近来在做一个项目,前端资本与服务端零丁布置。碰到一个跨域题目,罕见的跨域题目能够经由过程jsonp体式格局处置惩罚。下面引见另一种处置惩罚体式格局:
服务端环境:spring + dubbo + tomcat
第一步:在WEB-INF目录下增添一个crossdomain.xml文件,内容以下:
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>
示意web服务器许可任何domain的要求。
第二步:
在web.xml中增添一个新的过滤器Filter–crossDomainFilter。
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">
<display-name>Archetype CreatedWeb Application</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath*:spring-main.xml</param-value>
</context-param>
<context-param>
<param-name>timeoutMinutes</param-name>
<param-value>120</param-value>
</context-param>
<filter>
<filter-name>encodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>encodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>crossDomainFilter</filter-name>
<filter-class>com.*.resource.web.utils.CrossDomainFilter</filter-class>
<init-param>
<param-name>file</param-name>
<param-value>/WEB-INF/web-config.properties</param-value>
</init-param>
</filter>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath*:springmvc-servlet.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
<filter-mapping>
<filter-name>crossDomainFilter</filter-name>
<url-pattern>*.do</url-pattern>
</filter-mapping>
<session-config>
<session-timeout>120</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
</web-app>
crossDomainFilter中增添crossDomain要领:
package com.*.resource.web.utils;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.Properties;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.exception.ExceptionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;
/**
*
* @author
* @date
*/
public class CrossDomainFilter implements Filter {
private static final Logger log = LoggerFactory.getLogger(CrossDomainFilter.class);
private Properties pp = new Properties();
private FilterConfig config;
private String allowDomain = "http://allow.com";
@Override
public void destroy() {
pp = null;
this.config = null;
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
// 获得要求的uri和url
String reqUri = req.getRequestURI();
String reqUrl = req.getRequestURL().toString();
log.info(" reqUri:{} ,reqUrl:{} ", reqUri, reqUrl);
// 跨域处置惩罚
this.crossDomain(req, resp, reqUrl);
chain.doFilter(req, resp);
}
@Override
public void init(FilterConfig config) throws ServletException {
}
/**
* 处置惩罚跨域题目
*/
private void crossDomain(HttpServletRequest request, HttpServletResponse response, String url) {
response.setHeader("Content-type", "text/html;charset=UTF-8");
response.setCharacterEncoding("UTF-8");
response.setHeader("Access-Control-Allow-Credentials", "true");
log.info("REFERER:{}", request.getHeader("REFERER"));
String referer = request.getHeader("REFERER");
String reqRefererDomain = "";
if (referer != null && referer.length() > referer.indexOf(".com") + 4) {
reqRefererDomain = referer.substring(0, referer.indexOf(".com") + 4);
log.info("reqRefererDomain:{}", reqRefererDomain);
if (reqRefererDomain.equals(allowDomain)) {
response.setHeader("Access-Control-Allow-Origin", allowDomain );
}
}
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
response.setHeader("Access-Control-Allow-Headers",
"Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With");
}
}
处置惩罚跨域的症结:
response.setHeader("Access-Control-Allow-Origin", allowDomain );