Spring boot解决跨域问题
spring boot解决跨域问题有三种方式:
1、在启动类中加入corsFilter
如下
private CorsConfiguration buildConfig() {
CorsConfiguration corsConfiguration = new CorsConfiguration();
corsConfiguration.addAllowedOrigin("*"); // 1
corsConfiguration.addAllowedHeader("*"); // 2
corsConfiguration.addAllowedMethod("*"); // 3
corsConfiguration.setAllowCredentials(true);
return corsConfiguration;
}
@Bean
public CorsFilter corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", buildConfig()); // 4
return new CorsFilter(source);
}
第二种生成一个filter
spring boot生成filter的方式也有两种
1、写一个继承filter的filter
public class CorsFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
throws ServletException, IOException {
HttpServletResponse response = (HttpServletResponse) servletResponse;
HttpServletRequest request = (HttpServletRequest) servletRequest;
response.setContentType("application/json; charset=utf-8");
response.setCharacterEncoding("UTF-8");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Methods", "POST, GET,PUT, OPTIONS, DELETE");
response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, token");
filterChain.doFilter(request, response);
System.out.println("===============================================test =======================================");
}
@Override
public void destroy() {
}
然后再启动类中注册这个filter
@Bean
public FilterRegistrationBean testFilterRegistration() {
FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setFilter(new com.zf.osaos.core.hybtest.CorsFilter());
registration.addUrlPatterns("/*");
registration.addInitParameter("paramName", "paramValue");
registration.setName("testFilter");
registration.setOrder(1);
return registration;
}
2、同样先生成一个filter
@Order(1)
@WebFilter(filterName = "testFilter1", urlPatterns = "/*")
public class CorsFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
throws ServletException, IOException {
HttpServletResponse response = (HttpServletResponse) servletResponse;
HttpServletRequest request = (HttpServletRequest) servletRequest;
response.setContentType("application/json; charset=utf-8");
response.setCharacterEncoding("UTF-8");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Methods", "POST, GET,PUT, OPTIONS, DELETE");//http请求方式
response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, token");
filterChain.doFilter(request, response);
System.out.println("===============================================test =======================================");
}
@Override
public void destroy() {
}
注意:两个注解,@order代表注解表示执行过滤顺序,值越小,越先执行
然后在启动类中加入注解@ServletComponentScan
仅仅有了这些当然是不够的--------》
在实际开发过程中,发现跨域问题并不是那么好解决的,因为Springboot安全控制框架使用了Securtiy,它的身份认证基于 JSESSIONID,而axios框架默认是不发送cookie的,因此需要在axios配置中添加
axios.defaults.withCredentials = true;
axios.defaults.withCredentials = true第三种方式:
在Controller对应的方法上加上
org.springframework.web.bind.annotation.CrossOrigin 的@CrossOrigin
或者直接在整个controller类上加
@CrossOrigin(origins = "http://domain2.com",
maxAge = 3600,
methods = {RequestMethod.GET, RequestMethod.POST})
@RestController
public class UserController
感谢!