CAS实现SSO，解决AJAX请求跨域系列问题

最新推荐文章于 2025-02-25 13:36:38 发布

GavinYCF

最新推荐文章于 2025-02-25 13:36:38 发布

阅读量1.3k

点赞数

分类专栏：单点登录

原文链接：https://blog.youkuaiyun.com/github_39325328/article/details/81907429

版权

单点登录专栏收录该内容

13 篇文章

订阅专栏

本文介绍了如何在前后端分离的项目中，使用CAS实现单点登录（SSO）并解决跨域问题。针对前端发起的AJAX请求被CASFilter拦截导致的CORS错误，提出了两种解决方案：1) 在CASClient端添加自定义的跨域Filter，设置允许所有源访问；2) 在CASServer端的web.xml配置CORSFilter，同样允许所有源访问。确保前后端跨域请求的正常进行。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

CAS实现SSO，解决AJAX请求跨域系列问题

场景及问题描述：

项目为前后端分离，后台项目使用Spring Boot框架整合了CAS Client。前端发起ajax请求到CAS Client，被CAS Filter拦截器重定向到CAS Server，出现CORS跨域问题。

错误信息：

Chrome F12完整错误信息：

Failed to load [CAS client地址]: Redirect from '[CAS client地址]' to '[CAS server地址]' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin '[前端地址]' is therefore not allowed access.

Chrome F12关键错误信息：

 No 'Access-Control-Allow-Origin' header is present on the requested resource

解决方案：

1、CAS Client中定义一个跨域Filter，注意：跨域Filter优先级必须要高于CAS FIlter，否则请求会先被CAS Filter先行执行，加跨域Filter则无意义。这里优先级设定为@Order(value=0)，高于CAS FIlter。

import javax.servlet.*;

import javax.servlet.annotation.WebFilter;

import javax.servlet.http.HttpServletResponse;

import org.springframework.context.annotation.Configuration;

import org.springframework.core.annotation.Order;

import java.io.IOException;

@Configuration

@Order(value=0)

@WebFilter(filterName = "CorsFilterConfig", urlPatterns = "/*")

public class CorsFilterConfig implements Filter {

@Override

public void init(FilterConfig filterConfig) throws ServletException {

System.out.println("===============CorsFilterConfig执行=================");

}

@Override

public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,

FilterChain filterChain) throws IOException, ServletException {

HttpServletResponse res = (HttpServletResponse) servletResponse;

res.setHeader("Access-Control-Allow-Origin", "*");

res.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE, PUT");

res.setHeader("Access-Control-Max-Age", "1728000");

res.setHeader("Access-Control-Allow-Headers",

"Authentication, Authorization, content-type, Accept, x-requested-with, Cache-Control");

filterChain.doFilter(servletRequest, res);

}

@Override

public void destroy() {}

}

2、CAS Server项目下找到web.xml，进行跨域Filter配置，但是需要下载java-property-utils和cors-filter jar包，放到lib下

<filter>

<filter-name>CORS</filter-name>

<filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>

<init-param>

<param-name>cors.allowOrigin</param-name>

<param-value>*</param-value>

</init-param>

<init-param>

<param-name>cors.supportedMethods</param-name>

<param-value>GET, POST, HEAD, PUT, DELETE</param-value>

</init-param>

<init-param>

<param-name>cors.supportedHeaders</param-name>

<param-value>Accept, Origin, X-Requested-With, Content-Type, Last-Modified</param-value>

</init-param>

<init-param>

<param-name>cors.exposedHeaders</param-name>

<param-value>Set-Cookie</param-value>

</init-param>

<init-param>

<param-name>cors.supportsCredentials</param-name>

<param-value>true</param-value>

</init-param>

</filter>

<filter-mapping>

<filter-name>CORS</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

注意：如果只进行第1步对CAS Client跨域配置，不进行第2步对CAS Server跨域配置，则会出现以下错误信息：

Failed to load [CAS server地址?service=url]: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access.