spring boot implements cross domain request access with the front end
- 2020-06-23 00:18:12
- OfStack
1. Method:
The server sets the Access-ES5en-Allow-ES7en header in Respone Header Cooperate with front desk to use jsonp Inherit from WebMvcConfigurerAdapter to add configuration classes2. Example:
1. Front-end: Since we used the separation of front and rear ends, the front-end used node server, and the node server then used the ajax reverse proxy to request to my spring boot server. The node server also USES ajax to make requests, so there is also a cross-domain problem. Specific code:
app.all(apiRoot + '/*', proxy('127.0.0.1:' + proxyPort, {
forwardPath: function(req, res) {
console.log('req: ', req, 'res; ', res);
return require('url').parse(req.url).path;
}
}));
Background (spring boot 1.3.7.ES26en) : 1 filter was used for authentication and cross-domain processing. Specific code:
public class AuthFilter implements Filter {
// @Autowired
// This can't be injected automatically servlet and filter Is be tomcat The management of
private BaseUserService baseUserService;
private String[] excludePaths;
@Override
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("initFilter");
// Cannot pass in initialization Appliaction Context Get it because it's not initialized yet Application Context
//baseUserService = SpringUtils.getBean("baseUserService", BaseUserService.class);
excludePaths = new String[]{"/api/user/noLogin", "/api/user/tokenError", "/api/user/loginForeground",
"/api/user/loginBackground", "/api/user/inCorrectUserId"};
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
// Fill in here where you allow cross-domain hosting ip
httpServletResponse.setHeader("Access-Control-Allow-Origin", "*");
// Allowed access methods
httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, OPTIONS, DELETE, PATCH");
//Access-Control-Max-Age Used for CORS Cache for the associated configuration
httpServletResponse.setHeader("Access-Control-Max-Age", "3600");
httpServletResponse.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
String userId = request.getParameter("userId");
String token = request.getParameter("token");
// There are token the `
if (userId != null && token != null) {
try {
Integer id = Integer.parseInt(userId);
if (baseUserService == null)
baseUserService = SpringUtils.getBean("baseUserService", BaseUserService.class);
int status = baseUserService.checkLogin(id, token);
if (status == 1) {
chain.doFilter(request, response);
} else if (status == 0) {
httpServletResponse.sendRedirect("/api/user/tokenError");
} else if (status == -2) {
httpServletResponse.sendRedirect("/api/user/inCorrectUserId");
} else {
httpServletResponse.sendRedirect("/api/user/noLogin");
}
} catch (NumberFormatException exception) {
httpServletResponse.sendRedirect("/api/user/inCorrectUserId");
}
} else {
String path = httpServletRequest.getServletPath();
if (excludePath(path)) {
chain.doFilter(request, response);
} else {
httpServletRequest.getRequestDispatcher("/api/user/noLogin").forward(request, response);
}
}
// ((HttpServletResponse) response).addHeader("Access-Control-Allow-Origin", "*");
// CorsFilter corsFilter=new CorsFilter();
}
private boolean excludePath(String path) {
for (int i = 0; i < excludePaths.length; i++) {
if (path.equals(excludePaths[i]))
return true;
}
return false;
}
@Override
public void destroy() {
System.out.println("destroy method");
}
}
This method also works for servlet, noting in particular that the 1 must precede the filter action by adding this sentence at the beginning of the code.
Cross-domain Resource Sharing CORS Details (related link)
2. Look at it for details (click to open)
3. Specific code:
package edu.ecnu.yjsy.conf;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
@Configuration
public class CorsConfig extends WebMvcConfigurerAdapter {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOrigins("*")
.allowCredentials(true)
.allowedMethods("GET", "POST", "DELETE", "PUT")
.maxAge(3600);
}
}
There is a pit here spring boot the previous version worked but I used 1.3.7.RELEASE spring boot it didn't work, so the second way is all-purpose