付存在钓鱼风险
是由于商户直接在服务端提交请求到支付宝网关地址导致出现这样的情况。
因电脑网站支付是需要在前端显示付款页面让用户进行扫码或者输入密码进行付款的,所以不是直接服务端请求直接扣用户的余额的。因此商户可以使用form表单提交或者HTTP方式提交到支付宝,才能返回正确的付款页面。
可以参考【电脑网站支付接口】的示例代码来生成请求form表单,示例代码(JAVA)如下:
public void doPost(HttpServletRequest httpRequest, HttpServletResponse httpResponse) throws ServletException, IOException { AlipayClient alipayClient = new DefaultAlipayClient("https://openapi.alipay.com/gateway.do", APP_ID, APP_PRIVATE_KEY, FORMAT, CHARSET, ALIPAY_PUBLIC_KEY, SIGN_TYPE); //获得初始化的AlipayClient AlipayTradePagePayRequest alipayRequest = new AlipayTradePagePayRequest();//创建API对应的request alipayRequest.setReturnUrl("http://domain.com/CallBack/return_url.jsp"); alipayRequest.setNotifyUrl("http://domain.com/CallBack/notify_url.jsp");//在公共参数中设置回跳和通知地址 alipayRequest.setBizContent("{" + " \"out_trade_no\":\"20150320010101001\"," + " \"product_code\":\"FAST_INSTANT_TRADE_PAY\"," + " \"total_amount\":88.88," + " \"subject\":\"Iphone6 16G\"," + " \"body\":\"Iphone6 16G\"," + " \"passback_params\":\"merchantBizType%3d3C%26merchantBizNo%3d2016010101111\"," + " \"extend_params\":{" + " \"sys_service_provider_id\":\"2088511833207846\"" + " }"+ " }");//填充业务参数 String form=""; try { form = alipayClient.pageExecute(alipayRequest).getBody(); //调用SDK生成表单 } catch (AlipayApiException e) { e.printStackTrace(); } httpResponse.setContentType("text/html;charset=" + CHARSET); httpResponse.getWriter().write(form);//直接将完整的表单html输出到页面 httpResponse.getWriter().flush(); httpResponse.getWriter().close();}也可以下载DEMO参考:[url]https://docs.open.alipay.com/270/106291/[/url]
