上一篇文章中写了使用httpSessionId存储Websocket Session,下面在SpringBoot中在Contrller类获取前端请求的HttpSession,从而获得对应的websocket Session。
Controller类
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
@Controller
@RequestMapping("/api/v0")
public class MenuController {
@ResponseBody
@PostMapping("/test")
public ResponseEntity<Object> test(){
ServletRequestAttributes requestAttributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
if(requestAttributes != null){
HttpServletResponse response = requestAttributes.getResponse();
HttpServletRequest request = requestAttributes.getRequest();
HttpSession httpSession = request.getSession();
System.out.println("SessionId:"+httpSession.getId());
}
return new ResponseEntity<>(null, HttpStatus.OK);
}
}
在使用VUE+Springboot开发过程中,出现了一个SessionId不同的问题,导致获取到的sessionId无法找到对应的websocket Session。
这时候需要前后端进行一些配置。
前端封装axios文件中,对axios进行配置
axios.js
axios.defaults.withCredentials = true;//allowCredentials配置为true表示携带cookies信息,此时同一页面的httpsession不会改变
后端Springboot跨域配置
Webconfiguration.java
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpRequest;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import javax.servlet.ServletRequest;
@Configuration
public class WebConfiguration implements WebMvcConfigurer {
@Override
public void addCorsMappings(CorsRegistry registry){
registry.addMapping("/**")
.allowedOrigins("*")
.allowedMethods("GET","HEAD","POST","PUT","DELETE","OPTIONS")
.allowCredentials(true)//与前端保持一致
.maxAge(3600);
}
}
response设置
Filter.java
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@Component
public class Filter extends OncePerRequestFilter {
@Override
protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse,
FilterChain filterChain) throws ServletException, IOException {
httpServletResponse.addHeader("X-Frame-Options", "DENY");
httpServletResponse.addHeader("Cache-Control", "no-cache, no-store, must-revalidate, max-age=0");
httpServletResponse.addHeader("Cache-Control", "no-cache='set-cookie'");
httpServletResponse.addHeader("Pragma", "no-cache");
httpServletResponse.setHeader("Access-Control-Allow-Origin",httpServletRequest.getHeader("origin"));//allowCredentials配置为true时,不能配置为“*”
httpServletResponse.setHeader("Access-Control-Allow-Credentials","true");
httpServletResponse.setHeader("Access-Control-Allow-Methods","OPTIONS,GET,PUT,POST,DELETE");
httpServletResponse.setHeader("Access-Control-Allow-Max-Age","3600");
filterChain.doFilter(httpServletRequest, httpServletResponse);
}
}