現在很多開發的 API 都支持 ajax 直接請求,這樣就會導致跨域的問題,解決跨域的問題一方面可以從前端,另一方面就是服務器端。
一、Controller類名上方添加@CrossOrigin 注解通過此方式注解則Controller中的所有通過@RequestMapping注解的方法都可以進行跨域請求。 代碼如下:
@CrossOrigin() @RequestMapping("/demoController") @Controller public class DemoController { @Autowired IDemoService demoService; @RequestMapping(value = "/test", method = RequestMethod.POST) @ResponseBody public ResultModel test(HttpServletRequest request) throws Exception { return “right”; } }
二、讓所有的controller類繼承自定義的BaseController類,該類中將對返回的頭部做些特殊處理。
public abstract class BaseController { /** * description:send the ajax response back to the client side * @param responseObj * @param response */ protected void writeAjaxJSONResponse(Object responseObj, HttpServletResponse response) { response.setCharacterEncoding("UTF-8"); response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1 response.setHeader("Pragma", "no-cache"); // HTTP 1.0 /** * for ajax-cross-domain request TODO get the ip address from * configration(ajax-cross-domain.properties) */ response.setHeader("Access-Control-Allow-Origin", "*"); response.setDateHeader("Expires", 0); // Proxies. PrintWriter writer = getWriter(response); writeAjaxJSONResponse(responseObj, writer); } /** * * @param response * @return */ protected PrintWriter getWriter(HttpServletResponse response) { if(null == response){ return null; } PrintWriter writer = null; try { writer = response.getWriter(); } catch (IOException e) { logger.error("unknow exception", e); } return writer; } /** * description:send the ajax response back to the client side. * * @param responseObj * @param writer * @param writer */ protected void writeAjaxJSONResponse(Object responseObj, PrintWriter writer) { if (writer == null || responseObj == null) { return; } try { writer.write(JSON.toJSONString(responseObj,SerializerFeature.DisableCircularReferenceDetect)); } finally { writer.flush(); writer.close(); } } } 接下來就是我們自己業務的 controller 了,其中主要是要調用 writeAjaxJSONResponse(result, response); 這個方法 @Controller @RequestMapping(value = "/account") public class AccountController extends BaseController { @RequestMapping(value = "/add", method = RequestMethod.POST) public void addAccount(HttpSession session,HttpServletRequest request,HttpServletResponse response){ ViewerResult result = new ViewerResult(); //實現自己業務邏輯代碼 writeAjaxJSONResponse(result, response); } } 好了,這種簡單的方式就實現了。
三、Filter,我們在寫springMVC的時候,更喜歡的方式是通過@ResponseBody給返回對象進行封裝直接返回給前端,這樣簡單而且容易。 如果使用@ResponseBody就不能使用第一種方法了,所有就使用filter給所有的請求都封裝一下跨域,接下來直接實現代碼:
import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletResponse; public class HeadersCORSFilter implements Filter { @Override public void init(FilterConfig filterConfig) throws ServletException { // TODO Auto-generated method stub } @Override public void doFilter(ServletRequest request, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException { HttpServletResponse response = (HttpServletResponse) servletResponse; response.setHeader("Access-Control-Allow-Origin", "*"); response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE"); response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader("Access-Control-Allow-Headers", "x-requested-with,Authorization"); response.setHeader("Access-Control-Allow-Credentials","true"); chain.doFilter(request, servletResponse); } @Override public void destroy() { // TODO Auto-generated method stub } } 好了,filter 實現了,然后就是要在 web.xml 里面把這個 filter 運用起來了。 打開項目的 web.xml,填寫下面的幾行代碼: cors xxx.xxxx.xxxxx.xxxx.HeadersCORSFilter cors /open/* 好了,通過上面的3種方式,可以解決百分之80的跨域問題,也許還有更好的解決方案,可以提出來大家一起學習學習。 最好的方案是最符合當前需求且易於擴展的。