本篇内容主要讲解“java中怎么实现token服务器验证”,感兴趣的朋友不妨来看看。本文介绍的方法操作简单快捷,实用性强。下面就让小编来带大家学习“java中怎么实现token服务器验证”吧!
import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.io.PrintWriter; @WebServlet("/wx") public class WeixinServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { String signature = req.getParameter("signature"); // 微信加密签名 String timestamp = req.getParameter("timestamp"); // 时间戳 String nonce = req.getParameter("nonce"); // 随机数 String echostr = req.getParameter("echostr"); // 随机字符串 PrintWriter out = resp.getWriter(); if (CheckUtil.checkSignature(signature, timestamp, nonce)) { out.print(echostr); } } @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) { } }
CheckUtil中进行sha-1加密,对比和signature是否相同
import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.util.Arrays; /** * 微信公众号进行服务器校验检查token方法 */ @Slf4j public class CheckUtil { // 与接口配置信息中的Token要一致 private static String token = "Token"; //校验签名 public static boolean checkSignature(String signature, String timestamp, String nonce) { log.info("signature:" + signature + "timestamp:" + timestamp + "nonc:" + nonce); System.out.println("signature:" + signature + "timestamp:" + timestamp + "nonc:" + nonce); // 将token、timestamp、nonce三个参数进行字典序排序 String[] arr = new String[]{token, timestamp, nonce}; Arrays.sort(arr); StringBuilder content = new StringBuilder(); for (String s : arr) { content.append(s); } MessageDigest md = null; String tmpStr = null; try { md = MessageDigest.getInstance("SHA-1"); // 将三个参数字符串拼接成一个字符串进行sha1加密 byte[] digest = md.digest(content.toString().getBytes()); tmpStr = CheckUtil.byteToStr(digest); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); log.error("sha-1加密发生错误:" + Arrays.toString(e.getStackTrace())); } content = null; // 将sha1加密后的字符串可与signature对比,标识该请求来源于微信 String msg = "本次校验的结果是:" + tmpStr.equals(signature.toUpperCase()); log.info(msg); return tmpStr != null ? tmpStr.equals(signature.toUpperCase()) : false; } /** * 将字节数组转换为十六进制字符串 * * @param byteArray * @return */ private static String byteToStr(byte[] byteArray) { String strDigest = ""; for (int i = 0; i < byteArray.length; i++) { strDigest += CheckUtil.byteToHexStr(byteArray[i]); } return strDigest; } /** * 将字节转换为十六进制字符串 * * @param mByte * @return */ private static String byteToHexStr(byte mByte) { char[] Digit = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'}; char[] tempArr = new char[2]; tempArr[0] = Digit[(mByte >>> 4) & 0X0F]; tempArr[1] = Digit[mByte & 0X0F]; String s = new String(tempArr); return s; } }
到此,相信大家对“java中怎么实现token服务器验证”有了更深的了解,不妨来实际操作一番吧!这里是亿速云网站,更多相关内容可以进入相关频道进行查询,关注我们,继续学习!
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。