Java微信登录验证

@RequestMapping(value = "/wxLogin", method = RequestMethod.GET)
public String wxLogin(HttpServletRequest request,
                      HttpServletResponse response)
        throws ParseException {
    //这个url的域名必须要进行再公众号中进行注册验证，这个地址是成功后的回调地址
    String backUrl="http://www.*******.com/wx/callBack";
    // 用户同意授权，获取code
    String url ="https://open.weixin.qq.com/connect/oauth2/authorize?appid="+WXAuthUtil.APPID
            + "&redirect_uri="+ URLEncoder.encode(backUrl)
            + "&response_type=code"
            + "&scope=snsapi_userinfo"
            + "&state=STATE#wechat_redirect";

    logger.info("forward重定向地址{" + url + "}");
    //response.sendRedirect(url);
    return "redirect:"+url;//必须重定向，否则不能成功
}    

@RequestMapping(value = "/callBack", method = RequestMethod.GET)
    public String callBack(ModelMap modelMap, HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        // 获取code
        String code =req.getParameter("code");
        // 通过code换取网页授权access_token
        String url = "https://api.weixin.qq.com/sns/oauth2/access_token?appid="+WXAuthUtil.APPID
                + "&secret="+WXAuthUtil.APPSECRET
                + "&code="+code
                + "&grant_type=authorization_code";

        JSONObject jsonObject = WXAuthUtil.doGetJson(url);
        String openid = jsonObject.getString("openid");
        String access_token = jsonObject.getString("access_token");
        String refresh_token = jsonObject.getString("refresh_token");

        // 验证access_token是否失效；展示都不需要
        String chickUrl="https://api.weixin.qq.com/sns/auth?access_token="+access_token+"&openid="+openid;
        JSONObject chickuserInfo = WXAuthUtil.doGetJson(chickUrl);
        
        if(!"0".equals(chickuserInfo.getString("errcode"))){
            // 刷新access_token（如果需要）-----暂时没有使用,参考文档https://mp.weixin.qq.com/wiki，
            String refreshTokenUrl="https://api.weixin.qq.com/sns/oauth2/refresh_token?appid="+openid+"&grant_type=refresh_token&refresh_token="+refresh_token;

            JSONObject refreshInfo = WXAuthUtil.doGetJson(chickUrl);
            access_token=refreshInfo.getString("access_token");
        }

        // 拉取用户信息(需scope为 snsapi_userinfo)
        String infoUrl = "https://api.weixin.qq.com/sns/userinfo?access_token="+access_token
                + "&openid="+openid
                + "&lang=zh_CN";
        JSONObject userInfo = WXAuthUtil.doGetJson(infoUrl);

        // 验证通过以下进行相关操作
        return "login";
    }

需要的WXAuthUtil工具类：

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.util.EntityUtils;

import java.io.IOException;

public class WXAuthUtil {
    public static final String APPID="wx34e818e60f644382";
    public static final String APPSECRET ="7d7aa6cb54b44eb95a059d2100fe11ed";
    private static final String TOKEN = "ewrewrwe34sadasdtrre42";
    public static JSONObject doGetJson(String url) throws ClientProtocolException, IOException {
        JSONObject jsonObject =null;
        DefaultHttpClient client = new DefaultHttpClient();
//        CloseableHttpClient client = HttpClients.createDefault();
        HttpGet httpGet =new HttpGet(url);
        HttpResponse response =  client.execute(httpGet);
        HttpEntity entity =response.getEntity();
        if(entity!=null)
        {
            //把返回的结果转换为JSON对象
            String result = EntityUtils.toString(entity, "UTF-8");
            jsonObject = JSON.parseObject(result);
        }

        return jsonObject;
    }
}