[Access-Control-Allow-Origin]Web中使用filter實現跨域訪問問題
阿新 • • 發佈:2019-02-07
web.xml配置過濾器
在web.xml中定義一個isCross初始化變數,用於開啟是否允許跨域訪問。這將很好的控制跨域訪問問題。
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app id="WebApp_ID">
<display-name>TestCrossOrigin</display-name >
<filter>
<filter-name>CrossOriginControl</filter-name>
<filter-class>test.cross.origin.CrossOriginControl</filter-class>
<init-param>
<param-name>IsCross</param-name>
<param-value>true</param-value >
</init-param>
</filter>
<filter-mapping>
<filter-name>CrossOriginControl</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>crossOrigin</servlet-name>
<servlet-class >test.cross.origin.CrossOriginTestServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>crossOrigin</servlet-name>
<url-pattern>/crossOrigin</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
</web-app>
filter[CrossOriginControl]實現
package test.cross.origin;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class CrossOriginControl implements Filter{
private boolean isCross = false;
@Override
public void destroy() {
// TODO Auto-generated method stub
isCross = false;
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
// TODO Auto-generated method stub
if(isCross){
HttpServletRequest httpServletRequest = (HttpServletRequest)request;
HttpServletResponse httpServletResponse = (HttpServletResponse)response;
System.out.println("攔截請求: "+httpServletRequest.getServletPath());
httpServletResponse.setHeader("Access-Control-Allow-Origin", "*");
httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
httpServletResponse.setHeader("Access-Control-Max-Age", "0");
httpServletResponse.setHeader("Access-Control-Allow-Headers", "Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With,userId,token");
httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
httpServletResponse.setHeader("XDomainRequestAllowed","1");
}
chain.doFilter(request, response);
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
// TODO Auto-generated method stub
String isCrossStr = filterConfig.getInitParameter("IsCross");
isCross = isCrossStr.equals("true")?true:false;
System.out.println(isCrossStr);
}
}
測試servlet[CrossOriginTestServlet]
package test.cross.origin;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class CrossOriginTestServlet extends HttpServlet{
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
PrintWriter writer = resp.getWriter();
writer.write("cross success");
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
// TODO Auto-generated method stub
super.doGet(req, resp);
}
}
結果測試
當isCross為false時:
當isCross為true時: