Home  >  Article  >  Java  >  What should I do if the JAVA WeChat public account development TOKEN fails to verify?

What should I do if the JAVA WeChat public account development TOKEN fails to verify?

coldplay.xixi
coldplay.xixiOriginal
2020-06-13 09:37:463727browse

What should I do if the JAVA WeChat public account development TOKEN fails to verify?

What should I do if TOKEN verification fails when developing JAVA WeChat public account?

Solution to JAVA WeChat public account development TOKEN verification failure:

When configuring the WeChat public platform server, token needs to be introduced, but when submitting it always It is prompted that the token verification failed because the WeChat backend did not detect the verification token code in your code. Then you should verify the token according to the official documents, and then return the result to the WeChat public platform after verification.

The verification code is:

 public class SignUtil {
    
      private static String token = "WnbVm6GTQj4BPmLliSday4K";//这里是自定义的token,需和你提交的token一致
 
      /**
       * 校验签名
       * 
       * @param signature
      *            签名
     * @param timestamp
      *            时间戳
      * @param nonce
      *            随机数
     * @return 布尔值
      */
     public static boolean checkSignature(String signature, String timestamp, String nonce) {
         String checktext = null;
         if (null != signature) {
             // 对ToKen,timestamp,nonce 按字典排序
             String[] paramArr = new String[] { token, timestamp, nonce };
             Arrays.sort(paramArr);
            
             try {
               MessageDigest md = MessageDigest.getInstance("SHA-1");
              // 对接后的字符串进行sha1加密
              byte[] digest = md.digest(content.toString().getBytes());
               checktext = byteToStr(digest);
           } catch (NoSuchAlgorithmException e) {
              e.printStackTrace();
           }
     }
       // 将加密后的字符串与signature进行对比
       return checktext != null ? checktext.equals(signature.toUpperCase()) : false;
    }
    /**
     * 将字节数组转化为16进制字符串
    * 
      * @param byteArrays
     *            字符数组
    * @return 字符串
     */
   private static String byteToStr(byte[] byteArrays) {
        String str = "";
        for (int i = 0; i < byteArrays.length; i++) {
           str += byteToHexStr(byteArrays[i]);
     }
       return str;
  }
   /**
    * 将字节转化为十六进制字符串
    * 
  * @param myByte
     *            字节
 * @return 字符串
  */
  private static String byteToHexStr(byte myByte) {
     char[] Digit = { &#39;0&#39;, &#39;1&#39;, &#39;2&#39;, &#39;3&#39;, &#39;4&#39;, &#39;5&#39;, &#39;6&#39;, &#39;7&#39;, &#39;8&#39;, &#39;9&#39;, &#39;A&#39;, &#39;B&#39;, &#39;C&#39;, &#39;D&#39;, &#39;E&#39;, &#39;F&#39; };
        char[] tampArr = new char[2];
     tampArr[0] = Digit[(myByte >>> 4) & 0X0F];
        tampArr[1] = Digit[myByte & 0X0F];
        String str = new String(tampArr);
      return str;
     }
 }

When submitting, the public platform will request your address and verify whether you have verified it in the background. The verification part:

 if (StringUtils.isNotBlank(request.getParameter("signature"))) {
             String signature = request.getParameter("signature");
            String timestamp = request.getParameter("timestamp");
             String nonce = request.getParameter("nonce");
             String echostr = request.getParameter("echostr");
             LOGGER.info("signature[{}], timestamp[{}], nonce[{}], echostr[{}]", signature, timestamp, nonce, echostr);
             if (SignUtil.checkSignature(signature, timestamp, nonce)) {
                LOGGER.info("数据源为微信后台,将echostr[{}]返回!", echostr);
                response.getOutputStream().println(echostr);
             }
         }

Recommended Tutorial: "JAVA Video Tutorial"

The above is the detailed content of What should I do if the JAVA WeChat public account development TOKEN fails to verify?. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn