一、security的跨域解决方案
@Component
public class WebSecurityCorsFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException, IOException {
HttpServletResponse res = (HttpServletResponse) response;
res.setHeader("Access-Control-Allow-Origin", "*");
res.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE, PUT");
res.setHeader("Access-Control-Max-Age", "3600");
res.setHeader("Access-Control-Allow-Headers", "Authorization, Content-Type, Accept, x-requested-with, Cache-Control");
//浏览器会有个预请求("OPTIONS"),请求通过才会发送get/post请求,所以直接放行
HttpServletRequest req = (HttpServletRequest) request;
if (req.getMethod().equals("OPTIONS")){
res.setStatus(HttpServletResponse.SC_OK);
return;
}
try {
chain.doFilter(request, res);
} catch (IOException e) {
e.printStackTrace();
}
}
@Override
public void destroy() {
}
}
二、在配置类中添加跨域配置
/**
* 重写跨域映射配置(全局)
* @param registry
*/
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOrigins("http://192.168.1.5:8080")
.allowedHeaders("Access-Control-Allow-Origin")
.allowedMethods("PUT","GET","POST","DELETE")
.allowCredentials(true)
.maxAge(3600);
}
三、在security配置类中配置跨域
/**
* 解决前后端使用security跨域问题
* @return
*/
CorsConfigurationSource configurationSource() {
CorsConfiguration corsConfiguration = new CorsConfiguration();
corsConfiguration.addAllowedHeader("*");
corsConfiguration.addAllowedMethod("*");
corsConfiguration.addAllowedOrigin("*");
//corsConfiguration.setAllowCredentials(true);//前后端分离项目需要携带cookie时,需要此句,但加上之后origin里就不能为"*"
corsConfiguration.setMaxAge(3600L);
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**",corsConfiguration);
return source;
}
四、在每个控制器类中添加@CrossOrigin注解