[英]CORS origin is not working in Spring boot with Javax servlet Webfilter
我用 java 和 spring boot 创建了一个 Rest API。
使用javax.servlet.annotation.WebFilter
检查身份验证。 它工作正常,但面临
Access to XMLHttpRequest at 'http://localhost:8080/api/' from origin 'null' has been blocked by CORS policy
问题 所以我在@RestController class
使用@CrossOrigin(origins = "*")
当我尝试从前端应用程序访问我的 rest api 时,它在浏览器控制台中显示CROS policy
错误并在服务器控制台中显示401
错误。
当我删除@WebFilter
注释时,CROS 原点工作正常。
我该如何解决这个问题。
我的代码
春季启动版本
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<version>2.2.5.RELEASE</version>
</dependency>
控制器.java
@RestController
@CrossOrigin(origins = "*")
@RequestMapping(value = "api")
public class Controller {
}
应用程序.java
@SpringBootApplication
@ServletComponentScan
public class Application extends SpringBootServletInitializer {
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
@Override
protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
return application.sources(Application.class);
}
}
登录句柄过滤器.java
@WebFilter(description = "Login and encoding filter", urlPatterns = {"/api/*"}) 公共类 LoginHandleFilter 实现 Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
String token = request.getHeader("Authorization");
if(isAuthenticate(token)){
chain.doFilter(request, response);
}else{
response.sendError(401);
}
}
@Override
public void destroy() {
}
private boolean isAuthenticate(String token){
return token.equals("Mytoken");
}
}
javascript
var http = new XMLHttpRequest():
http.open("GET", "http://localhost:8080/api/", true);
http.setRequestHeader("Authorization", "TOKEN");
http.onreadystatechange = function(){
}
http.send();
我在这里错过了什么吗?
添加此配置类。 如果您已经有一个 WebMvcConfigurer,只需添加addCorsMappings
方法。 然后应该读取通过CrossOrigin
注释提供的 cors 配置,并将必要的标头Access-Control-Allow-Origin
添加到响应标头中。
@Configuration
public class MyConfiguration implements WebMvcConfigurer {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**");
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.