微信公众号无法使用post方法校验

• 服务器日志
  
• 服务器返回结果

java.lang.NullPointerException
    java.util.ComparableTimSort.countRunAndMakeAscending(ComparableTimSort.java:320)
    java.util.ComparableTimSort.sort(ComparableTimSort.java:188)
    java.util.Arrays.sort(Arrays.java:1246)
    space.zdq.util.SignUtil.checkSignature(SignUtil.java:30)
    space.zdq.servlet.CoreServlet.doPost(CoreServlet.java:61)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:648)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
    org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

• 源代码

public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        String signature = request.getParameter("signature");
        String timestamp = request.getParameter("timestamp");
        String nonce = request.getParameter("nonce");
        String echostr = request.getParameter("echostr");
        PrintWriter out = response.getWriter();
            if (SignUtil.checkSignature(signature, timestamp, nonce)) {
            out.print(echostr);
        }
        out.close();
        out = null;
    }
    public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        String signature = request.getParameter("signature");
        String timestamp = request.getParameter("timestamp");
        String nonce = request.getParameter("nonce");
        PrintWriter out = response.getWriter();
        if (SignUtil.checkSignature(signature, timestamp, nonce)) {
            String respXml = CoreService.processRequest(request);
            out.print(respXml);
            System.out.println(respXml);
        }
        out.close();
        out = null;
    }

    public static boolean checkSignature(String signature, String timestamp, String nonce) {
            String[] paramArr = new String[] { token, timestamp, nonce };
        System.out.println(paramArr);
        Arrays.sort(paramArr);
        String content = paramArr[0].concat(paramArr[1]).concat(paramArr[2]);
        String ciphertext = null;
        try {
            MessageDigest md = MessageDigest.getInstance("SHA-1");
            byte[] digest = md.digest(content.toString().getBytes());
            ciphertext = byteToStr(digest);
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        }
        return ciphertext != null ? ciphertext.equals(signature.toUpperCase()) : false;
    }

解决办法：将doPost方法中的数据校验去掉即SignUtil.checkSignature(signature, timestamp, nonce)；
猜想：可能是post数据包中没有这几个数据？正在学习Linux系统下抓包。等分析完包的内容就可以知道结果了。拭目以待吧。
今天查看tomcat logs时，发现手机端发送的post头部都会有 signature、echostr、timestap,而使用微信在线接口调试工具这几个参数都没有，只有一个空空的头部。这就是问题的所在。
将上述语句去掉后然后出现如下问题：

java
java.lang.NoClassDefFoundError: com/thoughtworks/xstream/io/HierarchicalStreamDriver
space.zdq.service.CoreService.processRequest(CoreService.java:29)
space.zdq.servlet.CoreServlet.doPost(CoreServlet.java:64)
javax.servlet.http.HttpServlet.service(HttpServlet.java:648)
javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

解决办法