阅读量:0
CORS(跨源资源共享)是一种安全机制,用于在Web应用程序中允许或禁止来自不同源的HTTP请求
- 使用Java Servlet Filter:
创建一个名为CORSFilter.java的新类,并实现javax.servlet.Filter接口。在这个类中,你需要实现以下三个方法:init(), doFilter()和destroy()。
import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.annotation.WebFilter; import javax.servlet.http.HttpServletResponse; @WebFilter(asyncSupported = true, urlPatterns = { "/*" }) public class CORSFilter implements Filter { @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletResponse httpResponse = (HttpServletResponse) response; httpResponse.setHeader("Access-Control-Allow-Origin", "*"); httpResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, OPTIONS, DELETE"); httpResponse.setHeader("Access-Control-Max-Age", "3600"); httpResponse.setHeader("Access-Control-Allow-Headers", "Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With"); chain.doFilter(request, response); } @Override public void init(FilterConfig filterConfig) throws ServletException { } @Override public void destroy() { } } - 配置Spring Boot:
如果你使用的是Spring Boot,可以通过添加@Bean到你的主应用程序类中来配置CORS。例如:
import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.context.annotation.Bean; import org.springframework.web.servlet.config.annotation.CorsRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; @SpringBootApplication public class Application { public static void main(String[] args) { SpringApplication.run(Application.class, args); } @Bean public WebMvcConfigurer corsConfigurer() { return new WebMvcConfigurer() { @Override public void addCorsMappings(CorsRegistry registry) { registry.addMapping("/**") .allowedOrigins("*") .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS") .allowedHeaders("*") .maxAge(3600); } }; } } - 配置JAX-RS:
如果你使用的是JAX-RS(Jersey),可以通过创建一个名为CORSFilter.java的新类,并实现ContainerResponseFilter接口来配置CORS。例如:
import javax.ws.rs.container.ContainerRequestContext; import javax.ws.rs.container.ContainerResponseContext; import javax.ws.rs.container.ContainerResponseFilter; import javax.ws.rs.core.MultivaluedMap; import java.io.IOException; public class CORSFilter implements ContainerResponseFilter { @Override public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) throws IOException { MultivaluedMap<String, Object> headers = responseContext.getHeaders(); headers.add("Access-Control-Allow-Origin", "*"); headers.add("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT, OPTIONS"); headers.add("Access-Control-Allow-Headers", "Content-Type, Authorization, X-Requested-With"); } } 然后,确保在你的应用程序中注册此过滤器。例如,在Application类中添加以下代码:
import org.glassfish.jersey.server.ResourceConfig; public class Application extends ResourceConfig { public Application() { packages("your.package.name"); register(CORSFilter.class); } } 这些方法应该能帮助你解决Java中的CORS预检请求问题。根据你的项目需求和架构选择合适的方法进行配置。
