facebook-t48791.html
過程做法與PHP一模一樣
這邊講解用JAVA來寫,該注意什麼地方,以及與PHP的差異點
1.
驗證OAuth 2.0
由於facebook官方只提供php版的驗證方式,所以java我們要自己重新寫
facebook的signed_request是使用base64以及hmacsha256做加密
- 代碼: 選擇全部
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
public static boolean OAuth2(String signed_request,String secrect)
{
String encoded_sig = signed_request.split("\\.")[0];
String pay = signed_request.split("\\.")[1];
byte[] expected_sig = new Base64().decode(encoded_sig.replaceAll("-", "+").replaceAll("_", "/").getBytes());
SecretKeySpec secretKeySpec = new SecretKeySpec(secrect.getBytes(), "HmacSHA256");
Mac mac = null;
try {
mac = Mac.getInstance("HmacSHA256");
} catch (NoSuchAlgorithmException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
}
try {
mac.init(secretKeySpec);
} catch (InvalidKeyException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
}
byte[] actual_sig = mac.doFinal(pay.getBytes());
if (!Arrays.equals(actual_sig, expected_sig)) {
return false;
}
return true;
}
注意:
commons-codec 必須使用1.4版本以上
2.
JSONObject
- 代碼: 選擇全部
import org.json.JSONException;
import org.json.JSONObject;
public static JSONObject execute(String payload)
{
//Once user authorized the application, FB returns the following parameter
JSONObject payloadObject;
String signedReq = payload;
if(signedReq == null)
{
System.out.println("ERROR: Unable to retrieve signed_request parameter");
return null;
}
BASE64Decoder decoder = new BASE64Decoder();
//Replace special character in payload as indicated by FB
payload = payload.replaceAll("-", "+").replaceAll("_", "/").trim();
//Decode payload
try
{
byte[] decodedPayload = decoder.decodeBuffer(payload);
payload = new String(decodedPayload, "UTF8");
}
catch (Exception e)
{
System.out.println("ERROR: Unable to perform Base64 Decode");
return null;
}
//JSON Decode - payload
try
{
payloadObject = new JSONObject(payload);
}
catch (JSONException e)
{
System.out.println("ERROR: Unable to perform JSON decode");
return null;
}
return payloadObject;
}
signed_request的組合是 "驗證碼.json資料"
所以使用execute,要傳入的是json資料
舉例:
String signed_request = request.getParameter("signed_request");
String pay = signed_request.split("\\.")[1];
execute(pay);
3.
在與facebook傳接的第2次時,使用JSONObject取得json字串,json字串會多出"[" "]" 符號
舉例:
{"content":[{"status":"settled","order_id":2.0334954637856e+14}],"method":"payments_status_update"}
但facebook只接受
{"content":{"status":"settled","order_id":2.0334954637856e+14},"method":"payments_status_update"}
所以output給facebook之前必須做
replace("[", "")
replace("]", "")
處理