- 服务器日志
- 服务器返回结果
java.lang.NullPointerException
java.util.ComparableTimSort.countRunAndMakeAscending(ComparableTimSort.java:320)
java.util.ComparableTimSort.sort(ComparableTimSort.java:188)
java.util.Arrays.sort(Arrays.java:1246)
space.zdq.util.SignUtil.checkSignature(SignUtil.java:30)
space.zdq.servlet.CoreServlet.doPost(CoreServlet.java:61)
javax.servlet.http.HttpServlet.service(HttpServlet.java:648)
javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
- 源代码
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String signature = request.getParameter("signature");
String timestamp = request.getParameter("timestamp");
String nonce = request.getParameter("nonce");
String echostr = request.getParameter("echostr");
PrintWriter out = response.getWriter();
if (SignUtil.checkSignature(signature, timestamp, nonce)) {
out.print(echostr);
}
out.close();
out = null;
}
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String signature = request.getParameter("signature");
String timestamp = request.getParameter("timestamp");
String nonce = request.getParameter("nonce");
PrintWriter out = response.getWriter();
if (SignUtil.checkSignature(signature, timestamp, nonce)) {
String respXml = CoreService.processRequest(request);
out.print(respXml);
System.out.println(respXml);
}
out.close();
out = null;
}
public static boolean checkSignature(String signature, String timestamp, String nonce) {
String[] paramArr = new String[] { token, timestamp, nonce };
System.out.println(paramArr);
Arrays.sort(paramArr);
String content = paramArr[0].concat(paramArr[1]).concat(paramArr[2]);
String ciphertext = null;
try {
MessageDigest md = MessageDigest.getInstance("SHA-1");
byte[] digest = md.digest(content.toString().getBytes());
ciphertext = byteToStr(digest);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
return ciphertext != null ? ciphertext.equals(signature.toUpperCase()) : false;
}
解决办法:将doPost方法中的数据校验去掉即SignUtil.checkSignature(signature, timestamp, nonce);
猜想:可能是post数据包中没有这几个数据?正在学习Linux系统下抓包。等分析完包的内容就可以知道结果了。拭目以待吧。
今天查看tomcat logs时,发现手机端发送的post头部都会有 signature、echostr、timestap,而使用微信在线接口调试工具这几个参数都没有,只有一个空空的头部。这就是问题的所在。
将上述语句去掉后然后出现如下问题:
java
java.lang.NoClassDefFoundError: com/thoughtworks/xstream/io/HierarchicalStreamDriver
space.zdq.service.CoreService.processRequest(CoreService.java:29)
space.zdq.servlet.CoreServlet.doPost(CoreServlet.java:64)
javax.servlet.http.HttpServlet.service(HttpServlet.java:648)
javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)