今天做一个登录验证,发现页面ajax中传入了token,但是spring boot 拦截验证中就是拿不到,然后再百度上找到的答案和我写都一样就是不行,经过几个小时的努力,终于让我弄出来了,记录一下;
有问题留言,我看到会回复你;
1. 配置文件中增加:dispatch-options-request
2.使用WebMvcConfigurer配置跨域,拦截器,静态路径转发;
根据需要自行删减,token验证的话不能删除拦截器,前后端分离的情况下跨域不能删除;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
/**
* Created By: hdx
* Date: 2021-04-07 16:53
*/
@Configuration
public class ResourceConfig implements WebMvcConfigurer {
@Value("${pathconfig.savepath}")
private String savePath;
// 静态路径转发
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
//可以访问localhost:8095/static/images/image.jpg
registry.addResourceHandler("/file/**").addResourceLocations("file:"+savePath);
registry.addResourceHandler("/static/**").addResourceLocations("classpath:/static/");
}
/**
* 跨域配置
**/
@Override
public void addCorsMappings(CorsRegistry registry) {
//设置允许跨域的路径
registry.addMapping("/**")
//设置允许跨域请求的域名
.allowedOrigins("*")
.allowedHeaders("*")
//如果它不设置预期的请求头部参数key值的话,ajax请求头部就没办法正确解析,也就是token解析不出来
.exposedHeaders("token")
// .allowCredentials(true)//是否允许证书 不再默认开启
//设置允许的方法
.allowedMethods("GET", "POST", "PUT", "DELETE");
// .maxAge(3600);//跨域允许时间
}
//拦截器配置
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new AccessInterceptor())
.addPathPatterns("/**");
}
}
3. 拦截器配置
登录我用的插件sa-token;
import cn.dev33.satoken.stp.StpUtil;
import com.ajr.alllink.util.ResponseMessage;
import com.ajr.alllink.util.ResponseMsgEnum;
import com.ajr.alllink.util.Result;
import com.alibaba.fastjson.JSONObject;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.HandlerInterceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
/**
* Created By: hdx
* Date: 2021-04-19 14:24
*/
@Configuration
public class AccessInterceptor implements HandlerInterceptor {
private final static String ignoreAuthUrls = "/sys/login";
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, PATCH, DELETE, OPTIONS");
response.setHeader("Access-Control-Max-Age", "86400");
response.setHeader("Access-Control-Allow-Headers", "token");
// 获取当前请求路径
String path = request.getServletPath();
// 不需要验证token的url 判断
if(ignoreAuthUrls.equals(path)){
return true;
}
// 如果不适用sa-token做登录,请使用request.getHeader("Authorization") 自行验证
Boolean boo = StpUtil.isLogin();
// String token = request.getHeader("token");
System.out.println("全局拦截器 是否登录: "+boo);
// 未登录
if(!boo){
ResponseMessage error = Result.error(ResponseMsgEnum.TOKEN_ERROR.getCode());
String json = JSONObject.toJSONString(error);
PrintWriter out = null;
try {
out = response.getWriter();
out.append(json);
System.out.println("全局拦截器 返回数据: "+json);
} catch (IOException e) {
e.printStackTrace();
} finally {
if (out != null) {
out.close();
}
}
return false;
}
return true;
}
}
配置完上面3步应该可以获取到前端传的token了;
ajax传输token;
我改了jquery-1.10.2.js的源码文件中增加了下面一行:
jQuery.ajax的方法中增加:jqXHR.setRequestHeader(_c_cname, getCookieUserId());
js文件太大不粘贴了;在js文件中搜索 jQuery.ajax找到这个方法的最下边加入jqXHR.setRequestHeader(_c_cname, getCookieUserId())就行;