一、在config包(一般與Controller,service,pojo等同級)下創建CORSFilter繼承import org.apache.shiro.web.servlet.OncePerRequestFilter。這里面所有的放行不能用*必須得是具體的值,不然是無法跨域成功滴。
@Component @Configuration //解決Access-Control-Allow-Origin跨域問題 class CORSFilter extends OncePerRequestFilter { public void doFilterInternal(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletResponse response = (HttpServletResponse) res; HttpServletRequest request = (HttpServletRequest) req; response.setContentType("text/html;charset=UTF-8"); res.setContentType("text/html;charset=UTF-8"); response.setHeader("XDomainRequestAllowed","1");//不可以放在后面 //放行所有,類似*,這里的*完全無效 response.setHeader("Access-Control-Allow-Origin", request.getHeader("origin")); response.setHeader("Access-Control-Allow-Credentials", "true"); //允許請求方式 response.setHeader("Access-Control-Allow-Methods", "POST,PUT, GET, OPTIONS, DELETE"); response.setHeader("Access-Control-Max-Age", "3600"); //需要放行header頭部字段 如需鑒權字段,自行添加,如Authorization等 response.setHeader("Access-Control-Allow-Headers", "content-type,x-requested-with,Authorization," + "authorization,Origin,No-Cache,X-Requested-With,If-Modified-Since," + " Pragma, Last-Modified, Cache-Control,Expires, Content-Type, X-E4M-With,userId,token"); response.setCharacterEncoding("UTF-8"); response.setContentType("application/json"); //請求預檢放行--不能省 if ("OPTIONS".equals(request.getMethod())) { response.setStatus(HttpStatus.NO_CONTENT.value()); return ; } else { chain.doFilter(request, response); } } }
二、在shiro的配置類ShiroConfig(里面配置了放行哪些資源,訪問哪些需要什么權限等的配置類)里面添加如下代碼,不要忘記加注解@Bean
@Bean public FilterRegistrationBean replaceTokenFilter(){ FilterRegistrationBean registration = new FilterRegistrationBean(); registration.setDispatcherTypes(DispatcherType.REQUEST); registration.setFilter( new CORSFilter()); registration.addUrlPatterns("/*"); registration.setName("CrosFilter"); registration.setOrder(1); return registration; }
三、輸入網址測試,然后就可以看到正常跨域訪問接口了,如果跨域不成功的話頁面是一片空白報錯Access-Control-Allow-Origin或者Access-Control-Allow-Headers等信息
