spring-boot跨域

無攔截器

@CrossOrigin

通常狀況下,直接用@CrossOrigin就能夠搞定了

@CrossOrigin(origins = "http://localhost:8080")
    @RequestMapping(value = "/cors", method = RequestMethod.GET)
    public Object cors(){
        ...
    }

JavaConfig

@Configuration
@EnableWebMvc
public class WebMvcConfig extends WebMvcConfigurerAdapter {

    @Override
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/cors");
    }

}

有攔截器

好比須要對用戶身份進行驗證

@Component
public class AuthInterceptor extends HandlerInterceptorAdapter{

    private static final Logger logger= LoggerFactory.getLogger(AuthInterceptor.class);

    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler){
        String _authorization = request.getHeader("Authorization");
        logger.info("authorization:{}",_authorization);
        if(_authorization!=null){
            request.setAttribute("authorization",_authorization);
            return true;
        }else{
            response.setStatus(403);
            return false;
        }
    }

}

瀏覽器在發送OPTION請求時,可能(這個我還要去google一下)不會帶上驗證信息,在攔截器那裏就沒經過,進而結束請求.而前面方法的執行是在攔截器後面,不會起做用.(固然在攔截器那裏判斷,若是是OPTION方法就經過,也沒問題)
這就須要另外一種方法

@Configuration
@EnableWebMvc
public class WebMvcConfig extends WebMvcConfigurerAdapter {

    @Autowired
    private AuthInterceptor authInterceptor;

    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(authInterceptor);
    }

    @Bean
    public FilterRegistrationBean corsFilter() {
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        CorsConfiguration config = new CorsConfiguration();
        config.setAllowCredentials(true);
        config.addAllowedOrigin("*");
        config.addAllowedHeader("*");
        config.addAllowedMethod("*");
        source.registerCorsConfiguration("/cors", config);
        FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
        bean.setOrder(0);
        return bean;
    }

}

這個過濾器會在執行攔截器前面執行

---

下載