本文主要是介绍微信公众号开发1-验证消息的确来自微信服务器,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
1 进入测试号
2 使用ngrok实现内网穿透
3 验证消息的确来自微信服务器
WxMessageController.java
package com.torey.shxqgy.shxqgy.controller;import com.torey.shxqgy.shxqgy.service.WxService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;/*** @ClassName:WxMessage* @Description:* @author: Torey*/
@RestController
public class WxMessageController {@Autowiredprivate HttpServletRequest request;@Autowiredprivate HttpServletResponse response;@RequestMapping(value = "/wx/wxRes",method = RequestMethod.GET )public void wxMessageGet(){System.out.println("GET");yanZhengWx();}@RequestMapping(value = "/wx/wxRes",method = RequestMethod.POST )public void wxMessagePost(){System.out.println("POST");}private boolean yanZhengWx() {String signature =request.getParameter("signature");//微信加密签名,signature结合了开发者填写的token参数和请求中的timestamp参数、nonce参数。String timestamp =request.getParameter("timestamp");//时间戳String nonce =request.getParameter("nonce");//随机数String echostr =request.getParameter("echostr");//随机字符串//校验请求if(WxService.check(timestamp,nonce,signature)){PrintWriter writer = null;try {writer = response.getWriter();} catch (IOException e) {e.printStackTrace();}//原样返回echost参数writer.print(echostr);writer.flush();writer.close();System.out.println("接入成功");}else {System.out.println("接入失败");}return true;}
}
WxService.java
package com.torey.shxqgy.shxqgy.service;import com.torey.shxqgy.shxqgy.config.WxConfig;
import org.apache.commons.lang3.StringUtils;import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;/*** @ClassName:WxService* @Description:* @author: Torey*/
public class WxService {/*** @author: LiTaoFeng* @description:验证签名*/public static boolean check(String timestamp,String nonce,String signature) {//1)将token、timestamp、nonce三个参数进行字典序排序// 2)将三个参数字符串拼接成一个字符串进行sha1加密// 3)开发者获得加密后的字符串可与signature对比,标识该请求来源于微信//1)将token、timestamp、nonce三个参数进行字典序排序String[] strs=new String[]{WxConfig.TOKEN,timestamp,nonce};Arrays.sort(strs);// 2)将三个参数字符串拼接成一个字符串进行sha1加密String str = StringUtils.join(strs, "");String shal = shal(str);System.out.println(shal);System.out.println(signature);return shal.equalsIgnoreCase(signature);}/*** @author: LiTaoFeng* @description:进行shal加密*/private static String shal(String src){//获取一个加密对象MessageDigest md = null;try {md = MessageDigest.getInstance("sha1");char[] chars={'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'};StringBuilder sb = new StringBuilder();//加密byte[] digest = md.digest(src.getBytes());//处理加密结果for (byte b : digest) {sb.append(chars[(b>>4)&15]) ;sb.append(chars[b&15]);}return sb.toString();} catch (NoSuchAlgorithmException e) {e.printStackTrace();}return null;}
}
这篇关于微信公众号开发1-验证消息的确来自微信服务器的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
