微信开发之token认证

服务器配置以下

package com.dongpeng;

import java.security.MessageDigest;
import java.util.Arrays;

import javax.servlet.http.HttpServletResponse;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;

@Controller
@SpringBootApplication
public class Application {
	public static final String TOKEN = "lianghao_token";

	@RequestMapping("/")
	@ResponseBody
	public void index(String signature, String timestamp, String nonce, String echostr,HttpServletResponse response)throws Exception {
		System.out.println("signature:" + signature);
		System.out.println("timestamp:" + timestamp);
		System.out.println("nonce:" + nonce);
		System.out.println("echostr:" + echostr);
		System.out.println("TOKEN:" + TOKEN);
		String[] params = new String[] { TOKEN, timestamp, nonce };
		Arrays.sort(params);
		// 将三个参数字符串拼接成一个字符串进行sha1加密
		String clearText = params[0] + params[1] + params[2];
		String algorithm = "SHA-1";
		String sign = new String(org.apache.commons.codec.binary.Hex
				.encodeHex(MessageDigest.getInstance(algorithm).digest((clearText).getBytes()), true));
		// 开发者得到加密后的字符串可与signature对比，标识该请求来源于微信
		if (signature.equals(sign)) {
			response.getWriter().print(echostr);
		}
	}

	public static void main(String[] args) throws Exception {
		SpringApplication.run(Application.class, args);
	}
}

配置服务端后，提交下面信息

才能成功提交