java微信小程序授权微信登录获取手机号

1.调用微信登录wx.login()获取code,通过code调用后台,获取信息sessionId

    /**
     * 获取微信小程序session_key
     *
     * @param jsonStr
     * @return
     */
    @RequestMapping(value = "/getSessionKey", method = RequestMethod.POST, produces = "application/json;charset=utf-8")
    @ResponseBody
    public JSONObject getSessionKey(@RequestBody String jsonStr) {
        JSONObject result = new JSONObject();
        JSONObject object = JSON.parseObject(jsonStr);
        String code = object.getString("code");
        if (StringUtil.isBlank(code)) {
            return ApiResult.fail("参数为空");
        }
        // appid
        String appId ="" //公众号appid
        // 微信密匙
        String appSecret ="" //密匙

        String res = SendHttps.sendGet("https://api.weixin.qq.com/sns/jscode2session", "appid=" + appId + "&secret=" + appSecret + "&js_code=" + code + "&grant_type=authorization_code");
        net.sf.json.JSONObject resultObject = net.sf.json.JSONObject.fromObject(res);
        if (resultObject.containsKey("errcode")) {
            int errcode = resultObject.getInt("errcode");
            result.put("message","获取access_token出错!错误信息为:" + resultObject.get("errmsg").toString(), "" + errcode);
        } else {
            String sessionKey = resultObject.get("session_key").toString();
            String openId = resultObject.get("openid").toString();
            RedisClient.set(openId + "session_key", sessionKey, 600);
            result.put("sessionId", openId + "session_key");
        }
        return result;
    }

2.前台通过js获取到微信服务器返回的加密数据,结合sessionId解密得到手机号。官方连接:https://developers.weixin.qq.com/miniprogram/dev/framework/open-ability/getPhoneNumber.html

    /**
     * 微信小程序获取手机号
     *
     * @param jsonStr
     * @return
     */
    @RequestMapping(value = "/getPhoneNumber", method = RequestMethod.POST, produces = "application/json;charset=utf-8")
    @ResponseBody
    public JSONObject getPhoneNumber(@RequestBody String jsonStr) {
        JSONObject object = JSON.parseObject(jsonStr);
        String encryptedData = object.getString("encryptedData");
        String iv = object.getString("iv");
        String sessionId = object.getString("sessionId");
        // 获取session_key
        String session_key = RedisClient.get(sessionId);
        if (StringUtil.isEmpty(session_key)) {
            return ApiResult.fail("session已失效,请重试");
        }
        // 被加密的数据
        byte[] dataByte = Base64.decode(encryptedData);
        // 加密秘钥
        byte[] keyByte = Base64.decode(session_key);
        // 偏移量
        byte[] ivByte = Base64.decode(iv);
        try {
            // 如果密钥不足16位,那么就补足.  这个if 中的内容很重要
            int base = 16;
            if (keyByte.length % base != 0) {
                int groups = keyByte.length / base + (keyByte.length % base != 0 ? 1 : 0);
                byte[] temp = new byte[groups * base];
                Arrays.fill(temp, (byte) 0);
                System.arraycopy(keyByte, 0, temp, 0, keyByte.length);
                keyByte = temp;
            }
            // 初始化
            Security.addProvider(new BouncyCastleProvider());
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            SecretKeySpec spec = new SecretKeySpec(keyByte, "AES");
            AlgorithmParameters parameters = AlgorithmParameters.getInstance("AES");
            parameters.init(new IvParameterSpec(ivByte));
            cipher.init(Cipher.DECRYPT_MODE, spec, parameters);// 初始化
            byte[] resultByte = cipher.doFinal(dataByte);
            if (null != resultByte && resultByte.length > 0) {
                String result = new String(resultByte, "UTF-8");
                return JSONObject.parseObject(result);
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
        return "获取手机号失败";
    }

3.后台通过url请求

public class SendHttps {
    /**
     * 向指定URL发送GET方法的请求
     *
     * @param url   发送请求的URL
     * @param param 请求参数,请求参数应该是 name1=value1&name2=value2 的形式。
     * @return URL 所代表远程资源的响应结果
     */
    public static String sendGet(String url, String param) {
        String result = "";
        BufferedReader in = null;
        try {
            String urlNameString = url + "?" + param;
            URL realUrl = new URL(urlNameString);
            // 打开和URL之间的连接
            URLConnection connection = realUrl.openConnection();
            // 设置通用的请求属性
            connection.setRequestProperty("accept", "*/*");
            connection.setRequestProperty("connection", "Keep-Alive");
            connection.setRequestProperty("user-agent",
                    "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;SV1)");
            // 建立实际的连接
            connection.connect();
            // 获取所有响应头字段
            Map> map = connection.getHeaderFields();
            // 遍历所有的响应头字段
            for (String key : map.keySet()) {
                System.out.println(key + "--->" + map.get(key));
            }
            // 定义 BufferedReader输入流来读取URL的响应
            in = new BufferedReader(new InputStreamReader(
                    connection.getInputStream(), "utf-8"));
            String line;
            while ((line = in.readLine()) != null) {
                result += line;
            }
        } catch (Exception e) {
            System.out.println("发送GET请求出现异常!" + e);
            e.printStackTrace();
        }
        // 使用finally块来关闭输入流
        finally {
            try {
                if (in != null) {
                    in.close();
                }
            } catch (Exception e2) {
                e2.printStackTrace();
            }
        }
        return result;
    }
}

微信小程序获取手机号流程

1.先调用微信登录wx.login()获取code,通过code在后台获取session_key和openid(为了安全方面的原因,请不要直接使用这些信息作为你小程序的用户标识和session标识回传到小程序客户端中去)

2.用户点击允许授权按钮,将后台获取的session_key 和 js获取的加密数据,做为参数和自定义标识传给后台

3.后台接收到参数后,进行加密数据解密算法,最后取得手机号

你可能感兴趣的:(java微信小程序授权微信登录获取手机号)