SpringMVC支持跨域请求

一、如果项目中使用的SpringMVC4.3.9以下,就需要对该请求配置Filter,设置请求头可支持跨域。使用方法:

--spring cloud zuul支持跨域---:https://blog.csdn.net/XinTeng2012/article/details/84938872

1、web.xml配置

<!-- 跨域问题解决 -->
<filter>
    <filter-name>header</filter-name>
    <filter-class>com.foriseland.fsoa.pay.filter.HeaderFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>header</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

2、编写Filter拦截请求,添加跨域请求支持

import java.io.IOException;
 
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
 
/**
 * 头部过滤器
 * @author 
 */
public class HeaderFilter implements Filter{
 
    public void destroy() {
        
    }
 
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
            throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest)req;
        HttpServletResponse response = (HttpServletResponse) res;
        String originHeader = request.getHeader("Origin");
        response.setHeader("Access-Control-Allow-Origin", originHeader);
        response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");  
        response.setHeader("Access-Control-Max-Age", "0");  
        response.setHeader("Access-Control-Allow-Headers", "Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With,userId,token");  
        response.setHeader("Access-Control-Allow-Credentials", "true");  
        response.setHeader("XDomainRequestAllowed","1");     
        chain.doFilter(request, response);  
    }
 
    public void init(FilterConfig arg0) throws ServletException {
        
    }
}

二、如果项目中使用的SpringMVC4.x以上,那就简单了,从SpringMVC4.x开始,就增加了支持跨域访问。使用方法:

1、某个方法支持跨域访问

在方法上增加@CrossOrigin注解,如下:

@CrossOrigin(origins = "http://domain2.com", maxAge = 3600)
@RestController
@RequestMapping("/account")
public class AccountController {

    @GetMapping("/{id}")
    public Account retrieve(@PathVariable Long id) {
        // ...
    }

    @DeleteMapping("/{id}")
    public void remove(@PathVariable Long id) {
        // ...
    }
}

其中@CrossOrigin中的2个参数:

origins  : 允许可访问的域列表

List of allowed origins, e.g. "http://domain1.com".   
These values are placed in the Access-Control-Allow-Origin header of both the pre-flight response and the actual response. "*" means that all origins are allowed.   
  
If undefined, all origins are allowed. 

 maxAge:准备响应前的缓存持续的最大时间(以秒为单位)。。

The maximum age (in seconds) of the cache duration for pre-flight responses.   
This property controls the value of the Access-Control-Max-Age header in the pre-flight response.   
  
Setting this to a reasonable value can reduce the number of pre-flight request/response interactions required by the browser. A negative value means undefined.   
  
If undefined, max age is set to 1800 seconds (i.e., 30 minutes). 

2、整个Controller都支持跨域访问,在类上面加上注解@CrossOrigin,如下:

@Controller  
@CrossOrigin  
public class TestController {  
    ……  
    ……  
} 

3、自定义规则支持全局跨域访问,在spring-mvc.xml文件中配置映射路径,如下:

<mvc:cors>  
    <mvc:mapping path="/cross/*"/>  
</mvc:cors> 

如果整个项目所有方法都可以访问,则可以这样配置

<mvc:cors>    
    <mvc:mapping path="/**"/>    
</mvc:cors>  

其中* 表示匹配到下一层

** 表示后面不管有多少层,都能匹配。

上面表示有/cross/路径的请求都支持跨域访问,也可以增加其它的,如下:

<mvc:cors>  
    <mvc:mapping path="/cross/**" allowed-origins="" max-age="2500"/>  
    <mvc:mapping path="/domain/**"/>  
</mvc:cors> 

 请求路径有/cross/,方法示例如下:

@RequestMapping("/cross/crossDomain")  
@ResponseBody  
public String crossDomain(HttpServletRequest req, HttpServletResponse res, String name){  
    ……    
    ……  
} 
posted @ 2019-09-05 13:51  748573200000  阅读(2277)  评论(0编辑  收藏  举报