Spring boot解决跨域问题

spring boot解决跨域问题有三种方式:

1、在启动类中加入corsFilter

如下

private CorsConfiguration buildConfig() {
   CorsConfiguration corsConfiguration = new CorsConfiguration();
   corsConfiguration.addAllowedOrigin("*"); // 1
   corsConfiguration.addAllowedHeader("*"); // 2
   corsConfiguration.addAllowedMethod("*"); // 3
   corsConfiguration.setAllowCredentials(true);
   return corsConfiguration;
}


@Bean
public CorsFilter corsFilter() {
   UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
   source.registerCorsConfiguration("/**", buildConfig()); // 4
   return new CorsFilter(source);
}

第二种生成一个filter

spring boot生成filter的方式也有两种

1、写一个继承filter的filter

public class CorsFilter implements Filter {

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override
    public  void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
            throws ServletException, IOException {
        HttpServletResponse response = (HttpServletResponse) servletResponse;
        HttpServletRequest request = (HttpServletRequest) servletRequest;
        response.setContentType("application/json; charset=utf-8");
        response.setCharacterEncoding("UTF-8");
        response.setHeader("Access-Control-Max-Age", "3600");
        response.setHeader("Access-Control-Allow-Methods", "POST, GET,PUT, OPTIONS, DELETE");
        response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
        response.setHeader("Access-Control-Allow-Credentials", "true");
        response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, token");
        filterChain.doFilter(request, response);
        System.out.println("===============================================test =======================================");
    }

    @Override
    public void destroy() {
    }

然后再启动类中注册这个filter

@Bean
public FilterRegistrationBean testFilterRegistration() {
   FilterRegistrationBean registration = new FilterRegistrationBean();
   registration.setFilter(new com.zf.osaos.core.hybtest.CorsFilter());
   registration.addUrlPatterns("/*");
   registration.addInitParameter("paramName", "paramValue");
   registration.setName("testFilter");
   registration.setOrder(1);
   return registration;
}
2、同样先生成一个filter
@Order(1)
@WebFilter(filterName = "testFilter1", urlPatterns = "/*")
public class CorsFilter implements Filter {

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override
    public  void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
            throws ServletException, IOException {
        HttpServletResponse response = (HttpServletResponse) servletResponse;
        HttpServletRequest request = (HttpServletRequest) servletRequest;
        response.setContentType("application/json; charset=utf-8");
        response.setCharacterEncoding("UTF-8");
        response.setHeader("Access-Control-Max-Age", "3600");
        response.setHeader("Access-Control-Allow-Methods", "POST, GET,PUT, OPTIONS, DELETE");//http请求方式
        response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
        response.setHeader("Access-Control-Allow-Credentials", "true");
        response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, token");
        filterChain.doFilter(request, response);
        System.out.println("===============================================test =======================================");
    }

    @Override
    public void destroy() {
    }
注意:两个注解,@order代表注解表示执行过滤顺序,值越小,越先执行

然后在启动类中加入注解@ServletComponentScan

Spring boot解决跨域问题_第1张图片

仅仅有了这些当然是不够的--------》

在实际开发过程中,发现跨域问题并不是那么好解决的,因为Springboot安全控制框架使用了Securtiy,它的身份认证基于 JSESSIONID,而axios框架默认是不发送cookie的,因此需要在axios配置中添加 

axios.defaults.withCredentials = true;
axios.defaults.withCredentials = true

第三种方式:

在Controller对应的方法上加上

org.springframework.web.bind.annotation.CrossOrigin 的@CrossOrigin

或者直接在整个controller类上加

@CrossOrigin(origins = "http://domain2.com",
        maxAge = 3600,
        methods = {RequestMethod.GET, RequestMethod.POST})
@RestController
public class UserController
 

感谢!

你可能感兴趣的:(spring,boot)