最近使用ssm開發了一個項目,為了項目的開發速度,采用的是前后端同時開發,所以前端文件沒有集成在項目中,最后在調試時涉及到了跨域。跨域的解決方法很多,我采用的是最簡單的一種,代碼如下:
新建一個過濾器filter
package com.xxxx.xxxxx; import javax.servlet.*; import javax.servlet.http.HttpServletResponse; import java.io.IOException; public class SimpleCORSFilter implements Filter { @Override public void destroy() { } @Override public void doFilter(ServletRequest req, ServletResponse res,FilterChain chain) throws IOException, ServletException { HttpServletResponse response = (HttpServletResponse) res; response.setHeader("Access-Control-Allow-Origin", "*"); response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE"); response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader("Access-Control-Allow-Headers", "x-requested-with"); chain.doFilter(req, res); } @Override public void init(FilterConfig arg0) throws ServletException { } }
然后在xml中配置
<filter> <filter-name>cors</filter-name> <filter-class>com.ssm.web.filter.SimpleCORSFilter</filter-class> </filter> <filter-mapping> <filter-name>cors</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
2018.08.07更新
由於項目的升級,感覺以前的filter不滿足實際需求,故而進行擴展升級
filter
package com.xxx.xxx; import org.springframework.stereotype.Component; import javax.servlet.*; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; @Component public class CORSFilter implements Filter { // 存放跨域的白名單 private String[] permitUrl; @Override public void doFilter(ServletRequest req, ServletResponse res,FilterChain chain) throws IOException, ServletException { HttpServletResponse response = (HttpServletResponse) res; HttpServletRequest request = (HttpServletRequest) req; String myOrigin = request.getHeader("origin"); boolean isValid = false; for (String ip : permitUrl) { if (myOrigin != null && myOrigin.equals(ip)) { isValid = true; break; } } response.setContentType("textml;charset=UTF-8"); response.setHeader("Access-Control-Allow-Origin", isValid ? myOrigin : "null"); response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE"); response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader("Access-Control-Allow-Headers", "Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With,userId,token"); response.setHeader("Access-Control-Allow-Credentials", "true"); response.setHeader("P3P", "CP=\"NON DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa CONa HISa TELa OTPa OUR UNRa IND UNI COM NAV INT DEM CNT PRE LOC\""); response.setHeader("XDomainRequestAllowed", "1"); chain.doFilter(req, res); } // 初始化方法,這里的permitUrl是在web.xml中配置的 @Override public void init(FilterConfig filterConfig) throws ServletException { String urls = filterConfig.getInitParameter("permitUrl"); if (urls != null) { urls = urls.replaceAll("\\n", "").replaceAll("\\r", "").replaceAll("\\t", ""); } if (!"".equals(urls) && urls != null) { permitUrl = urls.split(","); } if (permitUrl != null) { for (int i = 0; i < permitUrl.length; i++) { permitUrl[i] = permitUrl[i].trim(); } } } // 銷毀方法 @Override public void destroy() { } }
web.xml中配置(這里的permitUrl中的value就是你項目允許的ip地址,不允許的將訪問不到)
<filter> <filter-name>cors</filter-name> <filter-class>com.xxx.xxx.CORSFilter</filter-class> <init-param> <param-name>permitUrl</param-name> <param-value> http://192.168.1.51:3000, http://192.168.1.51:8020, http://www.baidu.com:8084 </param-value> </init-param> </filter> <filter-mapping> <filter-name>cors</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>