曾经开发人脸识别的token的批量服务的时候遇到了跨域问题,当时也不之所以然,毕竟前后端分离的架构,遇到资源来自不同的域是在所难免的,但是前端提出了这个问题之后,查找了之前的解决方案使用了
WebMvcConfigurerAdapter来解决的,具体的使用如下,只需要在controller层添加上就可以,这里代表的意思是CorsRegistry 支持任意的路径任意方法的跨域访问
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
@Configuration
public class CustomCorsConfigurationService extends WebMvcConfigurerAdapter {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**").allowedOrigins("*").allowedMethods("*").allowCredentials(true);
}
}
然后查看了WebMvcConfigurerAdapter的源码了解关于跨域的这个方法addCorsMappings(CorsRegistry registry)的实现,就一个空方法
/**
* {@inheritDoc}
* <p>This implementation is empty.
*/
@Override
public void addCorsMappings(CorsRegistry registry) {
}
然后查找了CrosRegistry的定义代码
/*
* Copyright 2002-2017 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.web.servlet.config.annotation;
import java.util.ArrayList;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import org.springframework.web.cors.CorsConfiguration;
/**
* {@code CorsRegistry} assists with the registration of {@link CorsConfiguration}
* mapped to a path pattern.
*
* @author Sebastien Deleuze
* @since 4.2
* @see CorsRegistration
*/
public class CorsRegistry {
private final List<CorsRegistration> registrations = new ArrayList<CorsRegistration>();
/**
* Enable cross-origin request handling for the specified path pattern.
* <p>Exact path mapping URIs (such as {@code "/admin"}) are supported as
* well as Ant-style path patterns (such as {@code "/admin/**"}).
* <p>By default, all origins, all headers, credentials and {@code GET},
* {@code HEAD}, and {@code POST} methods are allowed, and the max age
* is set to 30 minutes.
* @param pathPattern the path pattern to enable CORS handling for
* @return CorsRegistration the corresponding registration object,
* allowing for further fine-tuning
*/
public CorsRegistration addMapping(String pathPattern) {
CorsRegistration registration = new CorsRegistration(pathPattern);
this.registrations.add(registration);
return registration;
}
/**
* Return the registered {@link CorsConfiguration} objects,
* keyed by path pattern.
*/
protected Map<String, CorsConfiguration> getCorsConfigurations() {
Map<String, CorsConfiguration> configs = new LinkedHashMap<String, CorsConfiguration>(this.registrations.size());
for (CorsRegistration registration : this.registrations) {
configs.put(registration.getPathPattern(), registration.getCorsConfiguration());
}
return configs;
}
}
从CorsRegistry看到核心逻辑来自CorsRegistration的定义,注意注释的代码
// Same implicit default values as the @CrossOrigin annotation + allows simple methods
如果不写这个自定义的CrosRegistry也可以通过注解@CrossOrigin来实现
/**
* Create a new {@link CorsRegistration} that allows all origins, headers, and
* credentials for {@code GET}, {@code HEAD}, and {@code POST} requests with
* max age set to 1800 seconds (30 minutes) for the specified path.
* @param pathPattern the path that the CORS configuration should apply to;
* exact path mapping URIs (such as {@code "/admin"}) are supported as well
* as Ant-style path patterns (such as {@code "/admin/**"}).
*/
public CorsRegistration(String pathPattern) {
this.pathPattern = pathPattern;
// Same implicit default values as the @CrossOrigin annotation + allows simple methods
this.config = new CorsConfiguration().applyPermitDefaultValues();
}