如何使用Java后端正确部署Angular 2应用程序?
[英]How to properly deploy an Angular 2 app with a Java backend?
问题描述
The scenario is this: I'm developing a Java EE application with an Angular 2 frontend. 
场景是这样的:我正在开发带有Angular 2前端的Java EE应用程序。 The client has an Apache server which is usually used to serve static resources and an Oracle Weblogic for the dynamic part. 客户端有一个Apache服务器(通常用于提供静态资源)和一个Oracle Weblogic(用于动态部分)。 The problem is that by default the Angular 2 App and the Weblogic server will not be able to talk each other due to the Same Origin Policy. 问题在于,默认情况下,由于相同的起源策略,Angular 2 App和Weblogic服务器将无法相互通信。
So far I have 3 possible deployment approaches in mind: 到目前为止,我想到了3种可能的部署方法:
Set up a Reverse Proxy in Apache to point the REST endpoints to Weblogic
在Apache中设置反向代理 ,以将REST端点指向Weblogic Package the Angular App in a WAR/EAR and deploy it to Weblogic.
将Angular App打包在WAR / EAR中,然后将其部署到Weblogic。 So I would end up with something like: myserver/myapp for the UI and myserver/myapp-rest for the Backend. 因此,我最终会遇到类似问题:用于UI的myserver / myapp和用于后端的myserver / myapp-rest。 Package the Angular App in the same WAR as the Java backend.
在与Java后端相同的WAR中打包Angular App。 So I would end up with myserver/myapp for the UI and myserver/myapp/api for the REST endpoints. 因此,最终我将获得用于UI的myserver / myapp和用于REST端点的myserver / myapp / api。
There is a 4th option which would be setting up CORS, but I'm worried about the security using that approach. 有第四个选项可以设置CORS,但是我担心使用该方法的安全性。
Which is the right approach? 哪种方法正确?
1 个解决方案
解决方案1
1 已采纳 2017-08-05 08:30:07
If you are allowed to make infra decisions , change apache webserver to nginx , we switched to nginx and got lot of added values in terms of concurrent processing. 如果允许您做出基础决策,请将apache webserver更改为nginx,我们切换到nginx并在并发处理方面获得了很多附加值。 In our project the angular client is served by nginx webserver which talks to java backend hosted on tomcat 8.x(our app server) , also there are couple of tiers after app-server a separate DB server and an elastic search server. 在我们的项目中,角度客户端由nginx网络服务器提供服务,该网络服务器与托管在tomcat 8.x(我们的应用程序服务器)上的java后端进行通信,在应用程序服务器之后,还有几个层,一个单独的数据库服务器和一个弹性搜索服务器。
Don't feel intimidated to set up CORS, you will eventually need to allow some origins requests which don't originate on your domain and port. 不必担心设置CORS,您最终将需要允许一些源于您的域和端口的源请求。
If your java tech stack has spring mvc , then setting up CORS is just a matter of adding few lines of configuration. 如果您的Java技术堆栈具有spring mvc,那么设置CORS只需添加几行配置即可。 You can even hardcode your angular url to allow backend server to serve requests only from your angular URL. 您甚至可以对角度URL进行硬编码,以允许后端服务器仅处理来自角度URL的请求。 In normal JavaEE world, CORS is just another filter or interceptor where you can set response headers with all the allowed origins, http methods etc. It's very simple you can look it up. 在普通的JavaEE世界中,CORS只是另一个过滤器或拦截器,您可以在其中设置具有所有允许的来源,http方法等的响应标头。很简单,您可以查找它。
For your given choices 对于您给定的选择
-
- seems plausible and a value addition that you get is you can delegate SSL encryption to proxy server . 似乎是合理的,并且获得的附加价值是您可以将SSL加密委托给代理服务器。
- seems plausible and a value addition that you get is you can delegate SSL encryption to proxy server .
-
- seems rather odd, you would want to separate the static content server from dynamic contents server, your angular js bundles, assets etc are mostly static, if you keep your static server separate then you can configure cookie-less domains down the line that would make serving a lot faster. 似乎很奇怪,您可能希望将静态内容服务器与动态内容服务器分离,您的Angular JS捆绑包,资产等大部分都是静态的,如果您将静态服务器分开,则可以在没有配置Cookie的域下进行配置服务更快。
- seems rather odd, you would want to separate the static content server from dynamic contents server, your angular js bundles, assets etc are mostly static, if you keep your static server separate then you can configure cookie-less domains down the line that would make serving a lot faster.
3 same as 2.
3与2相同。
I would strongly suggest the CORS option , from my past experiences. 根据我过去的经验,我强烈建议使用CORS选项。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.