一、如果項目中使用的SpringMVC4.3.9以下,就需要對該請求配置Filter,設置請求頭可支持跨域。使用方法:
--spring cloud zuul支持跨域---:https://blog.csdn.net/XinTeng2012/article/details/84938872
1、web.xml配置
<!-- 跨域問題解決 --> <filter> <filter-name>header</filter-name> <filter-class>com.foriseland.fsoa.pay.filter.HeaderFilter</filter-class> </filter> <filter-mapping> <filter-name>header</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
2、編寫Filter攔截請求,添加跨域請求支持
import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; /** * 頭部過濾器 * @author */ public class HeaderFilter implements Filter{ public void destroy() { } public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest)req; HttpServletResponse response = (HttpServletResponse) res; String originHeader = request.getHeader("Origin"); response.setHeader("Access-Control-Allow-Origin", originHeader); response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE"); response.setHeader("Access-Control-Max-Age", "0"); response.setHeader("Access-Control-Allow-Headers", "Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With,userId,token"); response.setHeader("Access-Control-Allow-Credentials", "true"); response.setHeader("XDomainRequestAllowed","1"); chain.doFilter(request, response); } public void init(FilterConfig arg0) throws ServletException { } }
二、如果項目中使用的SpringMVC4.x以上,那就簡單了,從SpringMVC4.x開始,就增加了支持跨域訪問。使用方法:
1、某個方法支持跨域訪問
在方法上增加@CrossOrigin注解,如下:
@CrossOrigin(origins = "http://domain2.com", maxAge = 3600) @RestController @RequestMapping("/account") public class AccountController { @GetMapping("/{id}") public Account retrieve(@PathVariable Long id) { // ... } @DeleteMapping("/{id}") public void remove(@PathVariable Long id) { // ... } }
其中@CrossOrigin中的2個參數:
origins : 允許可訪問的域列表
List of allowed origins, e.g. "http://domain1.com". These values are placed in the Access-Control-Allow-Origin header of both the pre-flight response and the actual response. "*" means that all origins are allowed. If undefined, all origins are allowed.
maxAge:准備響應前的緩存持續的最大時間(以秒為單位)。。
The maximum age (in seconds) of the cache duration for pre-flight responses. This property controls the value of the Access-Control-Max-Age header in the pre-flight response. Setting this to a reasonable value can reduce the number of pre-flight request/response interactions required by the browser. A negative value means undefined. If undefined, max age is set to 1800 seconds (i.e., 30 minutes).
2、整個Controller都支持跨域訪問,在類上面加上注解@CrossOrigin,如下:
@Controller @CrossOrigin public class TestController { …… …… }
3、自定義規則支持全局跨域訪問,在spring-mvc.xml文件中配置映射路徑,如下:
<mvc:cors>
<mvc:mapping path="/cross/*"/>
</mvc:cors>
如果整個項目所有方法都可以訪問,則可以這樣配置
<mvc:cors>
<mvc:mapping path="/**"/>
</mvc:cors>
其中* 表示匹配到下一層
** 表示后面不管有多少層,都能匹配。
上面表示有/cross/路徑的請求都支持跨域訪問,也可以增加其它的,如下:
<mvc:cors>
<mvc:mapping path="/cross/**" allowed-origins="" max-age="2500"/>
<mvc:mapping path="/domain/**"/>
</mvc:cors>
請求路徑有/cross/,方法示例如下:
@RequestMapping("/cross/crossDomain")
@ResponseBody
public String crossDomain(HttpServletRequest req, HttpServletResponse res, String name){
……
……
}