说明
- 资源请求的发起方与请求的资源不在同一个域中的;
- 一般的,只要网站的【协议名protocol】、【主机host】、【端口号port】这三个中的任意一个不同,网站间的数据请求与传输便构成了跨域调用;
- 跨域请求能够达到服务端,但是返回结果会被浏览器拦截;
方法一、@CrossOrigin
spring boot中只用在Controller类上添加一个“@CrossOrigin“注解就可以实现对当前controller 的跨域 访问了,当然这个标签也可以加到方法上。
其他controller类继承以上这个类就可以解决跨域问题。
注意:“@CrossOrigin“注解要求jdk1.8以上版本
@CrossOrigin
public class CommonController {
}
方法二、采用添加拦截器的方法
package com.autonavi.acis.system.conf;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@Configuration
public class WebConfig extends WebMvcConfigurerAdapter {
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
//添加静态资源
registry.addResourceHandler("/js/**").addResourceLocations("classpath:/public/js/");
registry.addResourceHandler("/css/**").addResourceLocations("classpath:/public/css/");
registry.addResourceHandler("/fonts/**").addResourceLocations("classpath:/public/fonts/");
registry.addResourceHandler("/favicon.ico").addResourceLocations("classpath:/static/favicon.ico");
}
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new HandlerInterceptor() {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
//允许所有请求
response.addHeader("Access-Control-Allow-Origin", "*");
response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
response.addHeader("Access-Control-Allow-Headers",
"Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,token");
return true;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler,
Exception ex) throws Exception {
}
});
}
@Override
public void addCorsMappings(CorsRegistry registry) {
//显式配置路径
registry.addMapping("/public/api/ajxSelf/project/appVersions/*");
}
}
新版替换类
Spring 5.0后,WebMvcConfigurerAdapter被废弃,取代的方法有两种:
①implements WebMvcConfigurer(官方推荐)
②extends WebMvcConfigurationSupport
使用第一种方法是实现了一个接口,可以任意实现里面的方法,不会影响到Spring Boot自身的@EnableAutoConfiguration,而使用第二种方法相当于覆盖了@EnableAutoConfiguration里的所有方法,每个方法都需要重写,比如,若不实现方法addResourceHandlers(),则会导致静态资源无法访问,实现的方法如下:
@Override
protected void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/**")
.addResourceLocations("classpath:/META-INF/resources/")
.addResourceLocations("classpath:/resources/")
.addResourceLocations("classpath:/static/")
.addResourceLocations("classpath:/public/");
super.addResourceHandlers(registry);
}
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/public/api/ajxSelf/project/appVersions/*");
}
方法三、filter处理器
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.annotation.WebFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@WebFilter(filterName = "OriginFilter", urlPatterns = "*")
public class OriginFilter implements Filter {
private final Logger logger= LoggerFactory.getLogger(this.getClass());
@Override
public void destroy() {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
// * 表示允许所有请求
httpServletResponse.setHeader("Access-Control-Allow-Origin", "*");
httpServletResponse.setHeader("Access-Control-Allow-Methods", "OPTIONS,GET,POST,DELETE,PUT");
httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
//httpServletResponse.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, content-Type, Accept,X-Requested-With, WG-App-Version, WG-Device-Id, WG-Network-Type, WG-Vendor, WG-OS-Type, WG-OS-Version, WG-Device-Model, WG-CPU, WG-Sid, WG-App-Id, WG-Token");
httpServletResponse.setHeader("Access-Control-Allow-Headers", "X-Requested-With,content-type");
chain.doFilter(request, httpServletResponse);
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
logger.info("----------------过滤器正在启动-----------------");
}
}