html读取oss_HTML5之跨域请求上传文件到OSS

CORS协议:

1.COR请求的分类:

1.简单的COR请求,直接向跨域资源发送请求,包含简单的头和方法.返回的头部信息包含Access-Control-Allow-Origin:www.helloword.com.代表www.helloword.com域名跨域访问.

2.复杂的COR包含复杂的方法和头,它需要先发送预请求,允许才能发送真实请求

2.回复的请求头信息的含义

1.Access-Control-Allow-Origin: http://haha.com.代表允许跨域的域名 *代表所有的域名都跨域跨域

2.Access-Control-Max-Age: 60,代表在60秒内不需要发送预请求,缓存该结果

3.Access-Control-Allow-Methods: GET，PUT代表允许get,和put的请求跨域

4.Access-Control-Allow-Headers: content-type代表允许跨域请求携带context-type信息()

3.代码

1.引入tomcat对cor支持的jar包(简单COR请求不需要)CorsFilter过滤器源码分析见(http://www.cnblogs.com/2nao/p/7263977.html)

org.apache.tomcat

tomcat-catalina

7.0.78

provided

2.配置web.xml

CorsFilter

org.apache.catalina.filters.CorsFilter

CorsFilter

/*

3.上传文件代码

public @ResponseBody

JSONObject upload(MultipartFile file,HttpServletRequest request,HttpServletResponse response) {

String requestUrl= URLUtils.getUrl(request);//设置允许访问的白名单

if(requestUrl == null){//访问者不在白名单里面,返回null

return null;

}

log.info("上传文件start");

JSONObject jsonObject = new JSONObject();

JSONObject data = new JSONObject();

OSSClient client = new OSSClient(endpoint, accessKeyId, accessKeySecret);

String originalFilename = file.getOriginalFilename();

String substring = originalFilename.substring(originalFilename.lastIndexOf(".")).toLowerCase();

Random random = new Random();

String key = random.nextInt(10000) + System.currentTimeMillis() + substring;

try {

PutObjectResult por = client.putObject(bucketName, key, new ByteArrayInputStream(file.getBytes()));

// 设置URL过期时间为10年 3600l* 1000*24*365*10

Date expiration = new Date(new Date().getTime() + 3600l * 1000 * 24 * 365 * 10);

// 生成URL

URL url = null;

try {

url = client.generatePresignedUrl(bucketName, key, expiration);

} catch (Exception e) {

e.printStackTrace();

} finally {

client.shutdown();

}

if (url != null) {

String urlStr = url.toString();

if (!urlStr.contains(EXPIRES)) {

JsonSettingUtils.setException(jsonObject);

log.info("生成文件url失败：url中不包含?Expires字符串");

return jsonObject;

}

urlStr = urlStr.substring(0, urlStr.indexOf(EXPIRES));

data.put("url", urlStr);

response.setHeader("Access-Control-Allow-Origin",requestUrl);//设置跨域允许所有的域名跨域

//设置*会存在,设置跨域的cookie,带不到要跨域的服务端.

}

} catch (Exception e) {

log.error("文件上传失败");

JsonSettingUtils.setException(jsonObject);

return jsonObject;

}

log.info("上传文件end");

JsonSettingUtils.setSuccessAndData(jsonObject, data);

return jsonObject;

}

public classURLUtils {/**

* 获取访问者的域名

* @param request

* @return*/

public staticString getUrl(HttpServletRequest request){

String url= request.getHeader("Referer");

if (url == null){

return null;

}

Pattern p = Pattern.compile("(?<=//|)((\\w)+\\.)+\\w+");

Matcher m = p.matcher(url);

if(m.find()){

url= m.group();

}

log.info("获取访问者的请求:{}",url );

for (String string : ConstantUtils.URLS) {

if (string.equals(url)) {

return string;

}

}

return null;

} }