springmvc+shiro,跨域配置好action能訪問,靜態資源卻不可訪問的可能的問題
阿新 • • 發佈:2019-01-22
springmvc跨域配置:
<mvc:cors>
<mvc:mapping path="/**/**"
allowed-origins="http://127.0.0.1:8099"
allow-credentials="true"
allowed-headers="*"
max-age="1800"
allowed-methods="*"
/>
</mvc:cors>
注意:allow-credentials為true時,allowed-origins必須為具體域,而不是*;
shiro跨域配置:繼承AuthenticatingFilter類,重寫以下方法
@Override protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception { //...你的邏輯 HttpServletResponse httpResponse = (HttpServletResponse) response; httpResponse.setHeader("Access-Control-Allow-Credentials", "true"); httpResponse.setHeader("Access-Control-Allow-Origin", HttpContextUtils.getOrigin()); //...你的邏輯
}
@Override protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response) { HttpServletResponse httpResponse = (HttpServletResponse) response; httpResponse.setContentType("application/json;charset=utf-8"); httpResponse.setHeader("Access-Control-Allow-Credentials", "true"); httpResponse.setHeader("Access-Control-Allow-Origin", HttpContextUtils.getOrigin()); //...你的邏輯 }
HttpContextUtils類
public class HttpContextUtils { public static HttpServletRequest getHttpServletRequest() { return ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest(); } public static String getDomain(){ HttpServletRequest request = getHttpServletRequest(); StringBuffer url = request.getRequestURL(); return url.delete(url.length() - request.getRequestURI().length(), url.length()).toString(); } public static String getOrigin(){ HttpServletRequest request = getHttpServletRequest(); return request.getHeader("Origin"); } }
以上配置無誤後,action方法便可跨域了,如果要使得靜態資源可以訪問,還需要將靜態資源交由springmvc管理,預設是由tomcat等伺服器管理的。配置如下:
<mvc:resources mapping="/靜態資源對映路徑/**" location="/靜態資源所在路徑/" />