zoukankan      html  css  js  c++  java
  • Interceptor拦截器和Filter过滤器解决后台跨域问题

    Interceptor拦截器方法一

    import org.springframework.context.annotation.Configuration;
    import org.springframework.web.servlet.config.annotation.CorsRegistry;
    import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
    
    @Configuration
    public class Cors implements WebMvcConfigurer{
    
        @Override
        public void addCorsMappings(CorsRegistry registry){
            registry.addMapping("/**")
                    .allowedOrigins("*")
                    .allowedMethods("GET","POST","PUT","OPTIONS","DELETE","PATCH")
                    .allowCredentials(true).maxAge(3600);
        }
    
    }

    Interceptor拦截器方法二

    @Component
    public class CorsFilter implements HandlerInterceptor{
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object arg2) throws Exception {
            response.setHeader("Access-Control-Allow-Origin",request.getHeader("Origin"));//支持跨域请求
            response.setHeader("Access-Control-Allow-Methods", "*");
            response.setHeader("Access-Control-Allow-Credentials", "true");//是否支持cookie跨域
            response.setHeader("Access-Control-Allow-Headers", "Authorization,Origin, X-Requested-With, Content-Type, Accept,Access-Token");//Origin, X-Requested-With, Content-Type, Accept,Access-Token
            return true;
        }
    }
    
    public class InterceptorConfig extends WebMvcConfigurationSupport{
    @Autowired
         private CorsFilter filterConfig;
    registry.addInterceptor(filterConfig).addPathPatterns("/**");
    }

    使用拦截器实现跨域配置使用中的问题:拦截器从请求头获取token参数获取不到值

      原因:权限拦截器在跨域处理之前执行了,导致跨域配置失效

      解决方法:将跨域处理放到Filter过滤器中进行,因为过滤器在拦截器之前执行

    filter跨域配置

    public class CorsFilter implements Filter {
    
        private String encoding = "UTF-8";
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest)req; HttpServletResponse response = (HttpServletResponse) res; String originHeader = request.getHeader("Origin");  //request.setCharacterEncoding("GBK"); response.setHeader("Content-type", "text/html;charset=UTF-8"); response.setCharacterEncoding(encoding); response.setHeader("Access-Control-Allow-Origin", originHeader); response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE"); response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader("Access-Control-Allow-Headers", "Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With,userId,token,authorization"); response.setHeader("Access-Control-Allow-Credentials", "true"); response.setHeader("XDomainRequestAllowed","1"); response.setHeader("XDomainRequestAllowed","1");      //response.setHeader("Access-Control-Request-Headers","Authorization"); chain.doFilter(request, response); } public void init(FilterConfig arg0) throws ServletException { this.encoding = arg0.getInitParameter("Encoding"); }   @Bean   public FilterRegistrationBean registerWyfzHeaderFilter() {   FilterRegistrationBean registration = new FilterRegistrationBean();   registration.setFilter(new CorsFilter());   registration.addUrlPatterns("/*");   registration.setName("CorsFilter");   registration.setOrder(1);   return registration;   } }

    response.setHeader参数

    response.setHeader的key
    涵义
    Content-type
    text/html;charset=UTF-8
    请求类型
    Access-Control-Allow-Origin
    *
    指定可信任的域名来接受返回信息
    Access-Control-Allow-Methods
    POST, GET, OPTIONS, DELETE
    指定请求的方法
    Access-Control-Max-Age
    3600
    指定间隔多少秒后异步请求发起预检请求,0每次都发起
    Access-Control-Allow-Headers
    Content-Type, X-E4M-With,token
    表示header里能够携带的参数,如果请求头中所带的参数没有设置的话request.getHeader就获取不到值
    Access-Control-Allow-Credentials
    true
    允许用户携带认证凭据
    XDomainRequestAllowed
    1
    ie8,ie9中的一种跨域手段

  • 相关阅读:
    (转) 一步一步学习ASP.NET 5 (五)- TypeScript
    #一周五# win10通用平台,无处不在的Xamarin,msbuild开源,MVP卢建晖的Asp.NET 5系列 (视频)
    (转) 一步一步学习ASP.NET 5 (四)- ASP.NET MVC 6四大特性
    (转) 一步一步学习ASP.NET 5 (三)- 认识新的Web结构
    #winhec# 开发人员刷屏看点 (视频)
    (翻译) TFS源代码控制的未来 (TFSVC vs. Git)
    (转) 一步一步学习ASP.NET 5 (二)- 通过命令行和sublime创建项目
    【JS教程03】函数
    【JS教程02】变量、数据类型及基本语法规范
    【JS教程01】JavaScript介绍与页面嵌入方式
  • 原文地址:https://www.cnblogs.com/HQ0422/p/12169802.html
Copyright © 2011-2022 走看看