Interceptor拦截器方法一
import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.CorsRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; @Configuration public class Cors implements WebMvcConfigurer{ @Override public void addCorsMappings(CorsRegistry registry){ registry.addMapping("/**") .allowedOrigins("*") .allowedMethods("GET","POST","PUT","OPTIONS","DELETE","PATCH") .allowCredentials(true).maxAge(3600); } }
Interceptor拦截器方法二
@Component public class CorsFilter implements HandlerInterceptor{ public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object arg2) throws Exception { response.setHeader("Access-Control-Allow-Origin",request.getHeader("Origin"));//支持跨域请求 response.setHeader("Access-Control-Allow-Methods", "*"); response.setHeader("Access-Control-Allow-Credentials", "true");//是否支持cookie跨域 response.setHeader("Access-Control-Allow-Headers", "Authorization,Origin, X-Requested-With, Content-Type, Accept,Access-Token");//Origin, X-Requested-With, Content-Type, Accept,Access-Token return true; } } public class InterceptorConfig extends WebMvcConfigurationSupport{ @Autowired private CorsFilter filterConfig; registry.addInterceptor(filterConfig).addPathPatterns("/**"); }
使用拦截器实现跨域配置使用中的问题:拦截器从请求头获取token参数获取不到值
原因:权限拦截器在跨域处理之前执行了,导致跨域配置失效
解决方法:将跨域处理放到Filter过滤器中进行,因为过滤器在拦截器之前执行
filter跨域配置
public class CorsFilter implements Filter { private String encoding = "UTF-8";
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest)req; HttpServletResponse response = (HttpServletResponse) res; String originHeader = request.getHeader("Origin"); //request.setCharacterEncoding("GBK"); response.setHeader("Content-type", "text/html;charset=UTF-8"); response.setCharacterEncoding(encoding); response.setHeader("Access-Control-Allow-Origin", originHeader); response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE"); response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader("Access-Control-Allow-Headers", "Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With,userId,token,authorization"); response.setHeader("Access-Control-Allow-Credentials", "true"); response.setHeader("XDomainRequestAllowed","1"); response.setHeader("XDomainRequestAllowed","1"); //response.setHeader("Access-Control-Request-Headers","Authorization"); chain.doFilter(request, response); } public void init(FilterConfig arg0) throws ServletException { this.encoding = arg0.getInitParameter("Encoding"); } @Bean public FilterRegistrationBean registerWyfzHeaderFilter() { FilterRegistrationBean registration = new FilterRegistrationBean(); registration.setFilter(new CorsFilter()); registration.addUrlPatterns("/*"); registration.setName("CorsFilter"); registration.setOrder(1); return registration; } }
response.setHeader参数
|
response.setHeader的key
|
值
|
涵义
|
|
Content-type
|
text/html;charset=UTF-8
|
请求类型
|
|
Access-Control-Allow-Origin
|
*
|
指定可信任的域名来接受返回信息
|
|
Access-Control-Allow-Methods
|
POST, GET, OPTIONS, DELETE
|
指定请求的方法
|
|
Access-Control-Max-Age
|
3600
|
指定间隔多少秒后异步请求发起预检请求,0每次都发起
|
|
Access-Control-Allow-Headers
|
Content-Type, X-E4M-With,token
|
表示header里能够携带的参数,如果请求头中所带的参数没有设置的话request.getHeader就获取不到值
|
|
Access-Control-Allow-Credentials
|
true
|
允许用户携带认证凭据
|
|
XDomainRequestAllowed
|
1
|
ie8,ie9中的一种跨域手段
|