Beispiel #1
0
  @RequestMapping(
      value = {"wx/todo/listByPage"},
      method = RequestMethod.GET)
  public void verifyUrl(HttpServletRequest request, HttpServletResponse response)
      throws IOException {
    // 获取url验证参数
    java.util.Map<String, String> reqMap = QiYeUtil.requestServerParam(request);
    System.out.println("request=" + request.getRequestURL());

    PrintWriter out = response.getWriter();
    ApproveAccessSecret accessSecret = new ApproveAccessSecret();
    // 通过检验signature对请求进行校验,若校验成功则原样返回echostr,表示接入成功,否则接入失败
    String result = null;
    try {
      WXBizMsgCrypt wxcpt =
          new WXBizMsgCrypt(
              accessSecret.getToken(), accessSecret.getEncodingAESKey(), AccessSecret.CORPID);
      result =
          wxcpt.VerifyURL(
              reqMap.get("msg_signature"),
              reqMap.get("timestamp"),
              reqMap.get("nonce"),
              reqMap.get("echostr"));
    } catch (AesException e) {
      e.printStackTrace();
    }
    if (result == null) {
      result = accessSecret.getToken();
    }
    out.print(result);
    out.close();
    out = null;
  }
Beispiel #2
0
  @ResponseBody
  @RequestMapping(value = "/wx/todo/listByPage", method = RequestMethod.POST)
  public void listByPage(HttpServletRequest request, HttpServletResponse response)
      throws Exception {
    // 将请求、响应的编码均设置为UTF-8(防止中文乱码)
    request.setCharacterEncoding("UTF-8");
    response.setCharacterEncoding("UTF-8");

    // 获取url验证参数
    java.util.Map<String, String> reqMap = QiYeUtil.requestServerParam(request);

    // 从请求中读取整个post数据
    InputStream inputStream = request.getInputStream();
    String postData = IOUtils.toString(inputStream, "UTF-8");
    System.out.println(postData);
    ApproveAccessSecret accessSecret = new ApproveAccessSecret();

    //// 解密消息
    String msg = "";
    WXBizMsgCrypt wxcpt = null;
    try {
      wxcpt =
          new WXBizMsgCrypt(
              accessSecret.getToken(), accessSecret.getEncodingAESKey(), AccessSecret.CORPID);
      msg =
          wxcpt.DecryptMsg(
              reqMap.get("msg_signature"),
              reqMap.get("timestamp"),
              reqMap.get("nonce"),
              postData); // 解密消息
    } catch (AesException e) {
      e.printStackTrace();
    }
    System.out.println("msg=" + msg);

    // xml请求解析
    Map<String, String> requestMap = MessageUtil.parseXml(msg);
    String msgType = requestMap.get("MsgType"); // 消息类型
    String eventType = requestMap.get("Event"); // 事件类型
    if (!(msgType.equals(MessageUtil.REQ_MESSAGE_TYPE_EVENT)
        && (eventType.equalsIgnoreCase(MessageUtil.EVENT_TYPE_VIEW)))) {
      // 调用核心业务类接收消息、处理消息
      String respMessage = CoreService.processRequest(msg);
      System.out.println("respMessage=" + respMessage);
      String encryptMsg = "";
      try {
        // 加密回复消息
        encryptMsg = wxcpt.EncryptMsg(respMessage, reqMap.get("timestamp"), reqMap.get("nonce"));
      } catch (AesException e) {
        e.printStackTrace();
      }

      // 响应消息
      PrintWriter out = response.getWriter();
      out.print(encryptMsg);
      out.close();
    } else {
      // 设置agentId
      HttpSession session = request.getSession();
      if (session.getAttribute("accessSecret") == null)
        session.setAttribute("accessSecret", this.accessSecret);
    }
  }
  @Override
  protected void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    ServletInputStream inputStream = request.getInputStream();
    ServletOutputStream outputStream = response.getOutputStream();
    String signature = request.getParameter("signature");
    String timestamp = request.getParameter("timestamp");
    String nonce = request.getParameter("nonce");
    String echostr = request.getParameter("echostr");

    // 加密模式
    String encrypt_type = request.getParameter("encrypt_type");
    String msg_signature = request.getParameter("msg_signature");

    WXBizMsgCrypt wxBizMsgCrypt = null;
    // 加密方式
    boolean isAes = "aes".equals(encrypt_type);
    if (isAes) {
      try {
        wxBizMsgCrypt = new WXBizMsgCrypt(encodingToken, encodingAesKey, appId);
      } catch (AesException e) {
        e.printStackTrace();
      }
    }

    // 首次请求申请验证,返回echostr
    if (isAes && echostr != null) {
      try {
        echostr = URLDecoder.decode(echostr, "utf-8");
        String echostr_decrypt = wxBizMsgCrypt.verifyUrl(msg_signature, timestamp, nonce, echostr);
        outputStreamWrite(outputStream, echostr_decrypt);
        return;
      } catch (AesException e) {
        e.printStackTrace();
      }
    } else if (echostr != null) {
      outputStreamWrite(outputStream, echostr);
      return;
    }

    EventMessage eventMessage = null;
    if (isAes) {
      try {
        // 获取XML数据(含加密参数)
        String postData = StreamUtils.copyToString(inputStream, Charset.forName("utf-8"));
        // 解密XML 数据
        String xmlData = wxBizMsgCrypt.decryptMsg(msg_signature, timestamp, nonce, postData);
        // XML 转换为bean 对象
        eventMessage = XMLConverUtil.convertToObject(EventMessage.class, xmlData);
      } catch (AesException e) {
        e.printStackTrace();
      }
    } else {
      // 验证请求签名
      if (!signature.equals(SignatureUtil.generateEventMessageSignature(token, timestamp, nonce))) {
        System.out.println("The request signature is invalid");
        return;
      }

      if (inputStream != null) {
        // XML 转换为bean 对象
        eventMessage = XMLConverUtil.convertToObject(EventMessage.class, inputStream);
      }
    }

    String expireKey =
        eventMessage.getFromUserName()
            + "__"
            + eventMessage.getToUserName()
            + "__"
            + eventMessage.getMsgId()
            + "__"
            + eventMessage.getCreateTime();
    if (expireSet.contains(expireKey)) {
      // 重复通知不作处理
      return;
    } else {
      expireSet.add(expireKey);
    }

    // 创建回复
    XMLTextMessage xmlTextMessage =
        new XMLTextMessage(eventMessage.getFromUserName(), eventMessage.getToUserName(), "你好");
    // 回复
    xmlTextMessage.outputStreamWrite(outputStream, wxBizMsgCrypt);
  }