微信公众号开发-JS-SDK使用权限签名算法

1.第一步要获取access_token

可以直接参考微信提供的: https://developers.weixin.qq.com/doc/offiaccount/Basic_Information/Get_access_token.html
这一步不难就不多赘述了

2.获取jsapi_ticket

采用http GET方式请求获得jsapi_ticket（有效期7200秒，开发者必须在自己的服务全局缓存jsapi_ticket）
url为:https://api.weixin.qq.com/cgi-bin/ticket/getticket?access_token=ACCESS_TOKEN&type=jsapi

3.进行签名

--------------------------------------------------------------------------------------
@RequestMapping("/getSignature")
public String getSignature(String url) {
    if (StringUtil.isEmpty(url)) {
        return JsonMessage.getString(300, MessageConst.PARAMETER_FAIL);
    }
    long timeMillis = System.currentTimeMillis() / 1000;
    //随机字符串
    int noncestr = Math.abs(new Random().nextInt());
    String appId = WeChatUtil.getWechatPublicNumberAppID();
    JSONObject jsonObject = WeChatUtil.getPublicNumberAccessTokenByCode();
    String accessToken = jsonObject.getString("access_token");
    JSONObject jsapiTicket = WeChatUtil.getJsapiTicket(accessToken);
    System.out.println(jsapiTicket);
    String ticket = jsapiTicket.getString("ticket");
    String str = "jsapi_ticket=" + ticket + "&noncestr=" + noncestr + "&timestamp=" + timeMillis + "&url=" + url;
    String signature = WeChatUtil.sha1(str);
    Map<String, String> map = new HashMap<>();
    map.put("noncestr", noncestr + "");
    map.put("time_millis", timeMillis + "");
    map.put("app_id", appId);
    map.put("signature", signature);
    return JsonMessage.getString(200, MessageConst.ACTION_SUCCESS, map);
}
--------------------------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
public static String sha1(String decript) {
    try {
        MessageDigest digest = java.security.MessageDigest.getInstance("SHA-1");
        digest.update(decript.getBytes());
        byte[] messageDigest = digest.digest();
        // Create Hex String
        StringBuilder hexString = new StringBuilder();
        // 字节数组转换为 十六进制 数
        for (byte b : messageDigest) {
            String shaHex = Integer.toHexString(b & 0xFF);
            if (shaHex.length() < 2) {
                hexString.append(0);
            }
            hexString.append(shaHex);
        }
        return hexString.toString();
    } catch (NoSuchAlgorithmException e) {
        log.error("微信签名时失败,请检查!", e);
    }
    return "";
}
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

***判断签名是否正确可以到: https://mp.weixin.qq.com/debug/cgi-bin/sandbox?t=jsapisign
***我这里遇到一个bug,仔细检查一下,是因为我用的是毫秒时间戳,而微信要使用秒,文档里并没有写.MMP
***这里微信的开放平台里需要配置有两处:
1.设置 – 公众号设置 – 功能设置里的相关操作
2.开放 – 基本设置 – ip白名单
***代码可以直接拷贝我的就行