import java.io.IOException;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import net.trueland.seal.constant.Constant;
import net.trueland.seal.enums.RequestMethodEnum;
/**
* 跨域过滤器
*/
public class CorsFilter implements Filter {
public static final Logger logger = LoggerFactory.getLogger(CorsFilter.class);
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
logger.info("filter cors begin -------------------------------------------------");
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
// 获取客户端域名 和 携带的请求头
String origin = request.getHeader(Constant.ORIGIN);
String requestHeaders = request.getHeader(Constant.ACCESS_CONTROL_REQUEST_HEADERS);
// 设置响应头
response.addHeader(Constant.ACCESS_CONTROL_ALLOW_ORIGIN,origin);
response.addHeader(Constant.ACCESS_CONTROL_ALLOW_CREDENTIALS,"true");
response.addHeader(Constant.ACCESS_CONTROL_ALLOW_METHODS,"POST,GET,PUT,DELETE,OPTIONS");
response.addHeader(Constant.ACCESS_CONTROL_ALLOW_HEADERS,requestHeaders);
// 设置预检请求的缓存时长,单位“秒”
response.addHeader(Constant.Access_Control_Max_Age,"7200");
// 204: 响应成功,但不会响应任何数据
if (request.getMethod().equalsIgnoreCase(RequestMethodEnum.OPTIONS.getMessage())){
response.getWriter().print(StringUtils.EMPTY);
response.setStatus(204);
}
// 放行
filterChain.doFilter(servletRequest,servletResponse);
logger.info("filter cors end -------------------------------------------------");
}
@Override
public void destroy() {
}
}
其中常量
public static final String ORIGIN = "Origin";
public static final String ACCESS_CONTROL_REQUEST_HEADERS = "Access-Control-Request-Headers";
public static final String ACCESS_CONTROL_ALLOW_ORIGIN = "Access-Control-Allow-Origin";
public static final String ACCESS_CONTROL_ALLOW_CREDENTIALS = "Access-Control-Allow-Credentials";
public static final String ACCESS_CONTROL_ALLOW_METHODS = "Access-Control-Allow-Methods";
public static final String ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers";
public static final String Access_Control_Max_Age = "Access-Control-Max-Age";