java/eyes.git - Gitblit

parent: 55e6cb04 | 补丁 | 提交 | ignore whitespace

xuhy

2025-01-02 d45036614d4f0e5354975d8de65c83e6118fc960

跨域

2个文件已修改

	common/src/main/java/com/jilongda/common/config/CorsConfig.java	27 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史
	common/src/main/java/com/jilongda/common/security/filter/CorsFilter.java	120 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史

 common/src/main/java/com/jilongda/common/config/CorsConfig.java

@@ -1,10 +1,12 @@
package com.jilongda.common.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.http.server.reactive.ServerHttpResponse;
import org.springframework.web.cors.CorsConfiguration;
@@ -14,6 +16,9 @@
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.server.WebFilter;
import org.springframework.web.server.WebFilterChain;
import org.springframework.web.servlet.function.RequestPredicates;
import org.springframework.web.servlet.function.RouterFunction;
import org.springframework.web.servlet.function.RouterFunctions;
import reactor.core.publisher.Mono;

import java.util.Collections;
@@ -35,27 +40,21 @@
@Configuration
public class CorsConfig {

    /**
     * 这里为支持的请求头，如果有自定义的header字段请自己添加
     */
    private static final String ALLOWED_HEADERS = "X-Requested-With, Content-Type, Authorization, credential, X-XSRF-TOKEN, token, username, client, request-origion";
    private static final String ALLOWED_METHODS = "GET,POST,PUT,DELETE";
    private static final String ALLOWED_ORIGIN = "*";
    private static final String ALLOWED_EXPOSE = "*";
    private static final String MAX_AGE = "18000L";

    private CorsConfiguration buildConfig() {
        CorsConfiguration corsConfiguration = new CorsConfiguration();
        //1.允许任何来源
        corsConfiguration.setAllowedOriginPatterns(Collections.singletonList("*"));
        //2.允许任何请求头
        corsConfiguration.addAllowedHeader(CorsConfiguration.ALL);
        //3.允许任何方法
        corsConfiguration.addAllowedMethod(CorsConfiguration.ALL);
        //4.允许凭证
        corsConfiguration.setAllowCredentials(true);
        return corsConfiguration;
    }

    /**
     * 跨域配置
     */
    @Bean
    public WebFilter corsFilter() {
    public WebFilter corsFilter()
    {
        return (ServerWebExchange ctx, WebFilterChain chain) -> {
            ServerHttpRequest request = ctx.getRequest();
            if (CorsUtils.isCorsRequest(request))

 common/src/main/java/com/jilongda/common/security/filter/CorsFilter.java

@@ -1,60 +1,60 @@
package com.jilongda.common.security.filter;

import com.aliyun.oss.HttpMethod;
import com.baomidou.mybatisplus.core.toolkit.CollectionUtils;
import com.baomidou.mybatisplus.core.toolkit.StringUtils;
import com.google.common.net.HttpHeaders;
import lombok.extern.slf4j.Slf4j;
import org.mybatis.logging.LoggerFactory;

import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Arrays;
import java.util.List;
import java.util.logging.Logger;

@Slf4j
@WebFilter(urlPatterns = {"/*"}, filterName = "corsFilter")
public class CorsFilter implements Filter {
//    private static final Logger logger = LoggerFactory.getLogger(IsvSearchController.class);

    private String allowOrigin = "http://***.**.com,http://***.**.com:8080,http://***.**.com";

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {

    }

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
//        logger.info("doFilter start ...");
        HttpServletRequest request = (HttpServletRequest) servletRequest;
        HttpServletResponse response = (HttpServletResponse) servletResponse;
        if (StringUtils.isNotEmpty(allowOrigin)) {
            List<String> allowOriginList = Arrays.asList(allowOrigin.split(","));
            if (!CollectionUtils.isEmpty(allowOriginList)) {
                String currentOrigin = request.getHeader("Origin");
                if (allowOriginList.contains(currentOrigin)) {
                    response.setHeader("Access-Control-Allow-Origin", currentOrigin);
                }
            }
        }
        response.setHeader("Access-Control-Allow-Methods", "GET,POST,PUT,DELETE,OPTIONS");
        response.setHeader("Access-Control-Allow-Credentials", "true");
        response.setHeader("Access-Control-Allow-Headers", "content-Type");
        if (HttpMethod.OPTIONS.name().equalsIgnoreCase(request.getMethod()) &&/*options 请求返回允许跨域的头*/
                request.getHeader(HttpHeaders.ORIGIN) != null) {
//            logger.info("doFilter options request");
            return;
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    @Override
    public void destroy() {

    }
}
//package com.jilongda.common.security.filter;
//
//import com.aliyun.oss.HttpMethod;
//import com.baomidou.mybatisplus.core.toolkit.CollectionUtils;
//import com.baomidou.mybatisplus.core.toolkit.StringUtils;
//import com.google.common.net.HttpHeaders;
//import lombok.extern.slf4j.Slf4j;
//import org.mybatis.logging.LoggerFactory;
//
//import javax.servlet.*;
//import javax.servlet.annotation.WebFilter;
//import javax.servlet.http.HttpServletRequest;
//import javax.servlet.http.HttpServletResponse;
//import java.io.IOException;
//import java.util.Arrays;
//import java.util.List;
//import java.util.logging.Logger;
//
//@Slf4j
//@WebFilter(urlPatterns = {"/*"}, filterName = "corsFilter")
//public class CorsFilter implements Filter {
////    private static final Logger logger = LoggerFactory.getLogger(IsvSearchController.class);
//
//    private String allowOrigin = "http://***.**.com,http://***.**.com:8080,http://***.**.com";
//
//    @Override
//    public void init(FilterConfig filterConfig) throws ServletException {
//
//    }
//
//    @Override
//    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
////        logger.info("doFilter start ...");
//        HttpServletRequest request = (HttpServletRequest) servletRequest;
//        HttpServletResponse response = (HttpServletResponse) servletResponse;
//        if (StringUtils.isNotEmpty(allowOrigin)) {
//            List<String> allowOriginList = Arrays.asList(allowOrigin.split(","));
//            if (!CollectionUtils.isEmpty(allowOriginList)) {
//                String currentOrigin = request.getHeader("Origin");
//                if (allowOriginList.contains(currentOrigin)) {
//                    response.setHeader("Access-Control-Allow-Origin", currentOrigin);
//                }
//            }
//        }
//        response.setHeader("Access-Control-Allow-Methods", "GET,POST,PUT,DELETE,OPTIONS");
//        response.setHeader("Access-Control-Allow-Credentials", "true");
//        response.setHeader("Access-Control-Allow-Headers", "content-Type");
//        if (HttpMethod.OPTIONS.name().equalsIgnoreCase(request.getMethod()) &&/*options 请求返回允许跨域的头*/
//                request.getHeader(HttpHeaders.ORIGIN) != null) {
////            logger.info("doFilter options request");
//            return;
//        }
//        filterChain.doFilter(servletRequest, servletResponse);
//    }
//
//    @Override
//    public void destroy() {
//
//    }
//}

			@@ -1,10 +1,12 @@
			package com.jilongda.common.config;

			import org.springframework.beans.factory.annotation.Autowired;
			import org.springframework.context.annotation.Bean;
			import org.springframework.context.annotation.Configuration;
			import org.springframework.http.HttpHeaders;
			import org.springframework.http.HttpMethod;
			import org.springframework.http.HttpStatus;
			import org.springframework.http.MediaType;
			import org.springframework.http.server.reactive.ServerHttpRequest;
			import org.springframework.http.server.reactive.ServerHttpResponse;
			import org.springframework.web.cors.CorsConfiguration;
			@@ -14,6 +16,9 @@
			import org.springframework.web.server.ServerWebExchange;
			import org.springframework.web.server.WebFilter;
			import org.springframework.web.server.WebFilterChain;
			import org.springframework.web.servlet.function.RequestPredicates;
			import org.springframework.web.servlet.function.RouterFunction;
			import org.springframework.web.servlet.function.RouterFunctions;
			import reactor.core.publisher.Mono;

			import java.util.Collections;
			@@ -35,27 +40,21 @@
			@Configuration
			public class CorsConfig {

			/**
			* 这里为支持的请求头，如果有自定义的header字段请自己添加
			*/
			private static final String ALLOWED_HEADERS = "X-Requested-With, Content-Type, Authorization, credential, X-XSRF-TOKEN, token, username, client, request-origion";
			private static final String ALLOWED_METHODS = "GET,POST,PUT,DELETE";
			private static final String ALLOWED_ORIGIN = "*";
			private static final String ALLOWED_EXPOSE = "*";
			private static final String MAX_AGE = "18000L";

			private CorsConfiguration buildConfig() {
			CorsConfiguration corsConfiguration = new CorsConfiguration();
			//1.允许任何来源
			corsConfiguration.setAllowedOriginPatterns(Collections.singletonList("*"));
			//2.允许任何请求头
			corsConfiguration.addAllowedHeader(CorsConfiguration.ALL);
			//3.允许任何方法
			corsConfiguration.addAllowedMethod(CorsConfiguration.ALL);
			//4.允许凭证
			corsConfiguration.setAllowCredentials(true);
			return corsConfiguration;
			}

			/**
			* 跨域配置
			*/
			@Bean
			public WebFilter corsFilter() {
			public WebFilter corsFilter()
			{
			return (ServerWebExchange ctx, WebFilterChain chain) -> {
			ServerHttpRequest request = ctx.getRequest();
			if (CorsUtils.isCorsRequest(request))

			@@ -1,60 +1,60 @@
			package com.jilongda.common.security.filter;

			import com.aliyun.oss.HttpMethod;
			import com.baomidou.mybatisplus.core.toolkit.CollectionUtils;
			import com.baomidou.mybatisplus.core.toolkit.StringUtils;
			import com.google.common.net.HttpHeaders;
			import lombok.extern.slf4j.Slf4j;
			import org.mybatis.logging.LoggerFactory;

			import javax.servlet.*;
			import javax.servlet.annotation.WebFilter;
			import javax.servlet.http.HttpServletRequest;
			import javax.servlet.http.HttpServletResponse;
			import java.io.IOException;
			import java.util.Arrays;
			import java.util.List;
			import java.util.logging.Logger;

			@Slf4j
			@WebFilter(urlPatterns = {"/*"}, filterName = "corsFilter")
			public class CorsFilter implements Filter {
			// private static final Logger logger = LoggerFactory.getLogger(IsvSearchController.class);

			private String allowOrigin = "http://*..com,http://*..com:8080,http://*..com";

			@Override
			public void init(FilterConfig filterConfig) throws ServletException {

			}

			@Override
			public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
			// logger.info("doFilter start ...");
			HttpServletRequest request = (HttpServletRequest) servletRequest;
			HttpServletResponse response = (HttpServletResponse) servletResponse;
			if (StringUtils.isNotEmpty(allowOrigin)) {
			List<String> allowOriginList = Arrays.asList(allowOrigin.split(","));
			if (!CollectionUtils.isEmpty(allowOriginList)) {
			String currentOrigin = request.getHeader("Origin");
			if (allowOriginList.contains(currentOrigin)) {
			response.setHeader("Access-Control-Allow-Origin", currentOrigin);
			}
			}
			}
			response.setHeader("Access-Control-Allow-Methods", "GET,POST,PUT,DELETE,OPTIONS");
			response.setHeader("Access-Control-Allow-Credentials", "true");
			response.setHeader("Access-Control-Allow-Headers", "content-Type");
			if (HttpMethod.OPTIONS.name().equalsIgnoreCase(request.getMethod()) &&/options 请求返回允许跨域的头/
			request.getHeader(HttpHeaders.ORIGIN) != null) {
			// logger.info("doFilter options request");
			return;
			}
			filterChain.doFilter(servletRequest, servletResponse);
			}

			@Override
			public void destroy() {

			}
			}
			//package com.jilongda.common.security.filter;
			//
			//import com.aliyun.oss.HttpMethod;
			//import com.baomidou.mybatisplus.core.toolkit.CollectionUtils;
			//import com.baomidou.mybatisplus.core.toolkit.StringUtils;
			//import com.google.common.net.HttpHeaders;
			//import lombok.extern.slf4j.Slf4j;
			//import org.mybatis.logging.LoggerFactory;
			//
			//import javax.servlet.*;
			//import javax.servlet.annotation.WebFilter;
			//import javax.servlet.http.HttpServletRequest;
			//import javax.servlet.http.HttpServletResponse;
			//import java.io.IOException;
			//import java.util.Arrays;
			//import java.util.List;
			//import java.util.logging.Logger;
			//
			//@Slf4j
			//@WebFilter(urlPatterns = {"/*"}, filterName = "corsFilter")
			//public class CorsFilter implements Filter {
			//// private static final Logger logger = LoggerFactory.getLogger(IsvSearchController.class);
			//
			// private String allowOrigin = "http://*..com,http://*..com:8080,http://*..com";
			//
			// @Override
			// public void init(FilterConfig filterConfig) throws ServletException {
			//
			// }
			//
			// @Override
			// public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
			//// logger.info("doFilter start ...");
			// HttpServletRequest request = (HttpServletRequest) servletRequest;
			// HttpServletResponse response = (HttpServletResponse) servletResponse;
			// if (StringUtils.isNotEmpty(allowOrigin)) {
			// List<String> allowOriginList = Arrays.asList(allowOrigin.split(","));
			// if (!CollectionUtils.isEmpty(allowOriginList)) {
			// String currentOrigin = request.getHeader("Origin");
			// if (allowOriginList.contains(currentOrigin)) {
			// response.setHeader("Access-Control-Allow-Origin", currentOrigin);
			// }
			// }
			// }
			// response.setHeader("Access-Control-Allow-Methods", "GET,POST,PUT,DELETE,OPTIONS");
			// response.setHeader("Access-Control-Allow-Credentials", "true");
			// response.setHeader("Access-Control-Allow-Headers", "content-Type");
			// if (HttpMethod.OPTIONS.name().equalsIgnoreCase(request.getMethod()) &&/options 请求返回允许跨域的头/
			// request.getHeader(HttpHeaders.ORIGIN) != null) {
			//// logger.info("doFilter options request");
			// return;
			// }
			// filterChain.doFilter(servletRequest, servletResponse);
			// }
			//
			// @Override
			// public void destroy() {
			//
			// }
			//}