本文讲述了新员工入职第一天遇到的跨域和权限认证问题,通过深入解析并实现了一个Spring Boot的自定义CORS过滤器,重点强调了Order注解在控制过滤器优先级的作用,以及前端请求完整过滤链的理解。
刚入职的第一天,就碰到了一个问题就是跨域加上权限认证的问题,排查了一天的问题,最后通过
import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@Order(Ordered.HIGHEST_PRECEDENCE)
@Component
@WebFilter(filterName = "corsFilter", urlPatterns = {"/*"})
class CustomCorsConfiguration implements Filter {
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain filterChain) throws IOException,ServletException {
HttpServletResponse response = (HttpServletResponse) res;
HttpServletRequest reqs=(HttpServletRequest)req ;
response.setHeader("Access-Control-Allow-Origin", reqs.getHeader("Origin"));
response.setHeader("Access-Control-Allow-Credentials","true");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE, PUT");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "Content-Type,Access-Token,Authorization,X-Requested-with");
if("OPTIONS".equalsIgnoreCase(((HttpServletRequest)req).getMethod())){
response.setStatus(HttpServletResponse.SC_OK);
}else{
filterChain.doFilter(req, res);
}
}
}
主要是order注解,控制过滤器的权限最高
最后,还需要思考的是从前端发起请求,怎么才算是一个完整的过滤链?order的注解的原理是什么?
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
