Spring Boot 解决跨域问题
思考
- 在多模块的项目中,假如在某个模块中完成了系统的登录功能,并且将当前用户信息放到sessio中,但是别的模块请求接口的时候,发现当前的sessionId 不是登录时候的session,所以拿不到登录者的信息。这种问题可以通过多种方式解决。可以将用户登录信息放到浏览器的Cokkie或者storage中,前端请求接口的时候在头部带上用户信息,后端进行校验。
- 解决这个问题后端可以跨域相关配置
问题回放
- 登录模块已经登录了,可以请求接口查看session相关信息。
- session相关信息如下:在拦截器里面查看请求的session,请求Core模块(登录成功之后放用户信息到session中的操作在这个模块处理)的接口,请求core模块的接口如下:
core模块接口1session相关信息如图
core模块接口2session相关信息如图
对比发现session信息是相同的,当别的模块调用接口是请看session信息如下:发现session信息不一样,这时候当前的用户信息肯定就拿不到了,应为session对象都不是同一个对象了,那么现在配置跨域
浏览器接口信息
General
Request URL: http://127.0.0.1:8014/backtest/test1
Request Method: POST
Status Code: 200
Remote Address: 127.0.0.1:8014
Referrer Policy: no-referrer-when-downgrade
- 一个请求地址如上所示,若请求的协议 、域名 、 端口号均相同,那么就是同域,否则那么就是不同域了。
浏览器接口请求头信息
Request Headers
Accept: application/json, text/plain,*/* ;
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Connection: keep-alive
Content-Length: 0
Content-Type: application/x-www-form-urlencoded
Host: 127.0.0.1:8014 //接受请求的服务器地址
Origin: http://localhost:8081 //发送请求的源站点
Referer: http://localhost:8081/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
浏览器接口响应信息
Response Headers
Access-Control-Allow-Origin: * //表示服务器允许所有域的请求
Content-Type: application/json;charset=UTF-8 //客户端返回的类型
Date: Tue, 14 Jul 2020 12:36:41 GMT
Transfer-Encoding: chunked
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
SpringBoot 配置跨域方式一:注入CorsFilter
@Configuration
public class CorsConfig {
private static final Logger logger = LoggerFactory.getLogger(CorsConfig.class);
private CorsConfiguration buidConfig() {
CorsConfiguration corsConfiguration = new CorsConfiguration();
corsConfiguration.addAllowedOrigin("*"); //允许任何域名
corsConfiguration.addAllowedHeader("*"); //允许任何头
corsConfiguration.addAllowedMethod("*"); //允许任何方法
return corsConfiguration;
}
@Bean
public CorsFilter corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", buidConfig());
logger.info("===========配置跨域问题!");
return new CorsFilter(source);
}
}
SpringBoot 配置跨域方式二:过滤器
@Component
public class CorsFilter implements Filter {
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
HttpServletRequest reqs = (HttpServletRequest) req;
response.setHeader("Access-Control-Allow-Origin",reqs.getHeader("Origin"));
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "x-requested-with");
chain.doFilter(req, res);
}
public void init(FilterConfig filterConfig) {}
public void destroy() {}
}