Springboot配置跨域问题

Access to XMLHttpRequest at 'http://xxxxxx' from origin 'http://localhost:8081' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

跨域问题,后台SpringBoot+Shiro,跨域时GET会发起Options请求,若对Options进行session检查拦截会有问题,因为不会携带token等参数,需要对其过滤不进行处理,需要改动两处:
1.SpringMVC增加response设置


@Component
public class WebInterceptor extends HandlerInterceptorAdapter {
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {

        //允许api跨域
        response.setHeader("Access-Control-Allow-Origin", "*");
        response.setHeader("Access-Control-Allow-Methods", "POST, GET, DELETE,OPTIONS");
        response.setHeader("Access-Control-Max-Age", "3600");
        response.setHeader("Access-Control-Allow-Headers", "*");

        String method= request.getMethod();

        if (method.equals("OPTIONS")){
            response.setStatus(200);
            return false;
        }
        return true;
    }
}

2.Shiro增加配置,不对OPTIONS进行拦截,同时对于无效会话直接输出json参数,不能通过redirect跳转到别的url输出,否则在浏览器调试时也不支持

public class MyAuthenticationFilter extends FormAuthenticationFilter {
    @Override
    protected void redirectToLogin(ServletRequest request, ServletResponse response) throws IOException {

        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
	    String method= httpServletRequest.getMethod();
	    //跨域时OPTIONS请求,此时不会带着token,若跳转就不对了。
	    if (method.equals("OPTIONS")){
		return ;
	    }

	    //WebUtils.issueRedirect(request, response, "/api/nologin");
	    //此处不不能redirect,跨域不能用
	    //API过期,返回过期json
	    JSONObject json = new JSONObject();
	    json.put("code", 2);
	    json.put("msg", "登录会话失效,请重新登录");

	    render((HttpServletResponse) response, "text/plain;charset=UTF-8", json.toString());

        
    }

    public void render(HttpServletResponse response, String contentType,
                       String text) {

        response.setContentType(contentType);
        response.setHeader("Pragma", "No-cache");
        response.setHeader("Cache-Control", "no-cache");
        response.setDateHeader("Expires", 0);

        try {
            response.getWriter().write(text);
        } catch (IOException e) {
            e.printStackTrace();
        }
    }

    @Override
    protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception {
        HttpServletResponse httpResponse = (HttpServletResponse) response;
        HttpServletRequest httpRequest = (HttpServletRequest) request;
        if (httpRequest.getMethod().equals(RequestMethod.OPTIONS.name())) {
            return true;
        }

        return super.preHandle(request,response);
    }
}

MyAuthenticationFilter 需要配置到Shiro配置文件中
map.put("/api/**","user");

    Map<String, Filter> filters = shiroFilterFactoryBean.getFilters();
    filters.put("user", new MyAuthenticationFilter());
    shiroFilterFactoryBean.setFilters(filters);

posted on   webjlwang  阅读(181)  评论(0编辑  收藏  举报

编辑推荐:
· 没有源码,如何修改代码逻辑?
· 一个奇形怪状的面试题:Bean中的CHM要不要加volatile?
· [.NET]调用本地 Deepseek 模型
· 一个费力不讨好的项目,让我损失了近一半的绩效!
· .NET Core 托管堆内存泄露/CPU异常的常见思路
阅读排行:
· 微软正式发布.NET 10 Preview 1:开启下一代开发框架新篇章
· 没有源码,如何修改代码逻辑?
· DeepSeek R1 简明指南:架构、训练、本地部署及硬件要求
· NetPad:一个.NET开源、跨平台的C#编辑器
· PowerShell开发游戏 · 打蜜蜂

导航

< 2025年2月 >
26 27 28 29 30 31 1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 1
2 3 4 5 6 7 8
点击右上角即可分享
微信分享提示