最新消息: 新版网站上线了!!!

java动态口令登录实现过程详解

1.实现一个ItsClient 客户端用来实例化调用验证功能

public class ItsClient {
	private static final String routing = "/v1.0/sectoken/otp_validation";
	// ! HTTPS消息验证地址
	private String httpsVerifyUrl = "";
	// ! otp ipAddr
	private String ipAddr = "";
	// ! otp port
	private String port = "";
	// ! otp appID
	private String appID = "";
	// ! otp appKey
	private String appKey = "";
	// ! 错误码
	private int errorCode = 0;
	// ! 错误消息
	private String errorMessage = "";
	TreeMap<Integer, String> errorCodeTable = new TreeMap<Integer, String>() {
		{
			put(200, "请求成功");
			put(400, "输入不合法,比如请求数据不是json");
			put(401, "AppID不合法");
			put(402, "指纹不合法");
			put(410, "非法用户,验证otp时,传入的uid有误,找不到用户");
			put(411, "错误的otp");
			put(412, "一个周期内动态口令只能使用一次");
			put(413, "已达一个周期内最大尝试次数");
			put(500, "ITS服务器内部错误");
			put(601, "参数错误");
			put(602, "sha1签名失败");
			put(603, "操作json失败");
			put(604, "url访问错误:");
			put(605, "较验返回指纹失败");
		}
	};
	public ItsClient() {
		this.ipAddr = ItsConf.GetIpAddr();
		this.port = ItsConf.GetPort();
		this.appID = ItsConf.GetOtpAppID();
		this.appKey = ItsConf.GetOtpAppKey();
		httpsVerifyUrl = "https://" + this.ipAddr + ':' + this.port + routing;
	}
	 //获取错误信息
	public St ring GetErrorMessage() {
		return this.errorMessage;

	}

        //获取错误码

        public int GetErrorCode() {

		return this.errorCode;
	}
	public void SetError(int errorCode, String extMessage) {
		this.errorCode = errorCode;
		this.errorMessage = this.errorCodeTable.get(this.errorCode).toString() + extMessage;
	}

	public static String SHA1(String decript) throws NoSuchAlgorithmException {
		String ret = "";
		MessageDigest sha1 = MessageDigest.getInstance("SHA1");
		byte[] sha1bytes = sha1.digest(decript.getBytes());
		if (sha1bytes != null) {
			ret = new BASE64Encoder().encode(sha1bytes);
		}
		return ret;
	}
	public String EncodeJson(TreeMap<String, String> map) {
		JSONObject jmap = new JSONObject(map);
		return jmap.toString();
	}
	public TreeMap<String, Object> DecodeJson(String jsonStr) throws ParseException {
		JSONObject jsonObject = new JSONObject(jsonStr);
		TreeMap<String, Object> retMap = new TreeMap<String, Object>();
		Iterator<String> iter = jsonObject.keys();
		String key = null;
		Object value = null;
		while (iter.hasNext()) {
			key = iter.next();
			value = jsonObject.get(key);
			retMap.put(key, value);
		}
		return retMap;
	}
	public String BuildQueryStr(TreeMap<String, String> params) {
		String queryStr = "";
		Iterator<String> itr = params.keySet().iterator();
		while (itr.hasNext()) {
			String key = itr.next();
			queryStr += (key + "=" + params.get(key).toString() + "&");
		}
		return queryStr.substring(0, queryStr.length() - 1);
	}
	public boolean IsEmptyOrNull(String param) {
		return param == null || param.length() <= 0;
	}
	/**
	 * @brief 验证otp
	 * @param uid ITS主账号UID或已配置的从账号
	 * @param otp 需要验证的动态口令
	 * @return bool true: 成功, false: 失败
	 */
	@SuppressWarnings("serial")
	public boolean AuthOtp(final String uid, final String otp) {
		if (IsEmptyOrNull(this.ipAddr) || IsEmptyOrNull(this.port) || IsEmptyOrNull(this.appID)
				|| IsEmptyOrNull(this.appKey) || IsEmptyOrNull(uid) || IsEmptyOrNull(otp)) {
			SetError(601, "");
			return false;
		}
		TreeMap<String, String> params = new TreeMap<String, String>() {
			{
				put("app_id", appID);
				put("app_key", appKey);
				put("uid", uid);
				put("otp", otp);
			}
		};
		String qureyStr = this.BuildQueryStr(params);
		String fingerprint = "";
		try {
			fingerprint = SHA1(qureyStr);
		} catch (Exception ex) {
			ex.printStackTrace();
			SetError(602, ex.getMessage());
			return false;
		}
		params.remove("app_key");
		params.put("fingerprint", fingerprint);
		String postStr = "";
		try {
			postStr = EncodeJson(params);
		} catch (Exception ex) {
			ex.printStackTrace();
			SetError(603, "json encode" + ex.getMessage());
			return false;
		}
		HttpsClient conn = null;
		String res = "";
		try {
			conn = new HttpsClient();
			res = conn.post(this.httpsVerifyUrl, postStr); // 访问接口调取返回结果
		} catch (Exception ex) {
			ex.printStackTrace();
			SetError(604, ex.getMessage());
			return false;
		}
		TreeMap<String, Object> ret = null;
		try {
			ret = DecodeJson(res);
		} catch (Exception ex) {
			ex.printStackTrace();
			SetError(603, "json decode " + ex.getMessage());
			return false;
		}
		int retCode = (Integer) ret.get("status"); 
		if (200 != retCode) {
			SetError(retCode, "");
			return false;
		}
		return true;
	}
}

2.实现一个HttpsClient 请求工具

public class HttpsClient {
    final static HostnameVerifier doNotVerifier = new HostnameVerifier() {  
        public boolean verify(String hostname, SSLSession session) {  
            return true;
        }
    };
    /** 
     * @brief 发送请求 
     * @param httpsUrl 请求的地址 
     * @param postStr 请求的数据 
     * @throws Exception 
     */  
    public String post(String httpsUrl, String postStr) throws Exception {  
        HttpsURLConnection conn = null;
        StringBuffer recvBuff = new StringBuffer();  
        String resData = ""; 
        try {
            conn = (HttpsURLConnection) (new URL(httpsUrl)).openConnection();  
            conn.setHostnameVerifier(doNotVerifier);
            conn.setDoInput(true);  
            conn.setDoOutput(true);
            conn.setRequestMethod("POST");
            conn.setRequestProperty("Content-Type", " application/json");
            conn.setRequestProperty("Content-Length", String.valueOf(postStr.getBytes("utf-8").length));  
            conn.setUseCaches(false);
            //设置为utf-8可以解决服务器接收时读取的数据中文乱码问题  
            conn.getOutputStream().write(postStr.getBytes("utf-8"));  
            conn.getOutputStream().flush();  
            conn.getOutputStream().close();  
            BufferedReader in = new BufferedReader(new InputStreamReader(conn.getInputStream()));  
            String line;
            while ((line = in.readLine()) != null) {  
                recvBuff.append(line);  
            } 
            resData = recvBuff.toString();
            return resData;
        } catch (MalformedURLException ex) {
             throw ex;  
        } catch (IOException ex) {  
             throw ex;  
        } catch (Exception ex) {  
             throw ex;  
        }  
    } 
}

3.实现Its一个配置用来配置Its服务器信息接口访问地址

public class ItsConf {
	// ITS服务器地址 1.1.1.1 或 xxx.xxx.com的形式
	private static String ipAddr = "";
	// ITS服务器端口
	private static String port = "";
	// OTP服务的AppID
	private static String otpAppID = "";
	// OTP服务的AppKey
	private static String otpAppKey = "";
	public static String GetIpAddr() {
		return ipAddr;
	}
	public static String GetPort() {
		return port;
	}
	public static String GetOtpAppID() {
		return otpAppID;
	}
	public static String GetOtpAppKey() {
		return otpAppKey;
	}
}

4.接下来就是LoginContorller 完成口令认证

//username 用户名
//code动态口令密码
ItsClient itsClient = new ItsClient();
if(itsClient.AuthOtp(username, code)){
	//认证成功,跳转页面
}

5.登陆页面就省略了,自己完成吧

以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持谷谷点程序。

转载请注明:谷谷点程序 » java动态口令登录实现过程详解