spring boot implements cross domain request access with the front end

  • 2020-06-23 00:18:12
  • OfStack

1. Method:

The server sets the Access-ES5en-Allow-ES7en header in Respone Header Cooperate with front desk to use jsonp Inherit from WebMvcConfigurerAdapter to add configuration classes

2. Example:

1. Front-end: Since we used the separation of front and rear ends, the front-end used node server, and the node server then used the ajax reverse proxy to request to my spring boot server. The node server also USES ajax to make requests, so there is also a cross-domain problem. Specific code:


 app.all(apiRoot + '/*', proxy('127.0.0.1:' + proxyPort, {
  forwardPath: function(req, res) {
   console.log('req: ', req, 'res; ', res);
   return require('url').parse(req.url).path;
  }
 }));

Background (spring boot 1.3.7.ES26en) : 1 filter was used for authentication and cross-domain processing. Specific code:


public class AuthFilter implements Filter {
  //  @Autowired
  // This can't be injected automatically servlet and filter Is be tomcat The management of 
  private BaseUserService baseUserService;
  private String[] excludePaths;

  @Override
  public void init(FilterConfig filterConfig) throws ServletException {
    System.out.println("initFilter");
    // Cannot pass in initialization Appliaction Context Get it because it's not initialized yet Application Context
    //baseUserService = SpringUtils.getBean("baseUserService", BaseUserService.class);
    excludePaths = new String[]{"/api/user/noLogin", "/api/user/tokenError", "/api/user/loginForeground",
        "/api/user/loginBackground", "/api/user/inCorrectUserId"};
  }

  @Override
  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    HttpServletRequest httpServletRequest = (HttpServletRequest) request;
    HttpServletResponse httpServletResponse = (HttpServletResponse) response;
    // Fill in here where you allow cross-domain hosting ip
    httpServletResponse.setHeader("Access-Control-Allow-Origin", "*");
    // Allowed access methods 
    httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, OPTIONS, DELETE, PATCH");
    //Access-Control-Max-Age  Used for  CORS  Cache for the associated configuration 
    httpServletResponse.setHeader("Access-Control-Max-Age", "3600");
    httpServletResponse.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
    String userId = request.getParameter("userId");
    String token = request.getParameter("token");
    // There are token the                            `
    if (userId != null && token != null) {
      try {
        Integer id = Integer.parseInt(userId);
        if (baseUserService == null)
          baseUserService = SpringUtils.getBean("baseUserService", BaseUserService.class);
        int status = baseUserService.checkLogin(id, token);
        if (status == 1) {
          chain.doFilter(request, response);
        } else if (status == 0) {
          httpServletResponse.sendRedirect("/api/user/tokenError");
        } else if (status == -2) {
          httpServletResponse.sendRedirect("/api/user/inCorrectUserId");
        } else {
          httpServletResponse.sendRedirect("/api/user/noLogin");
        }
      } catch (NumberFormatException exception) {
        httpServletResponse.sendRedirect("/api/user/inCorrectUserId");
      }
    } else {
      String path = httpServletRequest.getServletPath();
      if (excludePath(path)) {
        chain.doFilter(request, response);
      } else {
        httpServletRequest.getRequestDispatcher("/api/user/noLogin").forward(request, response);
      }
    }
//    ((HttpServletResponse) response).addHeader("Access-Control-Allow-Origin", "*");
//    CorsFilter corsFilter=new CorsFilter();

  }

  private boolean excludePath(String path) {
    for (int i = 0; i < excludePaths.length; i++) {
      if (path.equals(excludePaths[i]))
        return true;
    }
    return false;
  }

  @Override
  public void destroy() {
    System.out.println("destroy method");
  }

}

This method also works for servlet, noting in particular that the 1 must precede the filter action by adding this sentence at the beginning of the code.

Cross-domain Resource Sharing CORS Details (related link)

2. Look at it for details (click to open)
3. Specific code:


package edu.ecnu.yjsy.conf; 

import org.springframework.context.annotation.Configuration; 
import org.springframework.web.servlet.config.annotation.CorsRegistry; 
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; 

@Configuration 
public class CorsConfig extends WebMvcConfigurerAdapter { 

  @Override 
  public void addCorsMappings(CorsRegistry registry) { 
    registry.addMapping("/**") 
        .allowedOrigins("*") 
        .allowCredentials(true) 
        .allowedMethods("GET", "POST", "DELETE", "PUT") 
        .maxAge(3600); 
  } 

} 

There is a pit here spring boot the previous version worked but I used 1.3.7.RELEASE spring boot it didn't work, so the second way is all-purpose


Related articles: