我们遇到的情况是UI在一台主机上运行,并且它正在尝试与另一台主机上可用的资源进行通信。这里的问题是,UI无法调用资源,因为该资源位于不同的域中,除非服务器启用了CORS,否则跨域请求将无法工作。
为了启用服务器CORS,我们进行了以下更改。
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.container.ContainerResponseFilter;
import javax.ws.rs.ext.Provider;
import java.io.IOException;
@Provider
public class CORSFilter implements ContainerResponseFilter {
@Override
public void filter(ContainerRequestContext request, ContainerResponseContext response) throws IOException
{
response.getHeaders().add("Access-Control-Allow-Origin", "*");
response.getHeaders().add("Access-Control-Allow-Headers","origin, content-type, accept, authorization");
response.getHeaders().add("Access-Control-Allow-Credentials", "true");
response.getHeaders().add("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, HEAD");
}
}
但是由于没有配置文件(web.xml),我无法确定我需要映射/配置此类的位置。 我对在服务器端启用CORS知之甚少。 请建议如何进一步。
答案 0 :(得分:2)
就我而言,以下是有效的
response.getHeaders().add("Access-Control-Allow-Origin", "*");
response.getHeaders().add("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Authorization");
response.getHeaders().add("Access-Control-Allow-Credentials", "true");
response.getHeaders().add("Access-Control-Allow-Methods", "GET,POST,PUT,DELETE,OPTIONS,HEAD");
编辑:(对于spring cloud netflix和其他人)
@Component
public class HeadersFilter implements Filter {
@Override
public void init(FilterConfig fc) throws ServletException {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain fc) throws IOException, ServletException {
if(servletResponse instanceof HttpServletResponse){
HttpServletResponse response = (HttpServletResponse) servletResponse;
// here add the headers
}
fc.doFilter(servletRequest, servletResponse);
}
@Override
public void destroy() {
}
}
答案 1 :(得分:2)
对于JavaEE 7应用程序,您需要在ResourceConfig中注册此类,方法是在战争中添加以下类。
@ApplicationPath( "/" )
public class ApplicationConfig
extends ResourceConfig {
public ApplicationConfig() {
register( new CORSFilter() );
}
}
也许您还需要通过添加以下类级别注释来提高过滤器的优先级:
@Provider
@Priority( Priorities.HEADER_DECORATOR)
public class CORSFilter implements ContainerResponseFilter {
...
}
答案 2 :(得分:1)
在Jersey中,我使用ResourceConfig类来注册CORSFilter。喜欢,
import org.glassfish.jersey.jackson.JacksonFeature;
import org.glassfish.jersey.media.multipart.MultiPartFeature;
import org.glassfish.jersey.server.ResourceConfig;
public class JerseyApplication extends ResourceConfig {
public JerseyApplication() {
register(CORSFilter.class);
}
}
`
并在web.xml中链接,如
<init-param>
<param-name>javax.ws.rs.Application</param-name>
<param-value>com.service.JerseyApplication</param-value>
</init-param>
答案 3 :(得分:0)
您必须先在服务器中启用它,查看下面的网站,了解如何配置服务器(即Tomcat)以启用CORS
答案 4 :(得分:0)
你需要做两件事:
如果您的资源受密码保护,则必须在web.xml中允许预检OPTIONS请求在没有凭据的情况下运行,例如:
>>> import re
>>> re.sub("\n|\r", "", "Foo\n\rbar\n\rbaz\n\r")
'Foobarbaz'
使用servlet过滤器来处理预检OPTIONS请求。对于maven添加此依赖项
<security-constraint>
<web-resource-collection>
<web-resource-name>application</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method-omission>OPTIONS</http-method-omission>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
将过滤器添加到web.xml:
<dependency>
<groupId>com.thetransactioncompany</groupId>
<artifactId>cors-filter</artifactId>
<version>2.6</version>
</dependency>