前言

不了解如何接入JS-SDK的可以先看看上篇文章uni-app微信公眾號(hào)web JS-SDK開發(fā)之一接入

目標(biāo)

• 通過(guò)微信授權(quán)登錄到系統(tǒng)

微信登錄原理

注意上面的域名信息

實(shí)現(xiàn)微信登錄

先看一下微信文檔了解一下：網(wǎng)頁(yè)授權(quán)

回調(diào)域名配置(必須配置，是頁(yè)面不是接口)

后端實(shí)現(xiàn)code換OpenId

使用weixin-java-mp

maven依賴

 <dependency>
    <groupId>com.github.binarywang</groupId>
     <artifactId>weixin-java-mp</artifactId>
     <version>3.9.0</version>
 </dependency>

我沒(méi)用starter版，自己定義更靈活

初始化WxMpService

@Component
public class WxMpServiceDaemon {
    private WxMpService wxMpService;
    private String configHash;

    /**
     * get后不要緩存，因?yàn)闀?huì)被因配置的改變而實(shí)時(shí)刷新
     */
    public WxMpService getWxMpService() {
        if (StringUtils.isBlank(ProjectWxMpConfigBean.INSTANCE.getAppId())) {
            throw new RuntimeException("未配置公眾號(hào)AppId等字段");
        }
        if (StringUtils.isBlank(ProjectWxMpConfigBean.INSTANCE.getSecret())) {
            throw new RuntimeException("未配置公眾號(hào)AppSecret等字段");
        }
        String hash = SecureUtil.md5(ProjectWxMpConfigBean.INSTANCE.getAppId() + ProjectWxMpConfigBean.INSTANCE.getSecret() + ProjectWxMpConfigBean.INSTANCE.getToken() + ProjectWxMpConfigBean.INSTANCE.getAesKey());
        if (hash.equals(configHash) && null != wxMpService) {
            //配置未變，使用緩存
            return wxMpService;
        }
        WxMpServiceImpl wxMpService = new WxMpServiceImpl();
        WxMpDefaultConfigImpl conf = new WxMpDefaultConfigImpl();
        conf.setAppId(ProjectWxMpConfigBean.INSTANCE.getAppId());
        conf.setSecret(ProjectWxMpConfigBean.INSTANCE.getSecret());
        conf.setToken(ProjectWxMpConfigBean.INSTANCE.getToken());
        conf.setAesKey(ProjectWxMpConfigBean.INSTANCE.getAesKey());
        wxMpService.setWxMpConfigStorage(conf);
        configHash = hash;
        this.wxMpService = wxMpService;
        return wxMpService;
    }
}

自定義了WxMpServiceDaemon來(lái)獲取WxMpService，這種方式可以根據(jù)配置信息的改變而實(shí)時(shí)刷新WxMpService實(shí)現(xiàn)熱更換

code換OpenId

@Component
@Slf4j
public class WxmpAuthServiceImpl implements UserDetailsService {
    @Resource
    private AppUserWriteBiz appUserWriteBiz;
    @Resource
    private AppUserReadBiz appUserReadBiz;

    private Cache<String, String> codeCache = CacheBuilder.newBuilder().expireAfterWrite(5, TimeUnit.MINUTES).build();
    @Resource
    private WxMpServiceDaemon wxMpServiceDaemon;


    @Override
    public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
        WxMpOAuth2AccessToken session = null;
        String openId = "";
        synchronized (s.intern()) {
            openId = codeCache.getIfPresent(s);
            if (StringUtils.isBlank(openId)) {
                try {
                    session = wxMpServiceDaemon.getWxMpService().getOAuth2Service().getAccessToken(s);
                } catch (WxErrorException e) {
                    log.error("login by weixin mp error", e);
                    throw new BizException("微信登錄錯(cuò)誤");
                }
                openId = session.getOpenId();
                codeCache.put(s, openId);
            }

        }

        String finalOpenId = openId;
        AppUser appUser = Optional.ofNullable(appUserReadBiz.getByMpOpenId(openId)).orElseGet(() -> appUserWriteBiz.createMpUser(finalOpenId));
        if (null == appUser) {
            return null;
        }
        return new User(openId, appUser.getPassword(), getAuthorities());
    }

    private Collection<GrantedAuthority> getAuthorities() {
        List<GrantedAuthority> authList = new ArrayList<>();
        authList.add(new SimpleGrantedAuthority("ROLE_USER"));
        return authList;
    }
}

這里是基于Spring Security OAuth2實(shí)現(xiàn)的，可以根據(jù)關(guān)鍵代碼提煉
說(shuō)明一下這里的code即變量s，由于可能存在code重復(fù)訪問(wèn)、并發(fā)訪問(wèn)的問(wèn)題，所以我們加了鎖和使用了緩存來(lái)存儲(chǔ)code和openId關(guān)系，但這里注意一下，這里有安全隱患比如code泄露重復(fù)獲取登錄token，為了避免這樣的問(wèn)題，我們可以將接口api進(jìn)行url簽名保證每個(gè)請(qǐng)求的唯一性以及不可重復(fù)性。如果不想這么麻煩就把codeCache給去掉。