微信开发(二)开发者模式接口接入

微信开发者模式一些参数简介

1.开发者提交信息后，微信服务器将发送GET请求到填写的服务器地址URL上，GET请求携带参数如下表所示：

signature	微信加密签名，signature结合了开发者填写的token参数和请求中的timestamp参数、nonce参数。
timestamp	时间戳
nonce	随机数
echostr	随机字符串

2.开发者通过检验signature对请求进行校验（下面有校验方式）。若确认此次GET请求来自微信服务器，请原样返回echostr参数内容，则接入生效，成为开发者成功，否则接入失败。加密/校验流程如下：

1）将token、timestamp、nonce三个参数进行字典序排序

2）将三个参数字符串拼接成一个字符串进行sha1加密

3）开发者获得加密后的字符串可与signature对比，标识该请求来源于微信

对应源代码

①加密/校验方法代码

 1 package com.util;
 2 
 3 import java.security.MessageDigest;
 4 import java.util.Arrays;
 5 
 6 public class CheckUtil {
 7  private static final String token="grantward";
 8   public static boolean checkSignature(String signature,String timestamp,String nonce){
 9       
10       String []arr=new String[]{token,timestamp,nonce};
11       //排序
12       Arrays.sort(arr);
13       //生成字符串
14       StringBuffer content=new StringBuffer();
15       for (int i = 0; i < arr.length; i++) {
16           content.append(arr[i]);
17         
18     }
19       String temp=getSha1(content.toString());
20       System.out.println("x-->"+temp);
21       System.out.println("z>>>"+signature);
22       return temp.equals(signature);
23       
24       
25       
26   }
27  //sha1加密
28   private static String getSha1(String str) {
29       if (str == null || str.length() == 0) {
30       return null;
31       }
32       char hexDigits[] = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
33       MessageDigest mdTemp;
34       try {
35       mdTemp = MessageDigest.getInstance("SHA1");
36       mdTemp.update(str.getBytes("UTF-8"));
37       byte[] md = mdTemp.digest();
38       int j = md.length;
39       char buf[] = new char[j * 2];
40       int k = 0;
41       for (int i = 0; i < j; i++) {
42       byte b0 = md[i];
43       buf[k++] = hexDigits[b0 >>> 4 & 0xf];
44       buf[k++] = hexDigits[b0 & 0xf];
45       }
46       return new String(buf);
47       } catch (Exception e) {
48       return null;
49       }
50       }
51 }

②servlet代码

 1 package com.servlet;
 2 
 3 import java.io.IOException;
 4 import java.io.PrintWriter;
 5 import java.util.Date;
 6 import java.util.Map;
 7 
 8 import javax.servlet.ServletException;
 9 import javax.servlet.http.HttpServlet;
10 import javax.servlet.http.HttpServletRequest;
11 import javax.servlet.http.HttpServletResponse;
12 
13 import org.dom4j.DocumentException;
14 
15 import com.po.TextMessage;
16 import com.util.MessagesUitl;
17 
18 import sun.misc.MessageUtils;
19 
20 
21 
22 public class WeixinServlet extends HttpServlet{
23 @Override
24 protected void doGet(HttpServletRequest req, HttpServletResponse resp)
25         throws ServletException, IOException {
26     String signature=req.getParameter("signature");
27     String timestamp=req.getParameter("timestamp");
28     String nonce=req.getParameter("nonce");
29     String echostr=req.getParameter("echostr");
30     PrintWriter out=resp.getWriter();
31     if (com.util.CheckUtil.checkSignature(signature, timestamp, nonce)) {
32         System.out.println();
33         out.print(echostr);
34     }else{
35         System.out.println("不匹配");
36     }
37 }
38 74 }