比如,前端应用为静态站点且部署在http://web.xxx.com域下,后端应用发布REST API并部署在http://api.xxx.com域下,如何使用前端应用通过AJAX跨域访问后端应用呢?这需要使用到CORS技术来实现,这也是目前最好的解决方案了。
CORS全称为跨域资源共享,服务端只需添加相关响应头信息,即可实现客户端发出AJAX跨域请求。
CORS技术非常简单,易于实现,目前绝大多数浏览器均已支持该技术(IE8浏览器也支持了),服务端可通过任何编程语言来实现,只要能将CORS响应头写入响应对象中即可。
下面我们继续扩展REST框架,通过CORS技术实现AJAX跨域访问首先,我们需要编写一个过滤器,用于过滤所有的HTTP请求,并将CORS响应头写入响应对象中,代码如下:
import java.io.IOException;
import java.util.Arrays;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;
/**
* @author hWX585378
* @date 2018年8月21日
*/
public class CorsFilter implements Filter {
/** Log4j日志处理(@author: rico) */
private static final Logger log = Logger.getLogger(CorsFilter.class);
private String allowOrigin;
private String allowMethods;
private String allowCredentials;
private String allowHeaders;
private String exposeHeaders;
@Override
public void init(FilterConfig filterConfig) throws ServletException {
allowOrigin = filterConfig.getInitParameter("allowOrigin");
allowMethods = filterConfig.getInitParameter("allowMethods");
allowCredentials = filterConfig.getInitParameter("allowCredentials");
allowHeaders = filterConfig.getInitParameter("allowHeaders");
exposeHeaders = filterConfig.getInitParameter("exposeHeaders");
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
String currentOrigin = request.getHeader("Origin");
log.debug("currentOrigin : " + currentOrigin);
if (!StringUtils.isEmpty(allowOrigin)) {
List<String> allowOriginList = Arrays.asList(allowOrigin.split(","));
log.debug("allowOriginList : " + allowOrigin);
if (!CollectionUtils.isEmpty(allowOriginList)) {
if (allowOriginList.contains(currentOrigin)) {
response.setHeader("Access-Control-Allow-Origin", currentOrigin);
}
}
}
if (!StringUtils.isEmpty(allowMethods)) {
response.setHeader("Access-Control-Allow-Methods", allowMethods);
}
if (!StringUtils.isEmpty(allowCredentials)) {
response.setHeader("Access-Control-Allow-Credentials", allowCredentials);
}
if (!StringUtils.isEmpty(allowHeaders)) {
response.setHeader("Access-Control-Allow-Headers", allowHeaders);
}
if (!StringUtils.isEmpty(exposeHeaders)) {
response.setHeader("Access-Control-Expose-Headers", exposeHeaders);
}
chain.doFilter(req, res);
}
@Override
public void destroy() {
}
}
将拦截器添加到配置中区
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import com.huawei.filter.CorsFilter;
/**
* @author hWX585378
* @date 2018年8月21日
*/
@Configuration
public class WebConfig {
private static final String allowMethods = "GET,POST,PUT,DELETE,OPTIONS";
private static final String allowOrigin = "http://localhost:8080";
private static final String allowCredentials = "true";
private static final String allowHeaders = "Content-Type,X-Token";
@Bean
public FilterRegistrationBean loginFilterRegistrationBean() {
FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
filterRegistrationBean.setName("CorsFilter");
filterRegistrationBean.setFilter(new CorsFilter());
filterRegistrationBean.addInitParameter("allowMethods", allowMethods);
filterRegistrationBean.addInitParameter("allowOrigin", allowOrigin);
filterRegistrationBean.addInitParameter("allowCredentials", allowCredentials);
filterRegistrationBean.addInitParameter("allowHeaders", allowHeaders);
filterRegistrationBean.addUrlPatterns("/*");
filterRegistrationBean.setOrder(1);
return filterRegistrationBean;
}
}