现在我们很多项目都是基于Java的REST结构风格前后端分离,在前端访问后端的时候就存在跨域,这个时候后端接口不处理就会存在访问不了。上代码!
1、创建一个Filter 在web.xml中配置
<filter>
<filter-name>xssAndSqlFilter</filter-name>
<filter-class>com.tzdr.btc.user.filter.XssAndSqlFilter</filter-class>
<!--过滤掉 静态资源文件 指定字符串 多个值用英文逗号隔开-->
<init-param>
<param-name>excludedPages</param-name>
<param-value>/tesra/</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>xssAndSqlFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
2、在Filter的doFiler方法中添加设置
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
boolean isExcludedPage = Boolean.TRUE;
HttpServletResponse httpResponse = (HttpServletResponse) response;
HttpServletRequest request1 = (HttpServletRequest) request;
//*表示允许所有域名跨域
httpResponse.setHeader("Access-Control-Allow-Origin", request1.getHeader("Origin"));
httpResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
httpResponse.setHeader("Access-Control-Max-Age", "0");
httpResponse.setHeader("Access-Control-Allow-Headers", "Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With,userId,token,Access-Control-Allow-Headers");
httpResponse.setHeader("Access-Control-Allow-Credentials", "true");//这个是设置运行携带cookie
httpResponse.setHeader("XDomainRequestAllowed","1");
//判断是否在过滤url之外
for (String page : excludedPageArray) {
if(((HttpServletRequest) request).getServletPath().contains(page)){
isExcludedPage = Boolean.FALSE;
break;
}
}
//在过滤url之外
if (isExcludedPage) {
XssAndSqlHttpServletRequestWrapper xssRequest = new XssAndSqlHttpServletRequestWrapper((HttpServletRequest) request);
chain.doFilter(xssRequest, response);
}
else{
chain.doFilter(request, response);
}
}
这样完成以后 再访问接口就能成功访问了。
QQ群号:216868740