如何在Spring Security 3.2中设置Access-Control-Allow-Origin过滤器问题

http://www.voidcn.com/article/p-uyhpqctq-bts.html

BrowserSecurityConfig的config方法的httpSecurity参数调用方法

.addFilterBefore(new CORSFilter(), UsernamePasswordAuthenticationFilter.class)

CORSFilter

@Component
public class CORSFilter implements Filter {
    static Logger logger = LoggerFactory.getLogger(CORSFilter.class);

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse res, FilterChain chain) throws IOException, ServletException {
        HttpServletResponse response = (HttpServletResponse) res;
        response.setHeader("Access-Control-Allow-Origin", "*");
        response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE, PUT");
        response.setHeader("Access-Control-Max-Age", "3600");
        response.setHeader("Access-Control-Allow-Headers", "x-requested-with");
        chain.doFilter(request, response);
    }

    public void destroy() {}
}