/** 此逻辑为了确定请求来自微信服务器 */ @RequestMapping(value = "/api/wechat", method = RequestMethod.GET) public void service(HttpServletRequest request, HttpServletResponse response) throws IOException { logger.debug("验证是否来自微信请求"); response.setContentType("text/html;charset=utf-8"); response.setStatus(HttpServletResponse.SC_OK); String signature = request.getParameter("signature"); String nonce = request.getParameter("nonce"); String timestamp = request.getParameter("timestamp"); if (!WeChatConnector.getMpService().checkSignature(timestamp, nonce, signature)) { // 消息签名不正确,说明不是公众平台发过来的消息 response.getWriter().println("非法请求"); return; } String echostr = request.getParameter("echostr"); if (StringUtils.isNotBlank(echostr)) { // 说明是一个仅仅用来验证的请求,回显echostr response.getWriter().println(echostr); return; } String encryptType = StringUtils.isBlank(request.getParameter("encrypt_type")) ? "raw" : request.getParameter("encrypt_type"); if ("raw".equals(encryptType)) { // 明文传输的消息 WxMpXmlMessage inMessage = WxMpXmlMessage.fromXml(request.getInputStream()); WxMpXmlOutMessage outMessage = WeChatConnector.getMpMessageRouter().route(inMessage); if (outMessage != null) { response.getWriter().write(outMessage.toXml()); } return; } if ("aes".equals(encryptType)) { // 是aes加密的消息 String msgSignature = request.getParameter("msg_signature"); WxMpXmlMessage inMessage = WxMpXmlMessage.fromEncryptedXml( request.getInputStream(), WeChatConnector.getMpConfigStorage(), timestamp, nonce, msgSignature); WxMpXmlOutMessage outMessage = WeChatConnector.getMpMessageRouter().route(inMessage); response.getWriter().write(outMessage.toEncryptedXml(WeChatConnector.getMpConfigStorage())); return; } response.getWriter().println("不可识别的加密类型"); return; }