Wechat Public Number Development Notes

Keywords: Java SHA1 Tomcat


This project is based on the java web project, using tomcat as the web container. (Conditionally, you can use your own server and domain name to operate)

First, we use natapp intranet penetration (or ngrok, personally recommended natapp)

Intranet penetration tutorial Baidu

By running natapp -authtoken ***** (***** represents the token he gave you on natapp's official website) in the DOS window, we can get the following picture. At this time, we can access Tomcat 80 port through tree. natapp 1. cc.


Note: My domain name here is tree.natapp1.cc, and my friends need to access it according to the domain name they set up.


After we start tomcat, we can access the 8080 port of Tomcat through the domain name we set up, which shows that we have succeeded.

Okay, let's start creating projects.

Note: the jar package that Wechat needs this time is servlet-api.jar (because I didn't import this package later in the process of my own development, so please remind me)

First create the weixinServlet file (when created, we can modify the access address as shown in the figure)

We select the content in the URL mapping and click Edit to change it to whatever we want to access.

We know that the background of Wechat will send signature, timestamp, nonce, echostr by GET.

We compare token, timestamp, nonce with signature after sha1 encryption in lexicographic order.

The sha1 encryption algorithm and weixinServlet code involved are as follows.

These can be explained in detail in Mr. Luo Zhaoyong's video, links I put below.

 1 package servlet;
 3 import java.io.IOException;
 4 import java.io.PrintWriter;
 6 import javax.servlet.ServletException;
 7 import javax.servlet.ServletInputStream;
 8 import javax.servlet.ServletOutputStream;
 9 import javax.servlet.annotation.WebServlet;
10 import javax.servlet.http.HttpServlet;
11 import javax.servlet.http.HttpServletRequest;
12 import javax.servlet.http.HttpServletResponse;
13 import service.WxService;
14 /**
15  * Servlet implementation class weixinServlet
16  */
17 @WebServlet("/wx")
18 public class weixinServlet extends HttpServlet {
19     private static final long serialVersionUID = 1L;
21     /**
22      * Default constructor. 
23      */
24     public weixinServlet() {
25         // TODO Auto-generated constructor stub
26     }
27     /**
28      * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
29      */
30     protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
32     String signature=request.getParameter("signature");
33     String timestamp=request.getParameter("timestamp");
34     String nonce=request.getParameter("nonce");
35     String echostr=request.getParameter("echostr");
37     if(WxService.check(timestamp,nonce,signature)) {
38         System.out.println("Access success");    
39         PrintWriter out=response.getWriter();
40         out.print(echostr);
41         out.flush();
42         out.close();
43     }
44     else {
45         System.out.println("fail");
46     }
47     }
49     /**
50      * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
51      */
52     protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
53     ServletInputStream is=request.getInputStream();
54     byte[] b=new byte[1024];
55     int len;
56     StringBuilder sb=new StringBuilder();
57     while((len=is.read(b))!=-1) {
58         sb.append(new String(b,0,len));
59     }
60     System.out.println(sb.toString());
61     }
62 }

WxService.java is as follows

package service;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;

public class WxService {
	private static final String TOKEN="bestsegho0914";
   public static boolean check(String timestamp,String nonce,String signature) {

	   String[] strs=new String[] {TOKEN,timestamp,nonce};
	   String str=strs[0]+strs[1]+strs[2]; 
	   String mysig=sha1(str);
	   return mysig.equals(signature);   
   private static String sha1(String src) {
	   try {
		MessageDigest md=MessageDigest.getInstance("sha1");
	   byte[] digest=md.digest(src.getBytes());
	   char[] chars= {'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'};
	  StringBuilder sb=new StringBuilder();
	  for (byte b:digest) {
	   return sb.toString();
	   } catch (NoSuchAlgorithmException e) {
		// TODO Auto-generated catch block
	return null;   

I'm also the first time to develop Wechat's java. I share some information I'm looking at, hoping to help my friends who want to learn the development of Wechat.

Luo Zhaoyong's java development: https://www.bilibili.com/video/av35042298

Wechat Development Help Document: https://developers.weixin.qq.com/doc/offiaccount/Getting_Started/Overview.html

Wechat public account test number application entry: https://mp.weixin.qq.com/debug/cgi-bin/sandbox?t=sandbox/login

ps: All articles are used for personal learning and only for personal understanding.

Posted by superhoops on Fri, 11 Oct 2019 01:41:44 -0700