For the access procedure, please refer to the WeChat public platform
Available test numbers for development testing
1. Fill in the server configuration (I used the test number for development), as shown in the figure below
2. Verify that the message comes from the WeChat server
Send request, request address: http://cmy.ngrok.xiaomiqiu.cn/wechat/chat (URL address configured in WeChat, WeChat public account interface must start with http:// or https://, respectively support 80 ports and 443 ports ) can be used for intranet penetration, specifically Baidu (the Xiaomi ball I use, the test is completely ok)
The specific verification request code is as follows:
@Controller @RequestMapping("/wechat") public class WxController { private final static String MEDIATYPE_CHARSET_JSON_UTF8 = MediaType.APPLICATION_JSON_VALUE + ";charset=UTF-8"; @RequestMapping(value = "/chat", method = {RequestMethod.GET, RequestMethod.POST}, produces = MEDIATYPE_CHARSET_JSON_UTF8) public void get(HttpServletRequest request, HttpServletResponse response) throws Exception { //If it is a get request, it is developer mode verification if ("get".equals(request.getMethod().toLowerCase())) { String signature = request.getParameter("signature"); String timestamp = request.getParameter("timestamp"); String nonce = request.getParameter("nonce"); String echostr = request.getParameter("echostr"); PrintWriter out = response.getWriter(); if (CheckUtil.checkSignature(signature, timestamp, nonce)) { //If the verification is successful, return the obtained random string in the same way out.print(echostr); } }else{
............... }
}
Verification tool class CheckUtil.java
public class CheckUtil { public static final String token = "xiaodou"; //Developers define their own Token public static boolean checkSignature(String signature,String timestamp,String nonce){ //1. Define an array to store tooken, timestamp, nonce String[] arr = {token,timestamp,nonce}; //2. Sort the array Arrays.sort(arr); //3. Generate a string StringBuffer sb = new StringBuffer(); for(String s : arr){ sb.append(s); } //4.sha1 encryption, there are ready-made codes on the Internet String temp = getSha1(sb.toString()); //5. Compare the encrypted string with the encrypted signature from WeChat, and return the result return temp.equals(signature); } public static String getSha1(String str){ if(str==null||str.length()==0){ return null; } char hexDigits[] = {'0','1','2','3','4','5','6','7','8','9', 'a','b','c','d','e','f'}; try { MessageDigest mdTemp = MessageDigest.getInstance("SHA1"); mdTemp.update(str.getBytes("UTF-8")); byte[] md = mdTemp.digest(); int j = md.length; char buf[] = new char[j*2]; int k = 0; for (int i = 0; i < j; i++) { byte byte0 = md[i]; buf[k++] = hexDigits[byte0 >>> 4 & 0xf]; buf[k++] = hexDigits[byte0 & 0xf]; } return new String(buf); } catch (Exception e) { // TODO: handle exception return null; } } }
Run the code, enter the corresponding URL and Token in the test number, and click Submit.
If the configuration is successful, it means that it has entered the developer mode and can start developing.