Of Stack

Solution of springboot setting CorsFilter cross domain ineffectiveness

  • 2021-12-12 08:27:21
  • OfStack
Directory settings CorsFilter cross-domain ineffectual resolution problem description solution cross-domain configuration CorsFilter ineffectual reason order rules

Setting the resolution of CorsFilter cross-domain ineffectiveness

Problem description

The front-end development project of the company encountered cross-domain problems during local debugging. My colleague adjusted my service 1 to prompt cross-domain problems directly, and then the front-end nb did cross-domain processing, similar to nginx, but I went to Baidu for a look and found a solution in a big blog.

The reason for the problem is that the filter written to judge the login affects the login, and the reason is that the execution sequence of filter is caused before corsfilter, so the configuration file of cross-domain setting under 1 is modified

Solutions 


/**
 *  Use CORS , used to solve the problem ajax Cross-domain access problem 
 */
@Configuration
public class GlobalCorsConfig {
    @Bean
    public FilterRegistrationBean corsFilter() {
        //1. Add CORS Configuration information 
        CorsConfiguration config = new CorsConfiguration();
        //1)  Allowed domains , Don't write * Otherwise cookie You can't use it 
        //config.addAllowedOrigin("http://manage.leyou.com");
        //config.addAllowedOrigin("http://www.leyou.com");
        config.addAllowedOrigin("*");
        //2)  Whether to send Cookie Information 
        config.setAllowCredentials(true);
        //3)  Allowed request methods 
        config.addAllowedMethod("OPTIONS");
        config.addAllowedMethod("HEAD");
        config.addAllowedMethod("GET");
        config.addAllowedMethod("PUT");
        config.addAllowedMethod("POST");
        config.addAllowedMethod("DELETE");
        config.addAllowedMethod("PATCH");
        config.setMaxAge(3600L);
        // 4 ) Allowed header information 
        config.addAllowedHeader("*");
 
        //2. To add a mapping path, we intercept 1 Cut request 
        UrlBasedCorsConfigurationSource configSource = new UrlBasedCorsConfigurationSource();
        configSource.registerCorsConfiguration("/**", config);
 
        //3. Returns the new CorsFilter.
        //return new CorsFilter(configSource);
 
        FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(configSource));
        bean.setOrder(0);
        return bean;
    }
}

Why cross-domain configuration CorsFilter does not take effect

When you have more than one Filter in your project, you need to set the order in which the filters are executed through the @ Order (Ordered.HIGHEST_PRECEDENCE) annotation

Rules of order

1. The smaller the value of order, the higher the priority

2. If order is not numbered, it defaults to the lowest priority because its default value is the int maximum value

3. This annotation is equivalent to the getOrder method that implements the Ordered interface and returns a number.

If cross-domain is set by using the following commented-out method, the front end will prompt cross-domain when return goes out directly in doFilter () method of Filter

Because this CorsConfig does not implement Filter interface, it will not take effect even if @ Order annotation is added. It is necessary to return a new FilterRegistrationBean in the following new way and set order 


import com.nanase.takeshi.constants.JwtConstant;
import lombok.extern.slf4j.Slf4j;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.Ordered;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;
/**
 * CorsConfig
 *  Cross-domain request configuration 
 *
 * @author 725
 * @date 2020/12/10 18:17
 */
@Slf4j
@Configuration
public class CorsConfig {
    private CorsConfiguration buildConfig() {
        CorsConfiguration corsConfiguration = new CorsConfiguration();
        // 1  Set the access source address 
        corsConfiguration.addAllowedOrigin("*");
        // 2  Set the access source request header 
        corsConfiguration.addAllowedHeader("*");
        // 3  Set the method of accessing the source request 
        corsConfiguration.addAllowedMethod("*");
        // 4  What header information is exposed 
        corsConfiguration.addExposedHeader(JwtConstant.HEADER);
        return corsConfiguration;
    }
    /**
	@Bean
    public CorsFilter corsFilter() {
        log.info(" Cross-domain settings. . . . ");
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        //  Configure cross-domain settings for interfaces 
        source.registerCorsConfiguration("/**", buildConfig());
        return new CorsFilter(source);
    }
    */
    
    @Bean
    public FilterRegistrationBean<CorsFilter> corsFilter() {
        log.info(" Cross-domain settings. . . . ");
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        // 5  Configure cross-domain settings for interfaces 
        source.registerCorsConfiguration("/**", buildConfig());
        // There are multiple filter When the setting here is changed CorsFilter Priority execution order of 
        FilterRegistrationBean<CorsFilter> bean = new FilterRegistrationBean<>(new CorsFilter(source));
        bean.setOrder(Ordered.HIGHEST_PRECEDENCE);
        return bean;
    }
}
Related articles: