1.jsonp方案(后台这么写 前台ajax请求 记得带上jsonp 和callback)
public MappingJacksonValue login(String callback,String user,String pwd,HttpServletRequest request,HttpServletResponse response,HttpSession session) {
System.out.println("222");
System.out.println("username:"+user+"password:"+pwd);
if("admin".equals(user)&&"123".equals(pwd)){
MappingJacksonValue mv=new MappingJacksonValue("ok");
mv.setJsonpFunction(callback); //callback 是接应前台跨域请求的一个暗号
return mv;
}else {
MappingJacksonValue mv=new MappingJacksonValue("ko");
mv.setJsonpFunction(callback);
return mv;
}
}
2.filter 解决
package com.bj.base.webapp.web.controller;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
public class CORSFilter implements Filter{
@Override
public void destroy() {
// TODO Auto-generated method stub
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
// TODO Auto-generated method stub
HttpServletResponse httpResponse = (HttpServletResponse) response;
httpResponse.setHeader("Access-Control-Allow-Origin","*");
httpResponse.setHeader("Access-Control-Allow-Methods","POST,GET,OPTIONS,DELETE");
httpResponse.setHeader("Access-Control-Max-Age","3600");
httpResponse.setHeader("Access-Control-Allow-Headers","Origin, X-Requested-With, Content-Type, Accept");
httpResponse.setHeader("","");
httpResponse.setHeader("","");
chain.doFilter(request, httpResponse);
}
此时,option请求被CrossFilter过滤器接入并赋予跨域响应头,同时也进入FrameworkServlet中的doOption方法。查看浏览器控制台,发现option请求返回支持跨域信息,后续的post请求进入controller。
httpServletResponse.setHeader("Access-Control-Allow-Origin","*");
httpServletResponse.setHeader("Access-Control-Allow-Methods","POST");
httpServletResponse.setHeader("Access-Control-Allow-Headers","Access-Control");
httpServletResponse.setHeader("Allow","POST");
Access-Control-Allow-Origin:| * // 授权的源控制
Access-Control-Max-Age:// 授权的时间
Access-Control-Allow-Credentials: true | false // 控制是否开启与Ajax的Cookie提交方式
Access-Control-Allow-Methods:[,]* // 允许请求的HTTP Method
Access-Control-Allow-Headers:[,]* // 控制哪些header能发送真正的请求
@Overridepublic void init(FilterConfig arg0) throws ServletException {
// TODO Auto-generated method stub
}
}
再在web.xml 配置
<filter>
<filter-name>CORSFilter</filter-name>
<filter-class>com.bjavc.base.webapp.web.controller.CORSFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CORSFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
这样就可以了
3.注解
http://blog.csdn.net/aeroleo/article/details/52944261
HTTP访问控制(CORS) :https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Access_control_CORS
https://blog.csdn.net/thc1987/article/details/54571305