最近使用ssm开发了一个项目,为了项目的开发速度,采用的是前后端同时开发,所以前端文件没有集成在项目中,最后在调试时涉及到了跨域。跨域的解决方法很多,我采用的是最简单的一种,代码如下:
新建一个过滤器filter
package com.xxxx.xxxxx; import javax.servlet.*;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException; public class SimpleCORSFilter implements Filter { @Override
public void destroy() {
} @Override
public void doFilter(ServletRequest req, ServletResponse res,FilterChain chain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "x-requested-with");
chain.doFilter(req, res);
} @Override
public void init(FilterConfig arg0) throws ServletException {
} }
然后在xml中配置
<filter>
<filter-name>cors</filter-name>
<filter-class>com.ssm.web.filter.SimpleCORSFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>cors</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
2018.08.07更新
由于项目的升级,感觉以前的filter不满足实际需求,故而进行扩展升级
filter
package com.xxx.xxx; import org.springframework.stereotype.Component;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException; @Component
public class CORSFilter implements Filter { // 存放跨域的白名单
private String[] permitUrl; @Override
public void doFilter(ServletRequest req, ServletResponse res,FilterChain chain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
HttpServletRequest request = (HttpServletRequest) req; String myOrigin = request.getHeader("origin");
boolean isValid = false;
for (String ip : permitUrl) {
if (myOrigin != null && myOrigin.equals(ip)) {
isValid = true;
break;
}
} response.setContentType("textml;charset=UTF-8");
response.setHeader("Access-Control-Allow-Origin", isValid ? myOrigin : "null");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With,userId,token");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("P3P", "CP=\"NON DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa CONa HISa TELa OTPa OUR UNRa IND UNI COM NAV INT DEM CNT PRE LOC\"");
response.setHeader("XDomainRequestAllowed", "1"); chain.doFilter(req, res);
} // 初始化方法,这里的permitUrl是在web.xml中配置的
@Override
public void init(FilterConfig filterConfig) throws ServletException {
String urls = filterConfig.getInitParameter("permitUrl");
if (urls != null) {
urls = urls.replaceAll("\\n", "").replaceAll("\\r", "").replaceAll("\\t", "");
}
if (!"".equals(urls) && urls != null) {
permitUrl = urls.split(",");
}
if (permitUrl != null) {
for (int i = 0; i < permitUrl.length; i++) {
permitUrl[i] = permitUrl[i].trim();
}
}
} // 销毁方法
@Override
public void destroy() {
} }
web.xml中配置(这里的permitUrl中的value就是你项目允许的ip地址,不允许的将访问不到)
<filter>
<filter-name>cors</filter-name>
<filter-class>com.xxx.xxx.CORSFilter</filter-class>
<init-param>
<param-name>permitUrl</param-name>
<param-value>
http://192.168.1.51:3000,
http://192.168.1.51:8020,
http://www.baidu.com:8084
</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>cors</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>