Springboot+shiro的跨域处理,亲测有用

一、在config包(一般与Controller,service,pojo等同级)下创建CORSFilter继承import org.apache.shiro.web.servlet.OncePerRequestFilter。这里面所有的放行不能用*必须得是具体的值,不然是无法跨域成功滴。

@Component
@Configuration
//解决Access-Control-Allow-Origin跨域问题
class CORSFilter extends OncePerRequestFilter {
    public void doFilterInternal(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
        HttpServletResponse response = (HttpServletResponse) res;
        HttpServletRequest request = (HttpServletRequest) req;
        response.setContentType("text/html;charset=UTF-8");

        res.setContentType("text/html;charset=UTF-8");

        response.setHeader("XDomainRequestAllowed","1");//不可以放在后面

        //放行所有,类似*,这里的*完全无效
        response.setHeader("Access-Control-Allow-Origin", request.getHeader("origin"));
        response.setHeader("Access-Control-Allow-Credentials", "true");

        //允许请求方式
        response.setHeader("Access-Control-Allow-Methods", "POST,PUT, GET, OPTIONS, DELETE");
        response.setHeader("Access-Control-Max-Age", "3600");

        //需要放行header头部字段 如需鉴权字段,自行添加,如Authorization等
        response.setHeader("Access-Control-Allow-Headers",
                "content-type,x-requested-with,Authorization," +
                        "authorization,Origin,No-Cache,X-Requested-With,If-Modified-Since," +
                        " Pragma, Last-Modified, Cache-Control,Expires, Content-Type, X-E4M-With,userId,token");

        response.setCharacterEncoding("UTF-8");
        response.setContentType("application/json");
     //请求预检放行--不能省
        if ("OPTIONS".equals(request.getMethod())) {
            response.setStatus(HttpStatus.NO_CONTENT.value());
            return ;
        } else {
            chain.doFilter(request, response);
        }
    }
}

二、在shiro的配置类ShiroConfig(里面配置了放行哪些资源,访问哪些需要什么权限等的配置类)里面添加如下代码,不要忘记加注解@Bean

    @Bean
    public FilterRegistrationBean replaceTokenFilter(){
        FilterRegistrationBean registration = new FilterRegistrationBean();
        registration.setDispatcherTypes(DispatcherType.REQUEST);
        registration.setFilter( new CORSFilter());
        registration.addUrlPatterns("/*");
        registration.setName("CrosFilter");
        registration.setOrder(1);
        return registration;
    }

三、输入网址测试,然后就可以看到正常跨域访问接口了,如果跨域不成功的话页面是一片空白报错Access-Control-Allow-Origin或者Access-Control-Allow-Headers等信息

 

posted @ 2021-09-06 16:16  蒂雪凌星  阅读(973)  评论(0编辑  收藏  举报
Live2D