Filter implements cross-domain requests in SpringMVC

Others 2020-10-14 17:17:15 views: null

1. Demand background

   If there is a need to expose a certain interface to external service calls in the project, there will inevitably be a cross-domain situation for web projects, so how to solve this cross-domain?

2. Implementation plan

i. CORSFilter

public class CORSFilter implements Filter {
    private static final Logger logger = LoggerFactory.getLogger(CORSFilter.class);

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {

    }

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletResponse response = (HttpServletResponse) servletResponse;
        HttpServletRequest request = (HttpServletRequest) servletRequest;
        //域名列表
        String domains = "A,B,C";

        try {
            String originHeads = request.getHeader("Origin");
            LoggerUtil.info(logger, "[CORSFilter] domain=", originHeads, ",diamond domains=", domains);
            String[] corsList = domains.split(",");
            for (String domain : corsList) {
                if (!domain.equals(originHeads)) {
                    continue;
                }

                response.setHeader("Access-Control-Allow-Origin", domain);
                response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
                response.setHeader("Access-Control-Max-Age", "0");
                response.setHeader("Access-Control-Allow-Credentials", "true");
                response.setHeader("Access-Control-Allow-Headers", "Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With, X-XSRF-TOKEN");
            }

        } catch (Exception ex) {
            LoggerUtil.error(logger, ex, "[CORSFilter] domains split err=");
        }

        filterChain.doFilter(servletRequest, servletResponse);
    }

    @Override
    public void destroy() {

    }

  
}

Note : Only one domain name can be allowed per request, so here you have to traverse and set the allowable domain names

ii Register CORSFilter in web.xml

 <!-- CORS Filter -->
    <filter>
        <filter-name>CORSFilter</filter-name>
        <filter-class>com.xxx.config.CORSFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>CORSFilter</filter-name>
        <url-pattern>/cors/*</url-pattern>
    </filter-mapping>

Configuration needs to implement cross-domain interface URL wildcarding

Guess you like

Origin blog.csdn.net/zhangxing52077/article/details/107613200
Recommended
TIOBE May list: Fortran “resurrected” into Top 10
GCC 14.1 released
Ranking
B. Little Girl and Game【1300 / 回文字符串 博弈论】
CIKERS Shane 20190613
"Javascript advanced programming" study notes - the constructor and prototype
beeline hiveserver2 start
springboot - Automatically backup mysql data every day
Data Storage Full Solution--Detailed Persistence Technology
Detailed Explanation of Spring Web MVC DispatcherServlet—Official Original
TCP / IP protocol layers structure and function
Command type literal pos: unknown; Fallback type literal pos: unknown] with root cause
Design of multifunctional curtain controller with indoor anti-theft alarm
Daily
More
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)

Code World

© 2018 codetd.com