微信認證signature timestamp nonce echostr
微信認證原理java
2.填寫服務器配置json
3.驗證服務器地址的有效性,驗證原理,Token, timestamp, nonce三個參數按照字典排序,拼接成string,而後判斷是否和signature相等數組
4.依據接口文檔實現業務邏輯緩存
package com.xp.cn.servlet;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.PrintWriter;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.logging.Logger;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.sf.json.JSONObject;
import net.sf.json.xml.XMLSerializer;
public class WeiXinParamServlet extends HttpServlet{
private Logger log =Logger.getLogger(this.getClass().getName());
private static final long serialVersionUID = 1L;
private String Token;
private String echostr;
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
connect(request,response);
}
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
message(request,response);
}
@Override
public void init() throws ServletException {
Token="xp******************";
}
/**
*@author xp
*@desc 接入鏈接生效驗證</p>
*/
private void connect(HttpServletRequest request,HttpServletResponse response) throws ServletException, IOException{
log.info("RemoteAddr: "+ request.getRemoteAddr());
log.info("QueryString: "+ request.getQueryString());
if(!accessing(request, response)){
log.info("服務器接入失敗.......");
return ;
}
String echostr=getEchostr();
if(echostr!=null && !"".equals(echostr)){
log.info("服務器接入生效..........");
response.getWriter().print(echostr);//完成相互認證
}
}
/**
* @author xp
* Date 2013-04-19
* @desc用來接收微信公衆平臺的驗證
*/
private boolean accessing(HttpServletRequest request, HttpServletResponse response)throws ServletException, IOException {
//微信加密簽名,signature結合了開發者填寫的token參數和請求中的timestamp參數、nonce參數。
String signature = request.getParameter("signature");//微信加密簽名
String timestamp = request.getParameter("timestamp");//時間戳
String nonce = request.getParameter("nonce");//隨機數
String echostr = request.getParameter("echostr");//隨機數字符串
if(isEmpty(signature)){
return false;
}
if(isEmpty(timestamp)){
return false;
}
if(isEmpty(nonce)){
return false;
}
if(isEmpty(echostr)){
return false;
}
String[] ArrTmp = { Token, timestamp, nonce };
Arrays.sort(ArrTmp);
StringBuffer sb = new StringBuffer();
for (int i = 0; i < ArrTmp.length; i++) {
sb.append(ArrTmp[i]);
}
String pwd = Encrypt(sb.toString());
//pwd 8052946b7c82d34982bcfcf04ddaa065917dd33f
//signature 8052946b7c82d34982bcfcf04ddaa065917dd33f
log.info("signature:"+signature+"timestamp:"+timestamp+"nonce:"+nonce+"pwd:"+pwd+"echostr:"+echostr);
if(trim(pwd).equals(trim(signature))){
this.echostr =echostr;
return true;
}else{
return false;
}
}
private String Encrypt(String strSrc) {
MessageDigest md = null;
String strDes = null;
byte[] bt = strSrc.getBytes();
try {
md = MessageDigest.getInstance("SHA-1");
md.update(bt);
strDes = bytes2Hex(md.digest()); //to HexString
} catch (NoSuchAlgorithmException e) {
System.out.println("Invalid algorithm.");
return null;
}
return strDes;
}
public String bytes2Hex(byte[] bts) {
String des = "";
String tmp = null;
for (int i = 0; i < bts.length; i++) {
tmp = (Integer.toHexString(bts[i] & 0xFF));
if (tmp.length() == 1) {
des += "0";
}
des += tmp;
}
return des;
}
public String getEchostr(){
return echostr;
}
/**
*@author xp
*@desc XML組裝組件</p>
*/
private void message(HttpServletRequest request,HttpServletResponse response) throws ServletException, IOException{
InputStream is = request.getInputStream();
// 取HTTP請求流長度
int size = request.getContentLength();
// 用於緩存每次讀取的數據
byte[] buffer = new byte[size];
// 用於存放結果的數組
byte[] xmldataByte = new byte[size];
int count = 0;
int rbyte = 0;
// 循環讀取
while (count < size) {
// 每次實際讀取長度存於rbyte中
rbyte = is.read(buffer);
for(int i=0;i<rbyte;i++) {
xmldataByte[count + i] = buffer[i];
}
count += rbyte;
}
is.close();
String requestStr = new String(xmldataByte, "UTF-8");
try{
manageMessage(requestStr,request,response);
}catch(Exception e){
e.printStackTrace();
}
}
/**
* @author xp
* @param
* @desc 業務轉發組件
*
*/
private void manageMessage(String requestStr,HttpServletRequest request,HttpServletResponse response)throws ServletException,IOException{
String responseStr;
try {
XMLSerializer xmlSerializer=new XMLSerializer();
JSONObject jsonObject =(JSONObject) xmlSerializer.read(requestStr);
String event =jsonObject.getString("Event");
String msgtype =jsonObject.getString("MsgType");
if("CLICK".equals(event) && "event".equals(msgtype)){ //菜單click事件
String eventkey =jsonObject.getString("EventKey");
if("hytd_001".equals(eventkey)){ // hytd_001 這是好友團隊按鈕的標誌值
jsonObject.put("Content", "歡迎使用好友團隊菜單click按鈕.");
}
}
responseStr =creatRevertText(jsonObject);//建立XML
log.info("responseStr:"+responseStr);
OutputStream os =response.getOutputStream();
os.write(responseStr.getBytes("UTF-8"));
} catch (Exception e) {
e.printStackTrace();
}
}
private String creatRevertText(JSONObject jsonObject){
StringBuffer revert =new StringBuffer();
revert.append("<xml>");
revert.append("<ToUserName><![CDATA["+jsonObject.get("ToUserName")+"]]></ToUserName>");
revert.append("<FromUserName><![CDATA["+jsonObject.get("FromUserName")+"]]></FromUserName>");
revert.append("<CreateTime>"+jsonObject.get("CreateTime")+"</CreateTime>");
revert.append("<MsgType><![CDATA[text]]></MsgType>");
revert.append("<Content><![CDATA["+jsonObject.get("Content")+"]]></Content>");
revert.append("<FuncFlag>0</FuncFlag>");
revert.append("</xml>");
return revert.toString();
}
private boolean isEmpty(String str){
return null ==str || "".equals(str) ? true :false;
}
private String trim(String str){
return null !=str ? str.trim() : str;
}
}
相關文章
- 1. c#微信公衆號開發一----基本設置,服務器配置token驗證,獲取timestamp/nonce/signature
- 2. 微信開發之token認證
- 3. Node.js + Express 認證微信公衆號
- 4. 微信token驗證
- 5. 微信 token 驗證
- 6. 微信公衆號開發 (1) 微信接入認證成爲開發者
- 7. 微信開發之(一)微信驗證
- 8. .net 微信Token驗證
- 9. 微信驗證代碼
- 10. 微信小程序【消息推送服務器認證C# WebAPI】
- 更多相關文章...
- • MySQL默認值(DEFAULT) - MySQL教程
- • XML 驗證 - XML 教程
- • Spring Cloud 微服務實戰(三) - 服務註冊與發現
- • 使用阿里雲OSS+CDN部署前端頁面與加速靜態資源
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
