处理跨域

2020-12-21 13:43:01 +08:00
parent db6e3801ed
commit ce723753b3
3 changed files with 64 additions and 12 deletions
--- a/yshop-admin/src/main/java/co/yixiang/config/ConfigurerAdapter.java
+++ b/yshop-admin/src/main/java/co/yixiang/config/ConfigurerAdapter.java
@ -15,6 +15,9 @@ import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

+import java.lang.reflect.Array;
+import java.util.Arrays;
+
 /**
 * WebMvcConfigurer
 *
@ -31,17 +34,19 @@ public class ConfigurerAdapter implements WebMvcConfigurer {
    @Value("${file.avatar}")
    private String avatar;

-    @Bean
-    public CorsFilter corsFilter() {
-        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
-        CorsConfiguration config = new CorsConfiguration();
-        config.setAllowCredentials(true);
-        config.addAllowedOrigin("*");
-        config.addAllowedHeader("*");
-        config.addAllowedMethod("*");
-        source.registerCorsConfiguration("/**", config);
-        return new CorsFilter(source);
-    }
+//    @Bean
+//    public CorsFilter corsFilter() {
+//        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+//        CorsConfiguration config = new CorsConfiguration();
+//        config.setAllowCredentials(true);
+//        // 设置允许跨域请求的域名
+//        config.setAllowedOriginPatterns(Arrays.asList("*"));
+//        config.addAllowedOrigin("*");
+//        config.addAllowedHeader("*");
+//        config.addAllowedMethod("*");
+//        source.registerCorsConfiguration("/**", config);
+//        return new CorsFilter(source);
+//    }

    @Override
    public void addResourceHandlers(ResourceHandlerRegistry registry) {
--- a/yshop-admin/src/main/java/co/yixiang/config/CorsFilter.java
+++ b/yshop-admin/src/main/java/co/yixiang/config/CorsFilter.java
@ -0,0 +1,47 @@
+package co.yixiang.config;
+
+/**
+ * @author ：LionCity
+ * @date ：Created in 2020-12-21 13:38
+ * @description：
+ * @modified By：
+ * @version:
+ */
+import java.io.IOException;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpFilter;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.core.annotation.Order;
+import org.springframework.http.HttpHeaders;
+import org.springframework.stereotype.Component;
+import org.springframework.util.StringUtils;
+
+@Component
+@Order(-9999)
+public class CorsFilter extends HttpFilter {
+
+    /**
+     *
+     */
+    private static final long serialVersionUID = -8387103310559517243L;
+
+    @Override
+    protected void doFilter(HttpServletRequest req, HttpServletResponse res, FilterChain chain) throws IOException, ServletException {
+
+        String origin = req.getHeader(HttpHeaders.ORIGIN);
+
+        if (!StringUtils.isEmpty(origin)){
+            res.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, origin);
+            res.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, "Origin, x-requested-with, Content-Type, Accept, Authorization");
+            res.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
+            res.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, "GET, POST, PUT, OPTIONS, DELETE");
+            res.addHeader(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, "Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma");
+            res.addHeader(HttpHeaders.ACCESS_CONTROL_MAX_AGE, "60");
+        }
+        super.doFilter(req, res, chain);
+    }
+}
--- a/yshop-admin/src/main/java/co/yixiang/modules/security/config/SecurityConfig.java
+++ b/yshop-admin/src/main/java/co/yixiang/modules/security/config/SecurityConfig.java
@ -6,6 +6,7 @@
 package co.yixiang.modules.security.config;

 import co.yixiang.annotation.AnonymousAccess;
+import co.yixiang.config.CorsFilter;
 import co.yixiang.modules.security.security.JwtAccessDeniedHandler;
 import co.yixiang.modules.security.security.JwtAuthenticationEntryPoint;
 import co.yixiang.modules.security.security.TokenConfigurer;
@ -23,7 +24,6 @@ import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
-import org.springframework.web.filter.CorsFilter;
 import org.springframework.web.method.HandlerMethod;
 import org.springframework.web.servlet.mvc.method.RequestMappingInfo;
 import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;