springmvc跨域配置:
<mvc:cors>
<mvc:mapping path="/**/**"
allowed-origins="http://127.0.0.1:8099"
allow-credentials="true"
allowed-headers="*"
max-age="1800"
allowed-methods="*"
/>
</mvc:cors>
注意:allow-credentials为true时,allowed-origins必须为具体域,而不是*;
shiro跨域配置:继承AuthenticatingFilter类,重写以下方法
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
//...你的逻辑
HttpServletResponse httpResponse = (HttpServletResponse) response;
httpResponse.setHeader("Access-Control-Allow-Credentials", "true");
httpResponse.setHeader("Access-Control-Allow-Origin", HttpContextUtils.getOrigin());
//...你的逻辑
}
@Override
protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response) {
HttpServletResponse httpResponse = (HttpServletResponse) response;
httpResponse.setContentType("application/json;charset=utf-8");
httpResponse.setHeader("Access-Control-Allow-Credentials", "true");
httpResponse.setHeader("Access-Control-Allow-Origin", HttpContextUtils.getOrigin());
//...你的逻辑
}
HttpContextUtils类
public class HttpContextUtils {
public static HttpServletRequest getHttpServletRequest() {
return ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
}
public static String getDomain(){
HttpServletRequest request = getHttpServletRequest();
StringBuffer url = request.getRequestURL();
return url.delete(url.length() - request.getRequestURI().length(), url.length()).toString();
}
public static String getOrigin(){
HttpServletRequest request = getHttpServletRequest();
return request.getHeader("Origin");
}
}
以上配置无误后,action方法便可跨域了,如果要使得静态资源可以访问,还需要将静态资源交由springmvc管理,默认是由tomcat等服务器管理的。配置如下:
<mvc:resources mapping="/静态资源映射路径/**" location="/静态资源所在路径/" />