在Java里,解决跨域问题有多种办法,下面为你介绍常见的几种实现方式:
借助实现Filter接口,能对所有响应添加CORS头信息。
import javax.servlet.*;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
public class CorsFilter implements Filter {
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
response.setHeader("Access-Control-Allow-Origin", "*"); // 允许所有域名进行跨域调用
response.setHeader("Access-Control-Allow-Methods", "GET,POST,PUT,DELETE,OPTIONS"); // 允许的请求方法
response.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization"); // 允许的请求头
response.setHeader("Access-Control-Max-Age", "3600"); // 预检请求的有效期,单位为秒
chain.doFilter(req, res);
}
}配置方式:
在web.xml文件中添加如下配置:
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>com.example.CorsFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>要是你使用的是Spring MVC,可以直接在控制器类或者方法上添加@CrossOrigin注解。
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
@CrossOrigin(origins = "*", maxAge = 3600) // 对所有方法都有效
public class MyController {
@GetMapping("/api/data")
public String getData() {
return "这是跨域数据";
}
@GetMapping("/api/specific")
@CrossOrigin(origins = "https://specific-domain.com") // 针对特定方法的细粒度控制
public String getSpecificData() {
return "特定域名的跨域数据";
}
}在Spring Boot项目中,可以通过配置CorsFilter Bean来实现跨域支持。
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;
@Configuration
public class CorsConfig {
@Bean
public CorsFilter corsFilter() {
CorsConfiguration config = new CorsConfiguration();
config.addAllowedOriginPattern("*"); // 允许所有域名进行跨域调用
config.addAllowedHeader("*"); // 允许任何请求头
config.addAllowedMethod("*"); // 允许任何方法(POST、GET等)
config.setAllowCredentials(true); // 允许携带凭证
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", config); // 对所有接口都有效
return new CorsFilter(source);
}
}若使用的是Servlet 3.0及以上版本,可在Servlet类上使用@CrossOrigin注解。
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@WebServlet("/api/custom")
@CrossOrigin(origins = "*", methods = {GET, POST}, allowedHeaders = "*")
public class CustomServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
resp.getWriter().write("通过Servlet实现的跨域响应");
}
}在服务端设置代理,把前端的请求转发到目标API。以Spring MVC为例:
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.client.RestTemplate;
@RestController
public class ProxyController {
private final RestTemplate restTemplate = new RestTemplate();
@GetMapping("/proxy/data")
public ResponseEntity<String> proxyData() {
String targetUrl = "https://third-party-api.com/data";
HttpHeaders headers = new HttpHeaders();
// 设置必要的请求头
HttpEntity<String> entity = new HttpEntity<>(headers);
return restTemplate.exchange(targetUrl, HttpMethod.GET, entity, String.class);
}
}在JAX-RS应用里,可以通过自定义过滤器来添加CORS头。
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.container.ContainerResponseFilter;
import javax.ws.rs.ext.Provider;
import java.io.IOException;
@Provider
public class CorsResponseFilter implements ContainerResponseFilter {
@Override
public void filter(ContainerRequestContext requestContext,
ContainerResponseContext responseContext) throws IOException {
responseContext.getHeaders().add("Access-Control-Allow-Origin", "*");
responseContext.getHeaders().add("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
responseContext.getHeaders().add("Access-Control-Allow-Headers", "Content-Type, Authorization");
}
}@CrossOrigin注解。@CrossOrigin配置。@CrossOrigin注解。Access-Control-Allow-Origin: *,建议指定具体的域名。Access-Control-Allow-Origin不能设为*,必须指定具体的域名。原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。