&引用;访问控制允许来源:“";对RESTWeb服务没有影响
我从JavaScript客户端(运行在机器A上)向Web服务器(运行在机器B上)发出AJAX调用。 客户端试图访问RESTful Web服务(Jersey)公开的URL,但该URL被阻止,错误为: 起源不是 允许的 访问控制允许源 在服务器中,我添加了2个头参数,允许访问任何客户端。然而,这没有帮助:&引用;访问控制允许来源:“";对RESTWeb服务没有影响,rest,jquery,cross-domain,jersey,Rest,Jquery,Cross Domain,Jersey,我从JavaScript客户端(运行在机器A上)向Web服务器(运行在机器B上)发出AJAX调用。 客户端试图访问RESTful Web服务(Jersey)公开的URL,但该URL被阻止,错误为: 起源不是 允许的 访问控制允许源 在服务器中,我添加了2个头参数,允许访问任何客户端。然而,这没有帮助: @Context private HttpServletResponse servlerResponse; @POST @Path("testme") public void test(){
@Context
private HttpServletResponse servlerResponse;
@POST
@Path("testme")
public void test(){
servlerResponse.addHeader("Access-Control-Allow-Origin", "*");
servlerResponse.addHeader("Access-Control-Allow-Credentials", "true");
}
对于JSP,同样的标题也适用:
<%
response.addHeader("Access-Control-Allow-Origin", "*");
response.addHeader("Access-Control-Allow-Credentials", "true");
%>
<html>
<head><title>test jsp</title></head>
<body>
test
</body>
</html>
作为一个解决方案,我们实现了javax.servlet.Filter,它将所需的头添加到每个响应中:
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, java.io.IOException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
// This should be added in response to both the preflight and the actual request
response.addHeader("Access-Control-Allow-Origin", "*");
if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
response.addHeader("Access-Control-Allow-Credentials", "true");
}
chain.doFilter(req, resp);
}
@epeleg这是我做这类事情的首选方法,即过滤响应(Jersey 2.x):
您的XmlHttpRequest客户端代码是什么样子的?是用邮局吗?因为您的servlet看起来像是只为POST配置的。我的客户端正在使用POST。找到了一个解决方案:配置一个过滤器,将所需的头添加到每个响应中。您可以添加一些关于如何执行此操作的更多信息吗?但我在通过ajax调用rest服务时出错。@Sergey是的,我有…请查看此链接。。谢谢,库马尔·肖拉夫
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, java.io.IOException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
// This should be added in response to both the preflight and the actual request
response.addHeader("Access-Control-Allow-Origin", "*");
if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
response.addHeader("Access-Control-Allow-Credentials", "true");
}
chain.doFilter(req, resp);
}
@Provider
public class CORSFilter implements ContainerResponseFilter {
@Override
public void filter(ContainerRequestContext requestContext,
ContainerResponseContext responseContext) throws IOException {
responseContext.getHeaders().add("Access-Control-Allow-Origin", "*");
}
}