package com.miaoshaproject.filter;
import java.io.IOException;
import java.net.URL;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.env.Environment;
import org.springframework.stereotype.Component;
/**
* 跨域全局控制类
* @author wanlf
*/
@Component
public class WebCorsFiler implements Filter{
/**
* application.property
* #跨域设置
* access.control.allow-origins=dccnet.com.cn,icbc.com.cn
* access.control.max-age=3600
* access.control.allow-credentials=true
* access.control.allow-methods=GET,POST,PUT,DELETE,PATCH,OPTIONS
* access.control.allow-headers=Content-Type,Access-Token,XFLENAME,XFILESIZE,XFILECATEGORY,x-requestd-with,Authorization
*/
@Autowired
Environment env;
@Override
public void destroy() {
}
@Override
public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) arg0;
HttpServletResponse response = (HttpServletResponse) arg1;
String domain = env.getProperty("access.control.allow-origins", "xxx.com.cn,xxx.dccnet.com.cn");
String[] arrays = domain.split(",");
Set<String> allowOrigins = new HashSet<String>(Arrays.asList(arrays));
String requestUrl = request.getHeader("Origin");
String topDomain = getTopDomain(requestUrl);
if (allowOrigins.contains(topDomain)) {
// 允许哪些域名可以访问
response.addHeader("Access-control-Allow-Origin", requestUrl);
}
// 设置缓存时间,减少重复响应
response.addHeader("Access-Control-Max-age", env.getProperty("access.control.max-age", "3600"));
// 允许提交cookie
response.addHeader("Access-Control-Allow-Credentials",
env.getProperty("access.control.allow-credentials", "true"));
// 允许哪些方法可以访问
response.addHeader("Access-Control-Allow-Methods",
env.getProperty("access.control.allow-methods", "GET,POST,OPTIONS"));
// 设置允许的响应头
response.addHeader("Access-Control-Allow-Headers",
env.getProperty("access.control.allow-headers", "Content-Type,Access-Token"));
// 浏览器会先发一次options预检请求,如果通过,才会发送正式的请求
if (request.getMethod().equalsIgnoreCase("OPTIONS")) {
response.setStatus(HttpStatus.SC_OK); // org.apache.http.HttpStatus
response.getWriter().write("options is ok");
return;
}
arg2.doFilter(arg0, arg1);
}
/**
* 正则获取一级域名
* @param obj
* @return
*/
public static String getTopDomain(String obj) {
String result = null;
String re_top = "(\\w*\\.?){1}\\.(com.cn|net.cn|gov.vn|org\\.nz|org.cn|com|net|org|gov|cc|biz|info|cn|co)$";
if (StringUtils.isNotBlank(obj) && obj.indexOf("http") > -1) {
try {
URL url = new URL(obj);
Pattern p = Pattern.compile(re_top, Pattern.CASE_INSENSITIVE);
Matcher m = p.matcher(url.getHost());
if (m.find()) {
result = m.group();
}
} catch (Exception e) {
e.printStackTrace();
}
}
return result;
}
@Override
public void init(FilterConfig arg0) throws ServletException {
}
}
跨域全局控制类
最新推荐文章于 2022-07-07 14:51:57 发布