Spring 跨域问题CORS (Cross Origin Resources Share)

于 2018-11-28 09:19:00 发布
阅读量221 收藏 1
点赞数
CC 4.0 BY-SA版权
文章标签: java web.xml 测试
原文链接:http://www.cnblogs.com/Qi1007/p/10030245.html
本文详细介绍Spring框架中解决跨域问题的三种方法:CorsFilter过滤器、CorsConfiguration Bean及@CrossOrigin注解。通过具体代码示例,展示了如何配置允许的来源、方法、头部和凭证,实现灵活的跨域请求。

1、Spring给我们提供了三种跨域方法

  1. CorsFilter 过滤器
  2. CorsConfiguration Bean
  3. @CrossOrigin 注解

2、CorsFilter 过滤器

CorsFilter代码如下:

package com.xiaobai.filter;

import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

@WebFilter(filterName = "MyFilter")
public class MyFilter implements Filter {

    public void destroy() {
    }
    String allowList [] = null;

    @Override
    public void init(FilterConfig config) throws ServletException {
        String origins = config.getInitParameter("allowList");
        if(origins != null){
            if(origins.equals("*")){
                allowList = new String[]{"*"};
            }else {
                allowList = origins.split(",");
            }
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws ServletException, IOException {
        HttpServletResponse response = (HttpServletResponse) servletResponse;
        HttpServletRequest request = (HttpServletRequest) servletRequest;

        String origin = request.getHeader("Origin");
        if (origin != null && !origin.isEmpty()) {
            for (String s : allowList) {
                if (s.equals(origin) || s.equals("*")) {
                    response.setHeader("Access-Control-Allow-Origin", origin);
                }
            }
        }
        chain.doFilter(request, response);
    }
}

web.xml代码如下:

    <filter>
        <filter-name>MyFilter</filter-name>
        <filter-class>com.xiaobai.filter.MyFilter</filter-class>

        <init-param>
            <param-name>allowList</param-name>
            <param-value>http://127.0.0.1:8081, http://192.168.2.24:8081</param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>MyFilter</filter-name>
        <url-pattern>/aa</url-pattern>
    </filter-mapping>

3、CorsConfiguration Bean

<mvc:cors>:

<mvc:cors>
  <mvc:mapping path="/xxx"
               allowed-origins="http://localhost:7070"
               allowed-methods="GET, POST"
               allowed-headers="Accept-Charset, Accept, Content-Type"
               allow-credentials="true" />
  <mvc:mapping path="/yyy/*"
               allowed-origins="*"
               allowed-methods="*"
               allowed-headers="*" />
</mvc:cors>

4、@CrossOrigin 注解

@CrossOrigin 注解本质上也是用来配置 CorsConfiguration。

@CrossOrigin代码如下:

@CrossOrigin
public class CORSController {
    public String cors(@RequestParam(defaultValue = "callback") String callback, HttpServletResponse response) {
        // 最原始的方式,手动写请求头
        response.setHeader("Access-Control-Allow-Origin", "http://192.168.163.1:8081");
        return callback + "('hello')";
    }


    // 将跨域设置在方法上
    @RequestMapping("/cors")
    @CrossOrigin(origins = {"http://localhost:8080", "http://remotehost:82323"},
                 methods = {RequestMethod.GET, RequestMethod.POST},
                 allowedHeaders = {"Content-Type", "skfjksdjfk"},
                 allowCredentials = "true",
                 maxAge = 1898978
                 )
    @RequestMapping("/rrr")
    public String rrr(@RequestParam(defaultValue = "callback") String callback) {
        return callback + "('rrr')";
    }
}

5、其实也可以采用全注解的方式

结合 @ControllerAdvice 使用,进行全局化:

@Component
@ControllerAdvice
@CrossOrigin
public class CorsAdvice {
}

  

 

转载于:https://www.cnblogs.com/Qi1007/p/10030245.html

CGGAO
关注
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值