套件portal提供主要的resful api都经过单点登录认证,保证用户通过浏览器访问调用portal接口的时候进行过单点登录操作。如果想使用代码进行接口调用就要自己做模拟登陆后才可以进行使用,增加了客户端代码的使用难度。因此我们开发了另一套可以基于accesskey 认证的方式调用portal api的方案。
通过添加header实现
header名称:Authorization
header值:通过获取AccessKey并加密获取;格式:TBDS SecretId Timestamp Nonce Signature
其中:TBDS 为固定字符串,表示以TBDS方式去认证
SecretId 是步骤1生成签名串所用的SecretId
Timestamp 是生成签名串所用的Timestamp ,单位:毫秒
Nonce 是生成签名串所用的Nonce
Signature 是根据步骤2Demo方式生成的签名串
--header "Authorization:TBDS CHTZh3auty0S6gyjJkN6k8G3VGw5nS2GjrSK 1508161241426 64 FDen%2FTOQ9Q%2F%2BV60H8KBn65wWVEI%3D"
GET /openapi/access/header/{userId}
{
"resultCode": "0",
"message": null,
"resultData": {
"id": 1,
"secureId": "CHTZh3auty0S6gyjJkN6k8G3VGw5nS2GjrSK",
"secureKey": "S2GqXVOJvdAjykRrJJdAvsyv4fi5lxxi",
"userName": "admin",
"userId": 1,
"creator": "admin",
"module": "ALL",
"operationType": "ALL",
"enable": "true",
"createTime": "2017-10-12 16:31:11",
"updateTime": "2017-10-12 16:31:11",
"operTypes": ["ALL"]
}
}
package utils;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.digest.HmacUtils;
import pojo.AccessKey;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.util.Date;
import java.util.Random;
public class AccessUtils {
public static String getAccessAuthHeader(String prefix_url, Integer userId) throws Exception {
String request_url = prefix_url + "/openapi/access/header/" + userId;
String content = ConnectionUtils.get(request_url);
AccessKey accessKey = getAccessKeyByRequestContent(content);
if(accessKey == null){return null;}
System.out.println("access info=" + accessKey.toString());
Long timestamp = new Date().getTime();
Integer nonce = new Random().nextInt(10*8) + 1;
String signature = AccessUtils.generateSignature(accessKey.getSecureId(), timestamp, nonce, accessKey.getSecureKey());
String accessHeader = "TBDS " + accessKey.getSecureId() + " " + timestamp + " " + nonce + " " + signature;
System.out.println("access encode=" + accessHeader);
return accessHeader;
}
private static AccessKey getAccessKeyByRequestContent(String content){
JSONObject object = JSONObject.parseObject(content);
if("0".equals(object.getString("resultCode"))){//操作成功
return JSON.parseObject(object.getString("resultData"), AccessKey.class);
} else { //操作失败
System.out.println(object.getString("message")); //获取失败信息
return null;
}
}
private static String generateSignature(String secureId, long timestamp, int randomValue, String secureKey) {
Base64 base64 = new Base64();
byte[] baseStr = base64.encode(HmacUtils.hmacSha1(secureKey, secureId + timestamp + randomValue));
String result = "";
try {
result = URLEncoder.encode(new String(baseStr), "UTF-8");
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
return result;
}
}
java -jar api-test-1.0-SNAPSHOT-jar-with-dependencies.jar http://10.151.139.105 1
curl -X GET --header "Authorization:TBDS CHTZh3auty0S6gyjJkN6k8G3VGw5nS2GjrSK 1508161241426 64 FDen%2FTOQ9Q%2F%2BV60H8KBn65wWVEI%3D" http://10.254.99.17/api/whoami