Java Web realizes online payment function
1. Overview of online payment
What is online payment? Yes, it's spending money online! You must have had such an experience. But you may not know the "inside story" of online payment. Let's have a look!
If you start to operate an e-commerce website now, users must pay when they buy something. Your website must be able to connect with major banks, and then return to your website to display "payment success" after the payment of major banks is completed!
This is what we are going to do today. Connect the online banking system of the bank to complete the payment. To be professional, we call it "developing an online payment gateway"
2. Two online payment methods
There are two ways of online payment:
*E-commerce directly connects with banks * e-commerce connects with banks through third-party payment platforms
E-commerce directly connects with banks, which requires the bank's consent, but unfortunately, banks are "cattle", not anyone who wants to connect with them can. If your e-commerce's daily capital flow is large enough, the bank will connect with you, because the money paid by customers to e-commerce has been deposited in the bank account! But if the capital flow is small, the bank will not pay attention to you!
When small websites cannot connect with banks due to insufficient funds, they will choose to cooperate with third-party payment companies. We all know what companies are, such as Alipay, Yi Bao, fortune Tong, fast money and other companies are more famous in China. These companies can connect with banks (because they have enough funds), and then small e-commerce can connect with them! But the third party requires fees! The third party generally charges 1% of the e-commerce fee, but will not charge the customer's money.
As you can see from the above figure, the mall name, RMB order number, order time... Will be displayed on the bank's page..., How do banks know these things? Of course, e-commerce passed them on to banks. After the e-commerce connects with the bank, the e-commerce needs to pass the parameters required by the bank page to the bank page, so the bank page can display these data!
However, our mall can't only connect to one bank! How can we connect BOC, CCB, ABC and ICBC! Different banks need different docking parameters, which shows that we need to write different docking codes for different banks during development. This is also the disadvantage of directly connecting with banks! Of course, direct connection with banks is also beneficial, that is, it is safe and there is no handling charge!
Develop different codes for different banks (disadvantages); security (advantages); no handling fee (advantages); small e-commerce banks do not allow docking (disadvantages).
As shown in the figure above, after the customer clicks to confirm payment on the e-commerce website, it will be directed to the third-party website, and then the third-party will connect with the bank. This means that e-commerce should pass parameters to third parties! Then the third party passes the parameters to the bank. The advantage of this method is that it only needs to be developed for a third party without providing parameters for each bank. Providing parameters for each bank is the task of a third party. However, the third party is not always reliable. If the third party goes bankrupt and people run away, your money will be gone. Because the money paid by the customer is not in your bank account, but in the bank account of a third party, and you have an account in the third party. And the third party has to charge a handling fee, usually 1%, which is not a small number (really black).
3. Online payment rules through third parties
If an e-commerce wants to register a merchant with a third party, it needs to provide ICP certification to the third party. ICP business license is a website business license that must be handled for operating websites according to the provisions of the national Internet management measures. Without it, it belongs to illegal operation.
We can't handle ICP because of practice! So we can't register a merchant with a third party. However, we already have ready-made merchants registered in Yibao, so this step can be ignored.
After you have successfully registered with Yibao, Yibao will give you the following things:
Account No. (merchant code): 10001126856 eBay access specification: a CHM file symmetric encryption algorithm class: paymentutil.java key: 69cl522av6q613ii4w6u8k6xuw8vm1n6bfgyv769220iuye9u37n4y7ri4pl in eBay access specification, we can find the payment gateway of eBay, which is actually a URL, a website used to connect with eBay: https://www.yeepay.com/app-merchant-proxy/node
The parameters required by Yibao can also be found in the access specification of Yibao. When e-commerce connects with Yibao, these parameters need to be passed to the payment gateway:
Official request address: https://www.yeepay.com/app-merchant-proxy/node
These parameters need to be appended to the URL.
Note, however, that the values of these parameters need to be encrypted. Encryption key and encryption algorithm will be provided by Yibao!
Where P8_ URL indicates which page of e-commerce to return to when the payment is successful. This shows that we need to write a page to display the results. After successful payment, the third party will redirect to the return page specified by us and bring us some parameters. Our page needs to obtain these parameters and display them in the page. The following are the parameters returned by the third party:
4. Develop third-party online payment system
Steps:
index. JSP page: a form submitted to the buyservlet. The form items include: order number, payment amount, select bank. Buyservlet: obtain the form data and prepare to connect to the third-party gateway. Because in index The JSP page only gives three parameters, while the third party needs more than n parameters. The parameters not given in the page are supplemented by buyservlet. Moreover, the parameters need to be encrypted, which also needs to complete the backservlet in the buyservlet: when the user pays successfully, the third party will redirect to the return page specified by us. We use the backservlet as the return page, which is used to receive the parameters passed by the third party and display them in the page
Because we already have a registered firm in Yibao, we don't have to register our own firm. Therefore, we use Yibao as a third-party payment platform to test. Because I don't have an e-commerce (e-commerce that must pass ICP certification), I can't register a business name with a third party.
The Yibao trade name we use now is provided by Chuanzhi podcast. Baba sports network is a trade name registered in Yibao. Therefore, the money paid during the test was given to the trade name registered by Baba sports network in Yibao.
Step 1: index jsp
Value for each bank:
Step 2: buyservlet java
Step 3: backservlet
Tools for obtaining HMAC provided by Alipay
EBay callback
Point to point: Yibao directly accesses e-commerce. There is nothing wrong with the client here
This method must be used. We can't receive it this way! Because we don't have a fixed IP, eBay has a retransmission mechanism. If it visits you and you don't give it back information, it will always retransmit! E-commerce needs to return a string beginning with success!
Guide the client browser to redirect to e-commerce. Is to let the client access e-commerce!
Can not use!
HMAC: 13 parameter value + keyValue (key) + algorithm (MD5)
13 parameter value: set by yourself! KeyValue: Yibao sent it to us after we registered. Only we and Yibao know this! The underlying algorithm is MD5: paymentutil Buildhmac (14), which returns HMAC
The above is the whole content of this article. I hope it will be helpful to your study, and I hope you can support programming tips.