forked from chanjarster/weixin-java-tools
-
-
Notifications
You must be signed in to change notification settings - Fork 8.5k
MP_验证消息合法性
Binary Wang edited this page Jan 30, 2024
·
4 revisions
在将你的服务器接入到微信平台的时候,以及每次微信推送消息给你的服务器的时候,你都应该按照微信的要求对推送过来的消息进行校验,确保这些消息是从微信平台发送过来的。
下面的代码假设你已经有了一个WxMpService
实例,怎么构造看Quick Start
String timestamp = ...;
String nonce = ...;
String signature = ...;
if (!wxMpService.checkSignature(timestamp, nonce, signature)) {
// 消息不合法
}
// 消息合法
String encType = request.getParameter("encrypt_type");
String nonce = request.getParameter("nonce");
String timestamp = request.getParameter("timestamp");
String msgSignature = request.getParameter("msg_signature");
String signature = request.getParameter("signature");
String openid = request.getParameter("openid");
log.info("接收微信请求:[openid=[{}], [openid=[{}],[signature=[{}], encType=[{}], msgSignature=[{}],"
+ " timestamp=[{}], nonce=[{}], requestBody=[{}] ",
appid, openid, signature, encType, msgSignature, timestamp, nonce, requestBody);
if (!this.wxMpService.switchover(appid)) {
throw new IllegalArgumentException(String.format("未找到对应appid=[%s]的配置,请核实!", appid));
}
if (!wxMpService.checkSignature(timestamp, nonce, signature)) {
throw new IllegalArgumentException("非法请求,可能属于伪造的请求!");
}
return ResponseEntity.ok("");