SpringBoot+Shiro解决跨域问题
第一步:
由于shiro是基于过滤器的,所以我们这里继承Filter ,进行跨域处理
package com.guangjutx.config;
import lombok.extern.slf4j.Slf4j;
import org.springframework.stereotype.Component;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* @Title:CorsFilter
* @Author wenhao.ding
* @Date 2020/3/21 13:03
*/
@Component
@Slf4j
public class CORSFilter implements Filter {
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain){
HttpServletResponse response = (HttpServletResponse) res;
HttpServletRequest request = (HttpServletRequest) req;
//放行所有,类似*,这里*无效
response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
response.setHeader("Access-Control-Allow-Credentials", "true");
//允许请求方式
response.setHeader("Access-Control-Allow-Methods", "POST,PUT, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
//需要放行header头部字段 如需鉴权字段,自行添加,如Authorization
response.setHeader("Access-Control-Allow-Headers", "content-type,x-requested-with,token,Authorization,authorization");
try {
chain.doFilter(request, response);
} catch (Exception e) {
log.error("CORS过滤器放行异常:",e);
}
}
public void init(FilterConfig filterConfig) {
}
public void destroy() {
}
}
第二步:
在shiro拦截时,若未登录等,将会自动重定向到登录或无权限,会出现跨域失效问题,继承BasicHttpAuthenticationFilter 重写preHandle方法,处理跨域
package com.guangjutx.config;
import org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.RequestMethod;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* @ClassName AuthenticationFilter
* @Author [email protected]
* @Date 2020-03-21 16:23
* @Version 1.0
**/
public class AuthenticationFilter extends BasicHttpAuthenticationFilter {
@Override
protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception {
HttpServletResponse httpResponse = (HttpServletResponse) response;
HttpServletRequest httpRequest = (HttpServletRequest) request;
//无条件放行OPTIONS
if (httpRequest.getMethod().equals(RequestMethod.OPTIONS.name())) {
setHeader(httpRequest, httpResponse);
return true;
}
return super.preHandle(request, response);
}
/**
* 为response设置header,实现跨域
*/
private void setHeader(HttpServletRequest request, HttpServletResponse response) {
response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods","POST,PUT,GET,OPTIONS,DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "content-type,x-requested-with,token,Authorization,authorization");
response.setHeader("Content-Type", "application/json;charset=UTF-8");
response.setStatus(HttpStatus.OK.value());
}
}
第三步:
将第二步自定义的AuthenticationFilter注册到shiro中,这一步在shiro配置工厂的地方配置即可
Map filters = filterFactory.getFilters();
filters.put("authc", new AuthenticationFilter());