• java tomcat-catalina CorsFilter使用,apache tomcat-catalina CorsFilter使用

    java tomcat-catalina CorsFilter使用,apache tomcat-catalina CorsFilter使用

    ================================

    ©Copyright 蕃薯耀 2020-11-26

    https://www.cnblogs.com/fanshuyao/

    org.apache.catalina.filters.CorsFilter为apache tomcat-catalina)组件。

    一、官网地址

    http://tomcat.apache.org/tomcat-9.0-doc/config/filter.html

    二、Springboot使用cors-filter

    1、引入依赖

    <dependency>
    <groupId>org.apache.tomcat</groupId>
    <artifactId>tomcat-catalina</artifactId>
    <version>9.0.40</version>
    <exclusions>
    <exclusion>
        <groupId>org.apache.tomcat</groupId>
        <artifactId>*</artifactId>
    </exclusion>
    </exclusions>
</dependency>

    2、配置类

    import javax.servlet.Filter;

import org.apache.catalina.filters.CorsFilter;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

/**
 * apache CorsFilter过滤器配置类
 */
@Configuration
public class HttpFilterConfig {

    /**
     * apache提供的跨域访问过滤器:org.apache.catalina.filters.CorsFilter
     * @return
     */
    @Bean
    public FilterRegistrationBean<Filter> corsFilter() {
        FilterRegistrationBean<Filter> registration = new FilterRegistrationBean<>();
        
        registration.setFilter(new CorsFilter());//org.apache.catalina.filters.CorsFilter
        
        //这个要设置成true
        //Defaults: false
        registration.addInitParameter("cors.support.credentials", "true");
        
        //这个默认是不允许访问的,可直接设置成 *
        //Defaults: The empty String. (No origin is allowed to access the resource).
        registration.addInitParameter("cors.allowed.origins", "http://127.0.0.1:7010");
        
        //这个可直接不配置
        //Defaults: GET, POST, HEAD, OPTIONS
        //registration.addInitParameter("cors.allowed.methods", "GET,POST");
        
        //这个可直接不配置
        //Defaults: Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers
        //registration.addInitParameter("cors.allowed.headers", "*");
        
        //这个可直接不配置
        //Default: None
        //registration.addInitParameter("cors.exposed.headers", "");
        
        //这个可直接不配置
        //Defaults: 1800。3600表示一个小时
        //registration.addInitParameter("cors.preflight.maxage", "3600");
        
        //这个可直接不配置
        //A flag to control if the request should be decorated or not. Defaults: true
        //registration.addInitParameter("cors.request.decorate", "true");
        
        
        registration.setName("CORSFilter"); //过滤器名称
        registration.addUrlPatterns("/*");//过滤路径
        registration.setOrder(1);//设置顺序
        return registration;
    }    
}

    三、Spring Web应用使用cors-filter

    1、引入Jar包,放在项目的/WEB-INF/lib/目录下

    tomcat-catalina-9.0.40.jar

    下载地址:

    https://repo1.maven.org/maven2/org/apache/tomcat/tomcat-catalina/9.0.40/tomcat-catalina-9.0.40.jar

    2、在WEB-INF/web.xml配置过滤器

    <filter>
    <filter-name>CorsFilter</filter-name>
    <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>CorsFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

    四、参数说明

    cors.allowed.origins
    A list of origins that are allowed to access the resource. A * can be specified to enable access to resource from any origin. Otherwise, an allow list of comma separated origins can be provided. Eg: https://www.w3.org, https://www.apache.org. Defaults: The empty String. (No origin is allowed to access the resource).

    cors.allowed.methods
    A comma separated list of HTTP methods that can be used to access the resource, using cross-origin requests. These are the methods which will also be included as part of Access-Control-Allow-Methods header in pre-flight response. Eg: GET, POST. Defaults: GET, POST, HEAD, OPTIONS

    cors.allowed.headers
    A comma separated list of request headers that can be used when making an actual request. These headers will also be returned as part of Access-Control-Allow-Headers header in a pre-flight response. Eg: Origin,Accept. Defaults: Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers

    cors.exposed.headers
    A comma separated list of headers other than simple response headers that browsers are allowed to access. These are the headers which will also be included as part of Access-Control-Expose-Headers header in the pre-flight response. Eg: X-CUSTOM-HEADER-PING,X-CUSTOM-HEADER-PONG. Default: None. Non-simple headers are not exposed by default.

    cors.preflight.maxage
    The amount of seconds, browser is allowed to cache the result of the pre-flight request. This will be included as part of Access-Control-Max-Age header in the pre-flight response. A negative value will prevent CORS Filter from adding this response header to pre-flight response. Defaults: 1800

    cors.support.credentials
    A flag that indicates whether the resource supports user credentials. This flag is exposed as part of Access-Control-Allow-Credentials header in a pre-flight response. It helps browser determine whether or not an actual request can be made using credentials. Defaults: false

    cors.request.decorate
    A flag to control if CORS specific attributes should be added to HttpServletRequest object or not. Defaults: true

    参数配置示例(Xml):

    <filter>
  <filter-name>CorsFilter</filter-name>
  <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
  <init-param>
    <param-name>cors.allowed.origins</param-name>
    <param-value>https://www.apache.org</param-value>
  </init-param>
  <init-param>
    <param-name>cors.allowed.methods</param-name>
    <param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
  </init-param>
  <init-param>
    <param-name>cors.allowed.headers</param-name>
    <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
  </init-param>
  <init-param>
    <param-name>cors.exposed.headers</param-name>
    <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
  </init-param>
  <init-param>
    <param-name>cors.support.credentials</param-name>
    <param-value>true</param-value>
  </init-param>
  <init-param>
    <param-name>cors.preflight.maxage</param-name>
    <param-value>10</param-value>
  </init-param>
</filter>
<filter-mapping>
  <filter-name>CorsFilter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

    总结:cors跨域请求解决方案(建议采用方案1)

    1、springboot CORS 跨域请求解决三大方案,springboot CorsFilter解决跨域问题

    https://www.cnblogs.com/fanshuyao/p/14030944.html

    2、cors-filter使用,cors-filter解决跨域访问,cors-filter跨域请求

    https://www.cnblogs.com/fanshuyao/p/14036848.html

    3、org.ebaysf.web的cors-filter使用,cors-filter跨域请求

    https://www.cnblogs.com/fanshuyao/p/14042293.html

    4、java tomcat-catalina CorsFilter使用,apache tomcat-catalina CorsFilter使用

    https://www.cnblogs.com/fanshuyao/p/14042420.html

    5、springboot jsonp 跨域请求,springboot使用jsonp跨域

    https://www.cnblogs.com/fanshuyao/p/14034014.html

    ================================

    ©Copyright 蕃薯耀 2020-11-26

    https://www.cnblogs.com/fanshuyao/
  • 相关阅读:
    go 资料
    BW:如何加载和生成自定义的层次结构,在不使用平面文件的SAP业务信息仓库
    权限变量 --转载
    BW CUBE 数据的聚集和压缩
    BW基于ALE的主数据增量机制分析
    SAP-GR/IR的理解
    SDN论坛看到BW的问题及相关解答
    Step by step Process of creating APD
    处理链方式执行APD处理
    BW标准数据源初始化设置
  • 原文地址:https://www.cnblogs.com/fanshuyao/p/14042420.html
Copyright © 2020-2023  润新知