@Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { ServletInputStream inputStream = request.getInputStream(); ServletOutputStream outputStream = response.getOutputStream(); String signature = request.getParameter("signature"); String timestamp = request.getParameter("timestamp"); String nonce = request.getParameter("nonce"); String echostr = request.getParameter("echostr"); // 加密模式 String encrypt_type = request.getParameter("encrypt_type"); String msg_signature = request.getParameter("msg_signature"); WXBizMsgCrypt wxBizMsgCrypt = null; // 加密方式 boolean isAes = "aes".equals(encrypt_type); if (isAes) { try { wxBizMsgCrypt = new WXBizMsgCrypt(encodingToken, encodingAesKey, appId); } catch (AesException e) { e.printStackTrace(); } } // 首次请求申请验证,返回echostr if (isAes && echostr != null) { try { echostr = URLDecoder.decode(echostr, "utf-8"); String echostr_decrypt = wxBizMsgCrypt.verifyUrl(msg_signature, timestamp, nonce, echostr); outputStreamWrite(outputStream, echostr_decrypt); return; } catch (AesException e) { e.printStackTrace(); } } else if (echostr != null) { outputStreamWrite(outputStream, echostr); return; } EventMessage eventMessage = null; if (isAes) { try { // 获取XML数据(含加密参数) String postData = StreamUtils.copyToString(inputStream, Charset.forName("utf-8")); // 解密XML 数据 String xmlData = wxBizMsgCrypt.decryptMsg(msg_signature, timestamp, nonce, postData); // XML 转换为bean 对象 eventMessage = XMLConverUtil.convertToObject(EventMessage.class, xmlData); } catch (AesException e) { e.printStackTrace(); } } else { // 验证请求签名 if (!signature.equals(SignatureUtil.generateEventMessageSignature(token, timestamp, nonce))) { System.out.println("The request signature is invalid"); return; } if (inputStream != null) { // XML 转换为bean 对象 eventMessage = XMLConverUtil.convertToObject(EventMessage.class, inputStream); } } String expireKey = eventMessage.getFromUserName() + "__" + eventMessage.getToUserName() + "__" + eventMessage.getMsgId() + "__" + eventMessage.getCreateTime(); if (expireSet.contains(expireKey)) { // 重复通知不作处理 return; } else { expireSet.add(expireKey); } // 创建回复 XMLTextMessage xmlTextMessage = new XMLTextMessage(eventMessage.getFromUserName(), eventMessage.getToUserName(), "你好"); // 回复 xmlTextMessage.outputStreamWrite(outputStream, wxBizMsgCrypt); }