网上有很多教程,这里作为本人学习笔记记录。网上教程大多是PHP版本,由于我比较喜欢Java,这里用Java进行配置。
基本步骤参考官网
填写好token和URL之后下面要求验证服务器地址有效性
下面是代码
import java.io.IOException; import java.io.PrintWriter; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import com.xinshidaisudi.util.SignUtil; public class CoreServlet extends HttpServlet { /** * Constructor of the object. */ public static final String token = "Token";//token 这里要跟你刚才填写的Token一致 public CoreServlet() { super(); } /** * Destruction of the servlet. <br> */ public void destroy() { super.destroy(); // Just puts "destroy" string in log // Put your code here } /** * The doGet method of the servlet. <br> * * This method is called when a form has its tag value method equals to get. * * @param request the request send by the client to the server * @param response the response send by the server to the client * @throws ServletException if an error occurred * @throws IOException if an error occurred */ public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { //签名 String singature = request.getParameter("signature"); //时间戳 String timestamp = request.getParameter("timestamp"); //随机数 String nonce = request.getParameter("nonce"); //随机字符串 String echostr = request.getParameter("echostr"); //System.out.println("echostr: " + singature); //System.out.println("timestamp: " + timestamp); //System.out.println("nonce: " + nonce); //System.out.println("echostr: " + echostr); // 开发者通过检验signature对请求进行校验(下面有校验方式)。 // 若确认此次GET请求来自微信服务器,请原样返回echostr参数内容,则接入生效,成为开发者成功,否则接入失败。 PrintWriter out = response.getWriter(); if(SignUtil.checkSingature(token, singature, timestamp, nonce)){ out.write(echostr); } out.close(); out = null; } /** * The doPost method of the servlet. <br> * * This method is called when a form has its tag value method equals to post. * * @param request the request send by the client to the server * @param response the response send by the server to the client * @throws ServletException if an error occurred * @throws IOException if an error occurred */ public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { } /** * Initialization of the servlet. <br> * * @throws ServletException if an error occurs */ public void init() throws ServletException { // Put your code here } }
SignUtil.checkSingature(token, singature, timestamp, nonce)方法:
public static boolean checkSingature(String token,String singature ,String timestamp,String nonce){ String[] arr = new String[]{token,timestamp,nonce}; Arrays.sort(arr);//进行字典排序 //将字符串拼接成一个字符串 StringBuilder strBUilder = new StringBuilder(); for(String s : arr){ strBUilder.append(s); } String str = strBUilder.toString(); //sha1加密 StringBuilder builder = new StringBuilder(); try { MessageDigest md = MessageDigest.getInstance("SHA-1"); md.update(str.getBytes()); byte[] b = md.digest(); //转换成16进制字符串 for(byte bb : b){ String s = Integer.toHexString(bb & 0xff); if(s.length() == 1) builder.append("0"); builder.append(s); } } catch (NoSuchAlgorithmException e) { // TODO Auto-generated catch block e.printStackTrace(); } String result = builder.toString();//得到SHA加密后结果 //System.out.println("result: " + result); return result != null? result.equals(singature.toLowerCase()) :false; }
这样就完成了基本的接入。