SpringMVC CORS 解決跨域問題

NO IMAGE

1、補充知識

同源策略(Same origin policy)是一種約定,它是瀏覽器最核心也最基本的安全功能,如果缺少了同源策略,則瀏覽器的正常功能可能都會受到影響。

所謂同源是指,域名,協議,埠相同。

 目前主流的跨域訪問技術有JSONP和CORS,JSONP的優勢在於能夠支援較老版本的瀏覽器,弱勢在於只能處理GET的請求,而CORS的優勢在於能處理所有型別的請求,但弱勢在於不能處理IE8以下版本的請求

2、跨域解決方法

(1)web.xml加入過濾器配置

<filter>
<filter-name>CORS</filter-name>
<filter-class>com.fh.filter.CrossDomainFilter</filter-class>
<init-param>
<param-name>cors.allowOrigin</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.supportedMethods</param-name>
<param-value>GET, POST, HEAD, PUT, DELETE</param-value>
</init-param>
<init-param>
<param-name>cors.supportedHeaders</param-name>
<param-value>Accept, Origin, XRequestedWith, Content-Type, LastModified</param-value>
</init-param>
<init-param>
<param-name>cors.exposedHeaders</param-name>
<param-value>SetCookie</param-value>
</init-param>
<init-param>
<param-name>cors.supportsCredentials</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CORS</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

(2)過濾器配置類

package com.fh.filter;
import com.thetransactioncompany.cors.*;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.Arrays;
import java.util.List;
public class CrossDomainFilter extends CORSFilter {
private final List<String> allowedOrigins = Arrays.asList("http://localhost:8088","http://www.wedive.com:9000");
private CORSConfiguration config;
private CORSRequestHandler handler;
public CrossDomainFilter() {
}
public CrossDomainFilter(CORSConfiguration config) {
this.setConfiguration(config);
}
@Override
public void setConfiguration(CORSConfiguration config) {
this.config = config;
this.handler = new CORSRequestHandler(config);
}
@Override
public CORSConfiguration getConfiguration() {
return this.config;
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
CORSConfigurationLoader configLoader = new CORSConfigurationLoader(filterConfig);
try {
this.setConfiguration(configLoader.load());
} catch (CORSConfigurationException var4) {
throw new ServletException(var4.getMessage(), var4);
}
}
private void printMessage(CORSException corsException, HttpServletResponse response) throws IOException, ServletException {
response.setStatus(corsException.getHTTPStatusCode());
response.resetBuffer();
response.setContentType("text/plain");
PrintWriter out = response.getWriter();
out.println("Cross-Origin Resource Sharing (CORS) Filter: "   corsException.getMessage());
}
private void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
CORSRequestType type = CORSRequestType.detect(request);
if (this.config.tagRequests) {
RequestTagger.tag(request, type);
}
try {
if (type.equals(CORSRequestType.ACTUAL)) {
this.handler.handleActualRequest(request, response);
CORSResponseWrapper responseWrapper = new CORSResponseWrapper(response);
chain.doFilter(request, responseWrapper);
} else if (type.equals(CORSRequestType.PREFLIGHT)) {
this.handler.handlePreflightRequest(request, response);
} else if (this.config.allowGenericHttpRequests) {
chain.doFilter(request, response);
} else {
this.printMessage(CORSException.GENERIC_HTTP_NOT_ALLOWED, response);
}
} catch (CORSException var6) {
this.printMessage(var6, response);
}
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
if (request instanceof HttpServletRequest && response instanceof HttpServletResponse) {
this.doFilter((HttpServletRequest)request, (HttpServletResponse)response, chain);
} else {
throw new ServletException("Cannot filter non-HTTP requests/responses");
}
}
@Override
public void destroy() {
}
}