diff --git a/README.md b/README.md
index 5b1709fa011c0ac88118d18176d35a259e7d7d9c..21da26fec39e7c09e3927d8fae2af7856d292ac2 100644
--- a/README.md
+++ b/README.md
@@ -17,7 +17,7 @@ jfinal weixin 的 spring boot starter,这个starter是为了方便boot用户
- * ApiConfigKit.getApiConfig(); - *- */ - ApiConfigKit.setThreadLocalAppId(appId); + // 如果是服务器配置请求,则配置服务器并返回 if (isConfigServerRequest(request)) { - configServer(request, response); + configServer(request, response, token); return false; } + // 判断是否多公众号,将 appId 与当前线程绑定,以便在后续操作中方便获取ApiConfig对象: + if (isWx) { + ApiConfigKit.setThreadLocalAppId(appId); + } // 对开发测试更加友好 if (ApiConfigKit.isDevMode()) { return true; } else { // 签名检测 - if (checkSignature(request, response)) { + if (checkSignature(request, token)) { return true; } else { WebUtils.renderText(response, "签名验证失败,请确定是微信服务器在发送消息过来"); @@ -74,7 +81,7 @@ public class MsgInterceptor extends HandlerInterceptorAdapter { /** * 检测签名 */ - private boolean checkSignature(HttpServletRequest request, HttpServletResponse response) { + private boolean checkSignature(HttpServletRequest request, String token) { String signature = request.getParameter("signature"); String timestamp = request.getParameter("timestamp"); String nonce = request.getParameter("nonce"); @@ -82,7 +89,7 @@ public class MsgInterceptor extends HandlerInterceptorAdapter { logger.error("check signature failure"); return false; } - if (SignatureCheckKit.me.checkSignature(signature, timestamp, nonce)) { + if (checkSignature(token, signature, timestamp, nonce)) { return true; } else { logger.error("check signature failure: " + @@ -106,13 +113,13 @@ public class MsgInterceptor extends HandlerInterceptorAdapter { * @param request HttpServletRequest * @param response HttpServletResponse */ - private void configServer(HttpServletRequest request, HttpServletResponse response) { + private void configServer(HttpServletRequest request, HttpServletResponse response, String token) { // 通过 echostr 判断请求是否为配置微信服务器回调所需的 url 与 token String echostr = request.getParameter("echostr"); String signature = request.getParameter("signature"); String timestamp = request.getParameter("timestamp"); String nonce = request.getParameter("nonce"); - boolean isOk = SignatureCheckKit.me.checkSignature(signature, timestamp, nonce); + boolean isOk = checkSignature(token, signature, timestamp, nonce); if (isOk && !response.isCommitted()) { WebUtils.renderText(response, echostr); } else { @@ -120,6 +127,14 @@ public class MsgInterceptor extends HandlerInterceptorAdapter { } } + private boolean checkSignature(String token, String signature, String timestamp, String nonce) { + String[] array = new String[]{token, timestamp, nonce}; + Arrays.sort(array); + String tempStr = array[0] + array[1] + array[2]; + tempStr = HashKit.sha1(tempStr); + return tempStr.equalsIgnoreCase(signature); + } + @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception { super.afterCompletion(request, response, handler, ex); diff --git a/spring-boot-starter-weixin/src/main/java/net/dreamlu/weixin/spring/WebUtils.java b/spring-boot-starter-weixin/src/main/java/net/dreamlu/weixin/spring/WebUtils.java index b8f210d7e0cab23641b746536f76841fb7dcb5fb..03ae1b0541313e95f5e1ecc4159a29b50341ec88 100644 --- a/spring-boot-starter-weixin/src/main/java/net/dreamlu/weixin/spring/WebUtils.java +++ b/spring-boot-starter-weixin/src/main/java/net/dreamlu/weixin/spring/WebUtils.java @@ -7,6 +7,11 @@ import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.io.PrintWriter; +/** + * web工具类 + * + * @author L.cm + */ class WebUtils { private static final Log logger = LogFactory.getLog(WebUtils.class); diff --git a/spring-boot-weixin-demo/pom.xml b/spring-boot-weixin-demo/pom.xml index c2f6b1bfa06256de8da14c489261a04ba745bc9d..f9e989f1ed84a9b4633864913c75db5f968f2b01 100644 --- a/spring-boot-weixin-demo/pom.xml +++ b/spring-boot-weixin-demo/pom.xml @@ -33,7 +33,7 @@