radio" name="pd_FrpId" value="ICBC-NET-B2C" checked="checked" />工商银行 <img src="${pageContext.request.contextPath}/bank_img/icbc.bmp" align="middle" /> <input type="radio" name="pd_FrpId" value="BOC-NET-B2C" />中国银行 <img src="${pageContext.request.contextPath}/bank_img/bc.bmp" align="middle" /> <input type="radio" name="pd_FrpId" value="ABC-NET-B2C" />农业银行 <img src="${pageContext.request.contextPath}/bank_img/abc.bmp" align="middle" /> <br/> <br/> <input type="radio" name="pd_FrpId" value="BOCO-NET-B2C" />交通银行 <img src="${pageContext.request.contextPath}/bank_img/bcc.bmp" align="middle" /> <input type="radio" name="pd_FrpId" value="PINGANBANK-NET" />平安银行 <img src="${pageContext.request.contextPath}/bank_img/pingan.bmp" align="middle" /> <input type="radio" name="pd_FrpId" value="CCB-NET-B2C" />建设银行 <img src="${pageContext.request.contextPath}/bank_img/ccb.bmp" align="middle" /> <br/> <br/> <input type="radio" name="pd_FrpId" value="CEB-NET-B2C" />光大银行 <img src="${pageContext.request.contextPath}/bank_img/guangda.bmp" align="middle" /> <input type="radio" name="pd_FrpId" value="CMBCHINA-NET-B2C" />招商银行 <img src="${pageContext.request.contextPath}/bank_img/cmb.bmp" align="middle" /> </p> <hr/> <p style="text-align:right;margin-right:100px;"> <a href="javascript:document.getElementById('orderForm').submit();"> <img src="${pageContext.request.contextPath}/images/finalbutton.gif" width="204" height="51" border="0" /> </a> </p> <hr/> </form> </div> </div> </div> <div style="margin-top:50px;"> <img src="${pageContext.request.contextPath}/image/footer.jpg" width="100%" height="78" alt="我们的优势" title="我们的优势" /> </div> <div style="text-align: center;margin-top: 5px;"> <ul class="list-inline"> <li><a>关于我们</a></li> <li><a>联系我们</a></li> <li><a>招贤纳士</a></li> <li><a>法律声明</a></li> <li><a>友情链接</a></li> <li><a target="_blank">支付方式</a></li> <li><a target="_blank">配送方式</a></li> <li><a>服务声明</a></li> <li><a>广告声明</a></li> </ul> </div> <div style="text-align: center;margin-top: 5px;margin-bottom:20px;"> Copyright © 2005-2016 传智商城 版权所有 </div> </body> </html>
com.louis.web.servlet.OrderServlet
public String pay(HttpServletRequest request,HttpServletResponse respone) throws Exception{ //接受参数 String address=request.getParameter("address"); String name=request.getParameter("name"); String telephone=request.getParameter("telephone"); String oid=request.getParameter("oid"); //通过id获取order OrderService s=(OrderService) BeanFactory.getBean("OrderService"); Order order = s.getById(oid); order.setAddress(address); order.setName(name); order.setTelephone(telephone); //更新order s.update(order); // 组织发送支付公司需要哪些数据 String pd_FrpId = request.getParameter("pd_FrpId"); String p0_Cmd = "Buy"; String p1_MerId = ResourceBundle.getBundle("merchantInfo").getString("p1_MerId"); String p2_Order = oid; String p3_Amt = "0.01"; String p4_Cur = "CNY"; String p5_Pid = ""; String p6_Pcat = ""; String p7_Pdesc = ""; // 支付成功回调地址 ---- 第三方支付公司会访问、用户访问 // 第三方支付可以访问网址 String p8_Url = ResourceBundle.getBundle("merchantInfo").getString("responseURL"); String p9_SAF = ""; String pa_MP = ""; String pr_NeedResponse = "1"; // 加密hmac 需要密钥 String keyValue = ResourceBundle.getBundle("merchantInfo").getString("keyValue"); String hmac = PaymentUtil.buildHmac(p0_Cmd, p1_MerId, p2_Order, p3_Amt, p4_Cur, p5_Pid, p6_Pcat, p7_Pdesc, p8_Url, p9_SAF, pa_MP, pd_FrpId, pr_NeedResponse, keyValue); //发送给第三方 StringBuffer sb = new StringBuffer("https://www.yeepay.com/app-merchant-proxy/node?"); sb.append("p0_Cmd=").append(p0_Cmd).append("&"); sb.append("p1_MerId=").append(p1_MerId).append("&"); sb.append("p2_Order=").append(p2_Order).append("&"); sb.append("p3_Amt=").append(p3_Amt).append("&"); sb.append("p4_Cur=").append(p4_Cur).append("&"); sb.append("p5_Pid=").append(p5_Pid).append("&"); sb.append("p6_Pcat=").append(p6_Pcat).append("&"); sb.append("p7_Pdesc=").append(p7_Pdesc).append("&"); sb.append("p8_Url=").append(p8_Url).append("&"); sb.append("p9_SAF=").append(p9_SAF).append("&"); sb.append("pa_MP=").append(pa_MP).append("&"); sb.append("pd_FrpId=").append(pd_FrpId).append("&"); sb.append("pr_NeedResponse=").append(pr_NeedResponse).append("&"); sb.append("hmac=").append(hmac); respone.sendRedirect(sb.toString()); return null; }
/store/src/merchantInfo.properties
p1_MerId=10001126856 keyValue=69cl522AV6q613Ii4W6u8K6XuW8vM1N6bFgyv769220IuYe9u37N4y7rI4Pl responseURL=http://localhost/store/order?method=callback
com.louis.service.impl.OrderServiceImpl
@Override public void update(Order order) throws Exception { OrderDao od=(OrderDao) BeanFactory.getBean("OrderDao"); od.update(order); }
com.louis.dao.impl.OrderDaoImpl
@Override public void update(Order order) throws Exception { QueryRunner qr = new QueryRunner(DataSourceUtils.getDataSource()); String sql="update orders set state=?,address=?,name=?,telephone=? where oid=?"; qr.update(sql, order.getState(),order.getAddress(),order.getName(),order.getTelephone(),order.getOid()); }
com.louis.web.servlet.OrderServlet
/** * 支付成功之后的回调 * @param request * @param response * @return * @throws Exception */ public String callback(HttpServletRequest request,HttpServletResponse response) throws Exception{ String p1_MerId = request.getParameter("p1_MerId"); String r0_Cmd = request.getParameter("r0_Cmd"); String r1_Code = request.getParameter("r1_Code"); String r2_TrxId = request.getParameter("r2_TrxId"); String r3_Amt = request.getParameter("r3_Amt"); String r4_Cur = request.getParameter("r4_Cur"); String r5_Pid = request.getParameter("r5_Pid"); String r6_Order = request.getParameter("r6_Order"); String r7_Uid = request.getParameter("r7_Uid"); String r8_MP = request.getParameter("r8_MP"); String r9_BType = request.getParameter("r9_BType"); String rb_BankId = request.getParameter("rb_BankId"); String ro_BankOrderId = request.getParameter("ro_BankOrderId"); String rp_PayDate = request.getParameter("rp_PayDate"); String rq_CardNo = request.getParameter("rq_CardNo"); String ru_Trxtime = request.getParameter("ru_Trxtime"); // 身份校验 --- 判断是不是支付公司通知你 String hmac = request.getParameter("hmac"); String keyValue = ResourceBundle.getBundle("merchantInfo").getString( "keyValue"); // 自己对上面数据进行加密 --- 比较支付公司发过来hamc boolean isValid = PaymentUtil.verifyCallback(hmac, p1_MerId, r0_Cmd, r1_Code, r2_TrxId, r3_Amt, r4_Cur, r5_Pid, r6_Order, r7_Uid, r8_MP, r9_BType, keyValue); if (isValid) { // 响应数据有效 if (r9_BType.equals("1")) { // 浏览器重定向 System.out.println("111"); request.setAttribute("msg", "您的订单号为:"+r6_Order+",金额为:"+r3_Amt+"已经支付成功,等待发货~~"); } else if (r9_BType.equals("2")) { // 服务器点对点 --- 支付公司通知你 System.out.println("付款成功!222"); // 修改订单状态 为已付款 // 回复支付公司 response.getWriter().print("success"); } //修改订单状态 OrderService s=(OrderService) BeanFactory.getBean("OrderService"); Order order = s.getById(r6_Order); //修改订单状态为 已支付 order.setState(1); s.update(order); } else { // 数据无效 System.out.println("数据被篡改!"); } return "/jsp/msg.jsp"; }
