前后端分离跨域CORS SPRING 4.2.4
2019-01-23 本文已影响0人
M_ENG
网上都没有讲解出最正确的方式
Filter
package com.ningpai.third.cors;
import com.ningpai.util.StringUtil;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Arrays;
import java.util.List;
/**
* CORS 过滤器
*
* @author MENG
* @version 2019/1/23
* @see
*/
public class CorsFilter implements Filter
{
private String allowOrigin;
private String allowMethods;
private String allowCredentials;
private String allowHeaders;
private String exposeHeaders;
@Override
public void init(FilterConfig filterConfig) throws ServletException
{
allowOrigin = filterConfig.getInitParameter("allowOrigin");
allowMethods = filterConfig.getInitParameter("allowMethods");
allowCredentials = filterConfig.getInitParameter("allowCredentials");
allowHeaders = filterConfig.getInitParameter("allowHeaders");
exposeHeaders = filterConfig.getInitParameter("exposeHeaders");
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException
{
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
if (StringUtil.isNotEmpty(allowOrigin))
{
List<String> allowOriginList = Arrays.asList(allowOrigin.split(","));
if (allowOriginList != null && allowOriginList.size() > 0)
{
String currentOrigin = request.getHeader("Origin");
if (allowOriginList.contains(currentOrigin))
{
response.setHeader("Access-Control-Allow-Origin", currentOrigin);
}
}
}
if (StringUtil.isNotEmpty(allowMethods))
{
response.setHeader("Access-Control-Allow-Methods", allowMethods);
}
if (StringUtil.isNotEmpty(allowCredentials))
{
response.setHeader("Access-Control-Allow-Credentials", allowCredentials);
}
if (StringUtil.isNotEmpty(allowHeaders))
{
response.setHeader("Access-Control-Allow-Headers", allowHeaders);
}
if (StringUtil.isNotEmpty(exposeHeaders))
{
response.setHeader("Access-Control-Expose-Headers", exposeHeaders);
}
chain.doFilter(req, res);
}
@Override
public void destroy() {
}
}
Web.xml
<!--CORS filter-->
<filter>
<filter-name>corsFilter</filter-name>
<filter-class>com.ningpai.third.cors.CorsFilter</filter-class>
<init-param>
<!--响应客户端 允许访问的客户端域名 *,则表示从任意域都能访问,即不做任何限制-->
<param-name>allowOrigin</param-name>
<param-value>http://localhost:8886</param-value>
</init-param>
<init-param>
<!--响应客户端 允许访问的方法名,多个方法名用逗号分割,例如:GET,POST,PUT,DELETE,OPTIONS-->
<param-name>allowMethods</param-name>
<param-value>GET,POST,PUT,DELETE,OPTIONS</param-value>
</init-param>
<init-param>
<!--响应客户端 客户端是否暴露cookie-->
<param-name>allowCredentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<!--响应客户端 允许请求服务端的请求头-->
<param-name>allowHeaders</param-name>
<param-value>Content-Type</param-value>
</init-param>
<init-param>
<!--响应客户端 默认请求头和自定义头-->
<param-name>exposeHeaders</param-name>
<param-value>Set-Cookie</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>corsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
$.ajax({
type: 'post',
url: 'http://xx.xxx.xx.xx:xxxx/login',
contentType: "application/json;charset=UTF-8",
data: JSON.stringify({"username":"woshicheshi","password":"11111q"}),
success:function(data)
{
alert(data);
},
xhrFields:
{
withCredentials: true
},
});
