java伺服器端解決跨域問題【工具包系列】
阿新 • • 發佈:2018-12-26
現在很多開發的API都支援ajax直接請求,這樣就會導致跨域的問題,解決跨域的問題一方面可以從前端,另一方面就是伺服器端。
既然是搞伺服器端,做對外的API服務,當然是做到越簡單越好,前端只需要傻傻的使用就好。
目前我接觸來的情況是有2種實現方式,下面直接程式碼,你們根據自己專案情況,選擇或者修改其中的程式碼,所有程式碼都是專案實戰中執行的。
第一種情況,比較簡單,讓所有的controller類繼承自定義的BaseController類,改類中將對返回的頭部做些特殊處理。
public abstract class BaseController {
/**
* description:send the ajax response back to the client side
* @param responseObj
* @param response
*/
protected void writeAjaxJSONResponse(Object responseObj, HttpServletResponse response) {
response.setCharacterEncoding("UTF-8");
response.setHeader("Cache-Control" , "no-cache, no-store, must-revalidate"); // HTTP 1.1
response.setHeader("Pragma", "no-cache"); // HTTP 1.0
/**
* for ajax-cross-domain request TODO get the ip address from
* configration(ajax-cross-domain.properties)
*/
response.setHeader("Access-Control-Allow-Origin" , "*");
response.setDateHeader("Expires", 0); // Proxies.
PrintWriter writer = getWriter(response);
writeAjaxJSONResponse(responseObj, writer);
}
/**
*
* @param response
* @return
*/
protected PrintWriter getWriter(HttpServletResponse response) {
if(null == response){
return null;
}
PrintWriter writer = null;
try {
writer = response.getWriter();
} catch (IOException e) {
logger.error("unknow exception", e);
}
return writer;
}
/**
* description:send the ajax response back to the client side.
*
* @param responseObj
* @param writer
* @param writer
*/
protected void writeAjaxJSONResponse(Object responseObj, PrintWriter writer) {
if (writer == null || responseObj == null) {
return;
}
try { writer.write(JSON.toJSONString(responseObj,SerializerFeature.DisableCircularReferenceDetect));
} finally {
writer.flush();
writer.close();
}
}
}
接下來就是我們自己業務的controller了,其中主要是要呼叫 writeAjaxJSONResponse(result, response);這個方法
@Controller
@RequestMapping(value = "/account")
public class AccountController extends BaseController {
@RequestMapping(value = "/add", method = RequestMethod.POST)
public void addAccount(HttpSession session,HttpServletRequest request,HttpServletResponse response){
ViewerResult result = new ViewerResult();
//實現自己業務邏輯程式碼
writeAjaxJSONResponse(result, response);
}
}
好了,這種簡單的方式就實現了。
接下來介紹第二種方式,filter。我們在寫springMVC的時候,更喜歡的方式是通過@ResponseBody給返回物件進行封裝直接返回給前端,這樣簡單而且容易。
如果使用@ResponseBody就不能使用第一種方法了,所有就使用filter給所有的請求都封裝一下跨域,接下來直接實現程式碼:
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
public class HeadersCORSFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
// TODO Auto-generated method stub
}
@Override
public void doFilter(ServletRequest request, ServletResponse servletResponse,
FilterChain chain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) servletResponse;
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "x-requested-with,Authorization");
response.setHeader("Access-Control-Allow-Credentials","true");
chain.doFilter(request, servletResponse);
}
@Override
public void destroy() {
// TODO Auto-generated method stub
}
}
好了,filter實現了,然後就是要在web.xml裡面把這個filter運用起來了。
開啟專案的web.xml,填寫下面的幾行程式碼:
<filter>
<filter-name>cors</filter-name>
<filter-class>xxx.xxxx.xxxxx.xxxx.HeadersCORSFilter</filter-class><!--你過濾器的包 -->
</filter>
<filter-mapping>
<filter-name>cors</filter-name>
<url-pattern>/open/*</url-pattern><!-- 你開放的介面字首 -->
</filter-mapping>
好了,通過上面的2種方式,可以解決百分之80的跨域問題,也許還有更好的解決方案,可以提出來大家一起學習學習。
最好的方案是最符合當前需求且易於擴充套件的。