一、方法:
- 服務端設置Respone Header頭中Access-Control-Allow-Origin
- 配合前台使用jsonp
- 繼承WebMvcConfigurerAdapter 添加配置類
二、實例:
后台(spring boot 1.3.7.RELEASE):
1、用一個Filter進行了身份驗證同時進行了跨域處理,具體代碼:
public class AuthFilter implements Filter { // @Autowired //這個不能自動注入servlet和filter是被tomcat管理的 private BaseUserService baseUserService; private String[] excludePaths; @Override public void init(FilterConfig filterConfig) throws ServletException { System.out.println("initFilter"); //不能在初始化中通過Appliaction Context獲取因為這時候還沒初始化Application Context //baseUserService = SpringUtils.getBean("baseUserService", BaseUserService.class); excludePaths = new String[]{"/api/user/noLogin", "/api/user/tokenError", "/api/user/loginForeground", "/api/user/loginBackground", "/api/user/inCorrectUserId"}; } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest httpServletRequest = (HttpServletRequest) request; HttpServletResponse httpServletResponse = (HttpServletResponse) response; //這里填寫你允許進行跨域的主機ip httpServletResponse.setHeader("Access-Control-Allow-Origin", "*"); //允許的訪問方法 httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, OPTIONS, DELETE, PATCH"); //Access-Control-Max-Age 用於 CORS 相關配置的緩存 httpServletResponse.setHeader("Access-Control-Max-Age", "3600"); httpServletResponse.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept"); String userId = request.getParameter("userId"); String token = request.getParameter("token"); //有token的 ` if (userId != null && token != null) { try { Integer id = Integer.parseInt(userId); if (baseUserService == null) baseUserService = SpringUtils.getBean("baseUserService", BaseUserService.class); int status = baseUserService.checkLogin(id, token); if (status == 1) { chain.doFilter(request, response); } else if (status == 0) { httpServletResponse.sendRedirect("/api/user/tokenError"); } else if (status == -2) { httpServletResponse.sendRedirect("/api/user/inCorrectUserId"); } else { httpServletResponse.sendRedirect("/api/user/noLogin"); } } catch (NumberFormatException exception) { httpServletResponse.sendRedirect("/api/user/inCorrectUserId"); } } else { String path = httpServletRequest.getServletPath(); if (excludePath(path)) { chain.doFilter(request, response); } else { httpServletRequest.getRequestDispatcher("/api/user/noLogin").forward(request, response); } } // ((HttpServletResponse) response).addHeader("Access-Control-Allow-Origin", "*"); // CorsFilter corsFilter=new CorsFilter(); } private boolean excludePath(String path) { for (int i = 0; i < excludePaths.length; i++) { if (path.equals(excludePaths[i])) return true; } return false; } @Override public void destroy() { System.out.println("destroy method"); } }
這種方法還適用於Servlet中,特別注意的是一定要在Filter動作之前加上這句話,也就是在代碼的最前面加上這個話。
2、基於WebMvcConfigurerAdapter配置加入Cors的跨域
import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.CorsRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; @Configuration public class CorsConfig extends WebMvcConfigurerAdapter { @Override public void addCorsMappings(CorsRegistry registry) { registry.addMapping("/**") .allowedOrigins("*") .allowCredentials(true) .allowedMethods("GET", "POST", "DELETE", "PUT") .maxAge(3600); } }
這里有個坑,Spring Boot以前的版本這樣設置可以用Filter,但是在1.3.7.RELEASE不能用,所以用第二種方式是萬能的。
參考:
http://blog.csdn.net/hanghangde/article/details/53946366(以上內容轉自此篇文章)