shiro过滤器 springMvc过滤器(CorsFilter)的执行先后顺序![在这里插入图片描述](https://i-blog.csdnimg.cn/blog_migrate/1d3a8e06891f8a70ab8d5aa6dc0f9708.png)
所以在springMvc里面的跨域配置无效, 需要自定义一个过滤器优先级比shiro的过滤器更高
![在这里插入图片描述](https://i-blog.csdnimg.cn/blog_migrate/09bf819d96c472058973498d7d0d2c2b.png)
下面是跨域配置:
1.springMvc过滤器的跨域配置
@Configuration
public class CrossOriginConfig {
@Bean
public CorsFilter corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.addAllowedOrigin("*");
config.addAllowedHeader("*");
config.addAllowedMethod("*");
config.setMaxAge(3600L);
config.setAllowCredentials(true);
source.registerCorsConfiguration("/**", config);
return new CorsFilter(source);
}
}
2.自定义过滤器的配置
第一步:定义过滤器
public class MyCorsFilter implements Filter {
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
response.setHeader("Access-control-Allow-Origin", request.getHeader("Origin"));
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Headers", request.getHeader("Access-Control-Request-Headers"));
response.addHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE, PUT");
if ("OPTIONS".equals(request.getMethod())) {
response.setStatus(HttpStatus.NO_CONTENT.value());
return;
} else {
filterChain.doFilter(request, response);
}
}
}
第二步: 注册过滤器, 并设置优先级最高
@Configuration
public class FilterConfig{
@Bean
public FilterRegistrationBean replaceTokenFilter(){
FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setDispatcherTypes(DispatcherType.REQUEST);
registration.setFilter( new MyCorsFilter());
registration.addUrlPatterns("/*");
registration.setName("myCorsFilter ");
registration.setOrder(1);
return registration;
}
}