微信公众号开发的参数:
signature 微信加密签名,signature结合了开发者填写的token参数和请求中的timestamp参数、nonce参数。
timestamp 时间戳
nonce 随机数
token 留在微信的钥匙
echostr随机字符串 验证成功本地服务器要out.print(echostr);双方服务器验证才成功!
timestamp,nonce,token 先排序后加密为字符串signature 则身份验证成功
timestamp,nonce,token 先排序后加密为字符串signature 则身份验证成功
public static boolean checksignature(String timestamp,String nonce,String signature){
boolean r=false;
//1
ArrayList<String> list = new ArrayList<String>();
list.add(timestamp);list.add(nonce);list.add(token);
//timestamp,nonce,token 先排序后加密为字符串==signature 则身份验证成功
Collections.sort(list);
//排序
String str=list.get(0)+list.get(1)+list.get(2);
//2SHA1加密
str=SHA1.encode(str);
//3
if(str.equals(signature)){
r=true;
}
return r;
}
servlet的get中调用上述方法,进行身份验证,一般是本地服务器servlet的get方法和微信服务器交互验证
成功则输出echostr–随机字符串 验证才成功
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
String signature,timestamp,nonce,echostr;
System.out.println("get");
if(request.getParameter("echostr")!=null){
signature=request.getParameter("signature");
timestamp=request.getParameter("timestamp");
nonce=request.getParameter("nonce");
echostr=request.getParameter("echostr");
if(Tools.checksignature(nonce,timestamp,signature)){
out.print(echostr);
}
}
out.flush();
out.close();
}
用户和本地服务器交互可以获取下面的参数,如下图
String signature,timestamp,nonce,openid;
signature=request.getParameter("signature");
timestamp=request.getParameter("timestamp");
nonce=request.getParameter("nonce");
openid=request.getParameter("openid");
//验证不通过
if(signature==null||timestamp==null||nonce==null||openid==null||!Tools.checksignature(timestamp, nonce, signature)){
System.out.println("非法信息来源!!");
out.print("你的IP已被记录,我们将采取报警措施"+request.getRemoteHost()+","+new Date().toLocaleString());
out.flush();
out.close();
return;
}
版权声明:本文为weixin_48462578原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明。