java 后端 控制跨域问题
@Component
public class UserLoginInterceptor implements HandlerInterceptor {
private static final Logger logger = LoggerFactory.getLogger(UserLoginInterceptor.class);
@Value("${zyplayer.doc.manage.originDomainRegex:}")
private String originDomainRegex;
private final ThreadLocal<Long> startTimeThreadLocal = new ThreadLocal<>();
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object arg2, Exception arg3) {
Long startTime = startTimeThreadLocal.get();
startTime = Optional.ofNullable(startTime).orElse(System.currentTimeMillis());
long totalTime = System.currentTimeMillis() - startTime;
String clientIP = ServletUtil.getClientIP(request);
logger.info("IP:{},总耗时:{}ms,URI:{}", clientIP, totalTime, request.getRequestURI());
startTimeThreadLocal.remove();
// 清理用户信息
DocUserUtil.clean();
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) {
}
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
startTimeThreadLocal.set(System.currentTimeMillis());
// 指定域名可跨域访问
if (StringUtils.isNotBlank(originDomainRegex)) {
String origin = request.getHeader("Origin");
if (StringUtils.isNotBlank(origin) && origin.toLowerCase().matches(originDomainRegex)) {
response.setHeader("Access-Control-Allow-Origin", origin); // 允许访问的域
response.setHeader("Access-Control-Allow-Methods", "HEAD,GET,POST,PUT,DELETE");// 允许GET、POST的外域请求
response.setHeader("Access-Control-Allow-Credentials", "true"); // 允许请求带cookie到服务器
response.setContentType("application/json; charset=utf-8"); // 设定JSON格式标准输出、及编码
}
}
if (!(handler instanceof HandlerMethod)) {
return true;
}
// 清理用户信息
DocUserUtil.clean();
// 设置token
Cookie cookie = ServletUtil.getCookie(request, HttpConst.ACCESS_TOKEN);
String accessToken = (cookie == null) ? null : cookie.getValue();
DocUserUtil.setAccessToken(accessToken);
AuthMan authMan = ((HandlerMethod) handler).getMethod().getAnnotation(AuthMan.class);
if (authMan == null) {
authMan = ((HandlerMethod) handler).getMethod().getDeclaringClass().getAnnotation(AuthMan.class);
if (authMan == null) {
return true;
}
}
DocUserDetails currentUser = DocUserUtil.getCurrentUser();
if (currentUser == null) {
String reason = "你访问的内容需要登录,请登录后再试";
DocResponseJson.failure(HttpConst.TOKEN_TIMEOUT, reason).send(response);
return false;
}
// 判断权限是否足够
boolean haveAuth = DocUserUtil.haveAuth(authMan.value());
if (haveAuth) {
return true;
}
String reasonStr = "没有操作权限,请联系管理员";
DocResponseJson.warn(reasonStr).send(response);
return false;
}
}
# 系统根域名,调试UI时需要使用,同时需要在host文件里配置:127.0.0.1 local.zyplayer.com
#originDomainRegex: .*\.zyplayer\.com(:\d+|)$
originDomainRegex: .*\.zyplayer\.com(:\d+|)$
本文作者:独而不孤
本文链接:https://www.cnblogs.com/lcaiqin/p/18338390
版权声明:本作品采用知识共享署名-非商业性使用-禁止演绎 2.5 中国大陆许可协议进行许可。
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步