1.配置
web.xml过滤器配置:
<filter>
<filter-name>cors</filter-name>
<filter-class>com.ks.tow.common.filter.CORSFilter</filter-class>
<init-param>
<param-name>allows</param-name>
<param-value><!-- 被允许的域,可多个域','逗号隔开 -->
http://192.168.0.156:8080
</param-value>
</init-param>
</filter>
2.java代码
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Arrays;
import java.util.List;
/**
* 跨域请求CORS过滤器.
*
* @author LIU
*
*/
public class CORSFilter implements Filter {
private List<String> allowList;
@Override
public void init(FilterConfig filterConfig) throws ServletException {
String allows = filterConfig.getInitParameter("allows");
String[] strs = allows.split(",");
this.allowList = Arrays.asList(strs);
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
if (request instanceof HttpServletRequest && response instanceof HttpServletResponse) {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
String reqHeaders = req.getHeader("Access-Control-Request-Headers");
String originHeader = req.getHeader("Origin");
if (allowList.contains(originHeader)) {
resp.setHeader("Access-Control-Allow-Origin", originHeader);
resp.setHeader("Access-Control-Allow-Methods", "GET, POST, HEAD, TRACE, PUT, DELETE, OPTIONS, CONNECT");
if (StringUtils.isBlank(reqHeaders)) {
resp.setHeader("Access-Control-Allow-Headers", "Content-Type, x_requested_with, *");
} else {
resp.setHeader("Access-Control-Allow-Headers", reqHeaders);
}
resp.setHeader("Access-Control-Max-Age", "30");
resp.setHeader("Access-Control-Allow-Credentials", "true");
// Access-Control-Allow-Credentials = true时,参数Access-Control-Allow-Origin 的值不能为 '*'
}
if ("OPTIONS".equals(req.getMethod()))
return;
}
chain.doFilter(request, response);
}
@Override
public void destroy() {
}
}