我找不到使用 facebook credits api 使用 Java 和 JSP 创建回调的示例。我正在发布我的 Java/JSP 版本的 callback.php 示例。请记住将 appId 和 secretKey 变量替换为您的应用 ID 和密钥:
<%@ page import="java.net.*" %>
<%@ page import="java.util.*" %>
<%@ page import="java.security.*" %>
<%@ page import= "javax.crypto.*" %>
<%@ page import= "javax.crypto.spec.*" %>
<%@ page import="org.apache.commons.codec.binary.Base64" %>
<%@ page import="org.json.simple.parser.JSONParser" %>
<%@ page import="org.json.simple.JSONObject"%>
<%@ page import="org.json.simple.JSONArray"%>
//decode input string to base 64
public byte[] base64UrlDecode(String input){
return new Base64(true).decode(input.replace("-","+").replace("_","/").trim());
public String base64UrlEncode(byte[] input){
Base64 encoder = new Base64();
String encodedInput = "";
encodedInput = encoder.encodeBase64URLSafeString(input);
}catch (Exception e) {
return encodedInput;
* http://javaboutique.internet.com/tutorials/InitForms/special.html
public String replace(String s, String one, String another) {
// In a string replace one substring with another
if (s.equals("")) return "";
String res = "";
int i = s.indexOf(one,0);
int lastpos = 0;
while (i != -1) {
res += s.substring(lastpos,i) + another;
lastpos = i + one.length();
i = s.indexOf(one,lastpos);
res += s.substring(lastpos); // the rest
return res;
public Map parseSignedRequest(String signedRequest, String secretKey){
Map data = null;
if(signedRequest != null){
String[] split = signedRequest.split("\\.", 2);
//Get signature and payload data portions of signed request string
String encoded_sig = split[0];
String payload = split[1];
JSONParser parser = new JSONParser();
//parse json object
try {
data = (Map) parser.parse(new String(base64UrlDecode(payload)));
} catch (Exception e) {
String algorithm = (String) data.get("algorithm");
String userID = ((String) data.get("user_id"));
String authToken= ((String) data.get("oauth_token"));
String signature = "";
String expectedSignature = "";
System.out.println("ERROR: unknown algorithm");
return null;
byte[] sig = base64UrlDecode(encoded_sig);
Mac mac = Mac.getInstance("HmacSHA256");
SecretKeySpec key = new SecretKeySpec(secretKey .getBytes("UTF-8"), "HmacSHA256");
byte[] expectedSig = mac.doFinal(payload.getBytes("UTF-8"));
signature = base64UrlEncode(sig);
expectedSignature = base64UrlEncode(expectedSig);
} catch (Exception e) {
System.out.println("ERROR: Bad signed JSON signature");
return null;
}//end if
return data;
//facebook code
String appId = "xxxxxxx";
String secretKey = "xxxxxxxxxx";
String errorReason = request.getParameter("error_reason");
String signedRequest = request.getParameter("signed_request");
String responseType = request.getParameter("response_type");
* Parse the signed_request to verify it's from Facebook
Map requestMap = parseSignedRequest(signedRequest, secretKey);
// Grab values passed to this callback
String method = request.getParameter("method");
String order_id = request.getParameter("order_id");
JSONObject item = new JSONObject();
JSONObject returnData = new JSONObject();
JSONArray itemArray = new JSONArray();
String returnvalue = "";
if (requestMap == null) {
// Handle an unauthenticated request here
System.out.println("ERROR: Handle an unauthenticated request here");
//grab the order status
String nextState = "";
String status = request.getParameter("status");
String orderId = request.getParameter("order_id");
JSONParser parser = new JSONParser();
Map userjson = null;
try {
userjson = (Map) parser.parse(request.getParameter("order_details"));
}catch(Exception pe) {}
// Write your apps logic here for validating and recording a
// purchase here.
// Generally you will want to move states from `placed` -> `settled`
// here, then grant the purchasing user's in-game item to them.
if (status.equalsIgnoreCase("placed")) {
nextState = "settled";
//display date or add code to insert into a database
JSONArray itemsArray=(JSONArray)userjson.get("items");
for(int i=0; i < itemsArray.size(); i++){
JSONObject itemObj = (JSONObject)itemsArray.get(i);
System.out.println("item[" + i + "]= Buyer(" + userjson.get("buyer") + ") purchased Qty(" + userjson.get("amount") + ") " + itemObj.get("title") + " @ $" + itemObj.get("price"));
// Compose returning data
returnData.put("content", item);
returnData.put("method", "payments_status_update");
returnvalue = returnData.toJSONString();
} else if (method.equalsIgnoreCase("payments_get_items")) {
String item_info = request.getParameter("order_info");
//remove escape characters
item_info = item_info.replaceAll("\"", "");
if (item_info.equalsIgnoreCase("abc123")) {
// Per the credits api documentation, you should pass in an item
// reference and then query your internal DB for the proper
// information. Then set the item information here to be
// returned to facebook then shown to the user for confirmation.
item.put("title","BFF Locket");
item.put("description","This is a BFF Locket...");
} else {
// For the sake of the sample, we will default to this item if
// the `order_info` reference passed from your JS call is not matched
// above.
item.put("title","A Facebook Hat");
item.put("description","The coolest hat you\'ve ever seen.");
returnData.put("content", itemArray);
returnData.put("method", "payments_get_items");
returnvalue = returnData.toJSONString();
//return output data