跨域問題其實(shí)之前就有說過,不明白的可以參考我之前的文章�����,這章主要講解SpringBoot CROS的支持��。
這里主要按照官方文檔方式講述����。
SpringBoot CROS 參考: http://docs./spring-boot/docs/1.5.4.RELEASE/reference/htmlsingle/#boot-features-cors
Spring CROS 參考: http://docs./spring/docs/4.3.9.RELEASE/spring-framework-reference/htmlsingle/#cors
一��、代碼準(zhǔn)備
首先是支持Restful的controller�,這里就不使用數(shù)據(jù)庫了����,簡單一點(diǎn)。 UserController.class
package cn.saytime.web;
import cn.saytime.bean.JsonResult;
import cn.saytime.bean.User;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
/**
* @author zh
* @ClassName cn.saytime.web.UserController
* @Description
*/
@RestController
public class UserController {
// 創(chuàng)建線程安全的Map
static Map<Integer, User> users = Collections.synchronizedMap(new HashMap<Integer, User>());
/**
* 根據(jù)ID查詢用戶
* @param id
* @return
*/
@RequestMapping(value = "user/{id}", method = RequestMethod.GET)
public ResponseEntity<JsonResult> getUserById (@PathVariable(value = "id") Integer id){
JsonResult r = new JsonResult();
try {
User user = users.get(id);
r.setResult(user);
r.setStatus("ok");
} catch (Exception e) {
r.setResult(e.getClass().getName() + ":" + e.getMessage());
r.setStatus("error");
e.printStackTrace();
}
return ResponseEntity.ok(r);
}
/**
* 查詢用戶列表
* @return
*/
@CrossOrigin
@RequestMapping(value = "users", method = RequestMethod.GET)
public ResponseEntity<JsonResult> getUserList (){
JsonResult r = new JsonResult();
try {
List<User> userList = new ArrayList<User>(users.values());
r.setResult(userList);
r.setStatus("ok");
} catch (Exception e) {
r.setResult(e.getClass().getName() + ":" + e.getMessage());
r.setStatus("error");
e.printStackTrace();
}
return ResponseEntity.ok(r);
}
/**
* 添加用戶
* @param user
* @return
*/
@RequestMapping(value = "user", method = RequestMethod.POST)
public ResponseEntity<JsonResult> add (@RequestBody User user){
JsonResult r = new JsonResult();
try {
users.put(user.getId(), user);
r.setResult(user.getId());
r.setStatus("ok");
} catch (Exception e) {
r.setResult(e.getClass().getName() + ":" + e.getMessage());
r.setStatus("error");
e.printStackTrace();
}
return ResponseEntity.ok(r);
}
/**
* 根據(jù)id刪除用戶
* @param id
* @return
*/
@RequestMapping(value = "user/{id}", method = RequestMethod.DELETE)
public ResponseEntity<JsonResult> delete (@PathVariable(value = "id") Integer id){
JsonResult r = new JsonResult();
try {
users.remove(id);
r.setResult(id);
r.setStatus("ok");
} catch (Exception e) {
r.setResult(e.getClass().getName() + ":" + e.getMessage());
r.setStatus("error");
e.printStackTrace();
}
return ResponseEntity.ok(r);
}
/**
* 根據(jù)id修改用戶信息
* @param user
* @return
*/
@RequestMapping(value = "user/{id}", method = RequestMethod.PUT)
public ResponseEntity<JsonResult> update (@PathVariable("id") Integer id, @RequestBody User user){
JsonResult r = new JsonResult();
try {
User u = users.get(id);
u.setUsername(user.getUsername());
u.setAge(user.getAge());
users.put(id, u);
r.setResult(u);
r.setStatus("ok");
} catch (Exception e) {
r.setResult(e.getClass().getName() + ":" + e.getMessage());
r.setStatus("error");
e.printStackTrace();
}
return ResponseEntity.ok(r);
}
}
User.class
package cn.saytime.bean;
import java.util.Date;
/**
* @author zh
* @ClassName cn.saytime.bean.User
* @Description
*/
public class User {
private int id;
private String username;
private int age;
private Date ctm;
// Getter Setter
}
JsonResult.class
package cn.saytime.bean;
public class JsonResult {
private String status = null;
private Object result = null;
// Getter Setter
}
二�、測試是否存在跨域問題
我們在static目錄新建一個(gè)test.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
<script src="https://cdn./jquery/2.1.0/jquery.min.js"></script>
<script type="text/javascript">
function crosRequest(){
$.ajax({
url:'http://localhost:8080/users',
type:'get',
dataType:'json',
success:function(data){
console.log(data);
}
});
}
</script>
</head>
<body>
<button onclick="crosRequest()">請求跨域資源</button>
</body>
</html>
- 我們使用IDEA的瀏覽器預(yù)覽功能,點(diǎn)擊谷歌小圖標(biāo)����,可以看到打開網(wǎng)址為: http://localhost:63342/springboot-demo/springboot-cros/static/test.html?_ijt=ibtt432ffb9rh0vffqkkug3je8
- 啟動(dòng)SpringBoot工程,默認(rèn)8080
不是使用IDEA的用戶��,自己找個(gè)tomcat啟動(dòng)test.html頁面���,修改端口為其他�,然后啟動(dòng)springboot�����。
所以證明存在跨域問題��。
一、@CrossOrigin注解方式
Controller method CORS configuration
這里我們在users映射的方法getUserList上面加上@CrossOrigin
@CrossOrigin
@RequestMapping(value = "users", method = RequestMethod.GET)
public ResponseEntity<JsonResult> getUserList ()
然后再次使用上面的方式訪問�。
表示跨域問題解決。 default @CrossOrigin allows all origins and the HTTP methods specified in the @RequestMapping annotation 上面的官方文檔說明����,也就是默認(rèn)的@CrossOrigin允許所有跨域請求。
通過查看CrossOrigin源碼可以看到�, 默認(rèn)配置為:
"Access-Control-Allow-Origin" : "*"
"Access-Control-Allow-Methods" : "GET,POST,PUT,OPTIONS"
"Access-Control-Allow-Credentials" : "true"
@Target({ElementType.METHOD, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface CrossOrigin {
/** @deprecated */
@Deprecated
String[] DEFAULT_ORIGINS = new String[]{"*"};
/** @deprecated */
@Deprecated
String[] DEFAULT_ALLOWED_HEADERS = new String[]{"*"};
/** @deprecated */
@Deprecated
boolean DEFAULT_ALLOW_CREDENTIALS = true;
/** @deprecated */
@Deprecated
long DEFAULT_MAX_AGE = 1800L;
@AliasFor("origins")
String[] value() default {};
@AliasFor("value")
String[] origins() default {};
String[] allowedHeaders() default {};
String[] exposedHeaders() default {};
RequestMethod[] methods() default {};
String allowCredentials() default "";
long maxAge() default -1L;
}
It is also possible to enable CORS for the whole controller 也可以用在整個(gè)Controller類上面。即該controller所有映射都支持跨域請求���。
@CrossOrigin(origins = "http://",
maxAge = 3600,
methods = {RequestMethod.GET, RequestMethod.POST})
@RestController
public class UserController
二�、全局CORS配置
Global CORS configuration In addition to fine-grained, annotation-based configuration you’ll probably want to define some global CORS configuration as well. This is similar to using filters but can be declared withing
Spring MVC and combined with fine-grained @CrossOrigin configuration. By default all origins and GET, HEAD and POST methods are allowed.
package cn.saytime.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
/**
* @author zh
* @ClassName cn.saytime.config.CORSConfiguration
* @Description
*/
@Configuration
public class CORSConfiguration {
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurerAdapter() {
@Override
public void addCorsMappings(CorsRegistry registry) {
// registry.addMapping("/api/**");
registry.addMapping("/**")
.allowedOrigins("http://", "http://")
.allowedMethods("GET", "POST", "DELETE", "PUT", "OPTIONS")
.allowCredentials(false).maxAge(3600);
}
};
}
}
三���、過濾器實(shí)現(xiàn)跨域 Filter based CORS support
@Configuration
public class MyConfiguration {
@Bean
public FilterRegistrationBean corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(false);
config.addAllowedOrigin("http://");
config.addAllowedHeader("*");
config.addAllowedMethod("*");
source.registerCorsConfiguration("/**", config);
FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
bean.setOrder(0);
return bean;
}
}
|
