![](https://img-blog.csdnimg.cn/img_convert/38caee41e2861d3a506bd734b1090f95.png)
这是报跨域问题:前端VSCode 访问地址:127.0.0.1:5500,后端使用的IDEA:192.168.1.111:8081
![](https://img-blog.csdnimg.cn/img_convert/2d892e5c085f226e84f38f9a37d606e6.png)
关于跨域问题这里不多讲,因为我也不是特别懂,各位可以去搜下资料,下面是解决办法
shiro使用cookie + session来进行权限认证,cookie的加入,就会使得简单请求变为复杂请求,从而导致跨域失败
第一步:
shiro是基于过滤器的,所以我们这里继承Filter ,进行跨域处理
import lombok.extern.slf4j.Slf4j;
import org.springframework.stereotype.Component;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@Component
@Slf4j
public class CORSFilter implements Filter {
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain){
HttpServletResponse response = (HttpServletResponse) res;
HttpServletRequest request = (HttpServletRequest) req;
//放行所有,类似*,这里*无效
response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
response.setHeader("Access-Control-Allow-Credentials", "true");
//允许请求方式
response.setHeader("Access-Control-Allow-Methods", "POST,PUT, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
//需要放行header头部字段 如需鉴权字段,自行添加,如Authorization
response.setHeader("Access-Control-Allow-Headers", "content-type,x-requested-with,token,Authorization,authorization");
try {
chain.doFilter(request, response);
} catch (Exception e) {
log.error("CORS过滤器放行异常:",e);
}
}
public void init(FilterConfig filterConfig) {
}
public void destroy() {
}
}
第二步:
import org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.RequestMethod;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class AuthenticationFilter extends BasicHttpAuthenticationFilter {
@Override
protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception {
HttpServletResponse httpResponse = (HttpServletResponse) response;
HttpServletRequest httpRequest = (HttpServletRequest) request;
//无条件放行OPTIONS
if (httpRequest.getMethod().equals(RequestMethod.OPTIONS.name())) {
setHeader(httpRequest, httpResponse);
return true;
}
return super.preHandle(request, response);
}
/**
* 为response设置header,实现跨域
*/
private void setHeader(HttpServletRequest request, HttpServletResponse response) {
response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods","POST,PUT,GET,OPTIONS,DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "content-type,x-requested-with,token,Authorization,authorization");
response.setHeader("Content-Type", "application/json;charset=UTF-8");
response.setStatus(HttpStatus.OK.value());
}
}
最后一步很重要:
/*shiro cross-domain*/
Map<String, Filter> filters = shiroFilterFactoryBean.getFilters();
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
filters.put("authc", new AuthenticationFilter());
shiroFilterFactoryBean.setFilters(filters);
这样就可以了
关于401问题:Failed to load resource: the server responded with a status of 401 ()
![](https://img-blog.csdnimg.cn/img_convert/6754a959c37e4a7d9fab62cb3e8438ce.png)
大概就是没有权限,shiro要使用cookie;
在js里面添加如下代码:
// 在每个Ajax请求之前设置Cookie请求头
$.ajaxSetup({
xhrFields: {
withCredentials: true
}
});
上面的代码可以自己封装一个js用于公共的js,使用的时候在每个需要的页面引用就可以了
![](https://img-blog.csdnimg.cn/img_convert/f939829d47c731e3106442f302f501b4.png)