如何在JBoss上的spring应用程序中设置访问控制Allow Origin?
我正在JBoss上运行一个spring应用程序,为数据库提供REST接口。当我的前端代码尝试访问REST应用程序时,请求被取消,因为服务器未设置如何在JBoss上的spring应用程序中设置访问控制Allow Origin?,spring,jboss,cors,Spring,Jboss,Cors,我正在JBoss上运行一个spring应用程序,为数据库提供REST接口。当我的前端代码尝试访问REST应用程序时,请求被取消,因为服务器未设置访问控制允许源站头以允许客户端请求数据。我如何在JBoss服务器或spring应用程序中设置它?其中一个控制器如下所示。我希望这个RESTAPI对整个组织开放,所以我只想将标题设置为“*” package com.mycompany.esb.components.controllers; import java.io.UnsupportedEncodi
访问控制允许源站
头以允许客户端请求数据。我如何在JBoss服务器或spring应用程序中设置它?其中一个控制器如下所示。我希望这个RESTAPI对整个组织开放,所以我只想将标题设置为“*”
package com.mycompany.esb.components.controllers;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.hateoas.Resource;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import com.mycompany.esb.components.ResourceBuilder;
import com.mycompany.esb.jpa.dao.ServicesDAO;
import com.mycompany.esb.jpa.entity.ServicesEntity;
import static org.springframework.hateoas.mvc.ControllerLinkBuilder.linkTo;
import static org.springframework.hateoas.mvc.ControllerLinkBuilder.methodOn;
@Controller
@RequestMapping( value = "/services")
public class ServicesController extends BaseController {
/*
* Static final values for to limit size of result set
* for queries where no limits are set
*/
public static final String DAYS_PREVIOUS = "0.0";
public static final String HOURS_TO_SHOW = "2.0";
@Autowired
private ServicesDAO servicesDAO;
@Autowired
private ResourceBuilder resourceBuilder;
public void addLinks(List<ServicesEntity> services) {
resourceBuilder.addServiceLink(this, services);
}
public void addLinks(ServicesEntity service) {
resourceBuilder.addServiceLink(this, service);
}
@RequestMapping(value = "",
method = RequestMethod.GET,
produces = "application/json")
@ResponseBody
public Resource<List<ServicesEntity>> getAllServices(
@RequestParam(value = "daysPrevious", defaultValue = DAYS_PREVIOUS) double daysPrevious,
@RequestParam(value = "hoursToShow", defaultValue = HOURS_TO_SHOW) double hoursToShow) {
List<ServicesEntity> services = servicesDAO.getAllServices(daysPrevious, hoursToShow);
addLinks(services);
Resource<List<ServicesEntity>> toReturn = new Resource<List<ServicesEntity>>(services);
toReturn.add(linkTo(methodOn(ServicesController.class).getAllServices(daysPrevious, hoursToShow)).withSelfRel());
return toReturn;
}
}
包com.mycompany.esb.components.controllers;
导入java.io.UnsupportedEncodingException;
导入java.net.urlcoder;
导入java.util.List;
导入org.springframework.beans.factory.annotation.Autowired;
导入org.springframework.hateoas.Resource;
导入org.springframework.http.HttpHeaders;
导入org.springframework.http.HttpStatus;
导入org.springframework.http.ResponseEntity;
导入org.springframework.stereotype.Controller;
导入org.springframework.web.bind.annotation.PathVariable;
导入org.springframework.web.bind.annotation.RequestMapping;
导入org.springframework.web.bind.annotation.RequestMethod;
导入org.springframework.web.bind.annotation.RequestParam;
导入org.springframework.web.bind.annotation.ResponseBody;
导入com.mycompany.esb.components.ResourceBuilder;
导入com.mycompany.esb.jpa.dao.ServicesDAO;
导入com.mycompany.esb.jpa.entity.ServicesEntity;
导入静态org.springframework.hateoas.mvc.ControllerLinkBuilder.linkTo;
导入静态org.springframework.hateoas.mvc.ControllerLinkBuilder.methodOn;
@控制器
@请求映射(value=“/services”)
公共类ServicesController扩展BaseController{
/*
*用于限制结果集大小的静态最终值
*用于未设置限制的查询
*/
公共静态最终字符串天数\u PREVIOUS=“0.0”;
公共静态最终字符串小时数\u至\u SHOW=“2.0”;
@自动连线
私人服务AO服务AO;
@自动连线
私人资源建设者资源建设者;
公共void addLinks(列表服务){
resourceBuilder.addServiceLink(此,服务);
}
公共无效添加链接(ServicesEntity服务){
resourceBuilder.addServiceLink(此,服务);
}
@请求映射(值=”,
method=RequestMethod.GET,
products=“application/json”)
@应答器
公共资源getAllServices(
@RequestParam(value=“daysPrevious”,defaultValue=DAYS\u PREVIOUS)双倍daysPrevious,
@RequestParam(value=“hoursToShow”,defaultValue=HOURS\u TO\u SHOW)双小时{
List services=servicesDAO.getAllServices(daysPrevious,hoursToShow);
addLinks(服务);
资源返回=新资源(服务);
添加(linkTo(methodOn(ServicesController.class).getAllServices(daysPrevious,hoursToShow)).with selfrel());
回归回归;
}
}
您可以在Spring应用程序中使用过滤器,如下所示:
@Component
public class CorsFilter extends OncePerRequestFilter {
@Override
protected void doFilterInternal(HttpServletRequest request,
HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
if(request.getHeader("Access-Control-Request-Method") != null
&& "OPTIONS".equals(request.getMethod())) {
response.addHeader("Access-Control-Allow-Origin", "*");
response.addHeader("Access-Control-Allow-Methods", "comma sep list of methods you want to support");
//additional Access-Control-* like Allow-Headers, Max-Age,...
...
}
filterChain.doFilter(request, response);
}
}
以及相应的
克斯菲尔特
org.springframework.web.filter.DelegatingFilterProxy
您可以在Spring应用程序中使用过滤器,如下所示:
@Component
public class CorsFilter extends OncePerRequestFilter {
@Override
protected void doFilterInternal(HttpServletRequest request,
HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
if(request.getHeader("Access-Control-Request-Method") != null
&& "OPTIONS".equals(request.getMethod())) {
response.addHeader("Access-Control-Allow-Origin", "*");
response.addHeader("Access-Control-Allow-Methods", "comma sep list of methods you want to support");
//additional Access-Control-* like Allow-Headers, Max-Age,...
...
}
filterChain.doFilter(request, response);
}
}
以及相应的
克斯菲尔特
org.springframework.web.filter.DelegatingFilterProxy
这个解决方案适合我
将此筛选器放入我的应用程序的web.xml
:
<filter>
<filter-name>cors</filter-name>
<filter-class>com.mycompany.components.CorsFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>cors</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
这个解决方案对我有效 将此筛选器放入我的应用程序的
web.xml
:
<filter>
<filter-name>cors</filter-name>
<filter-class>com.mycompany.components.CorsFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>cors</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
这正是帮助我的!我已将一个类放入默认包中。例如com.package:
package com.package
import org.springframework.context.annotation.Configuration;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* Created by GMiskos on 14/6/2017.
*/
@Configuration
public class CORSFilter implements Filter{
public void doFilter(ServletRequest req, ServletResponse res, FilterChain
chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
response.setHeader("access-control-allow-origin", "*");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods", "POST, GET,
OPTIONS, DELETE, HEAD, PUT");
response.setHeader("Access-Control-Max-Age", "3600");
//response.setHeader("Access-Control-Allow-Headers", "Content-
Type, Accept, X-Requested-With, remember-me");
response.setHeader("Access-Control-Allow-Headers", "Origin,
Accept, X-Requested-With, Content-Type, Access-Control-Request-Method,
Access-Control-Request-Headers");
chain.doFilter(req, res);
}
public void init(FilterConfig filterConfig) {
}
public void destroy() {
}
}
在我的web.xml中的befare结束标记(…可能很重要)
科尔斯
com.package.CORSFilter
科尔斯
/*
最后,我在pom.xml中添加了这个依赖项
<!-- servlet dependencies -->
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.0.1</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.servlet.jsp</groupId>
<artifactId>jsp-api</artifactId>
<version>2.2</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.el</groupId>
<artifactId>javax.el-api</artifactId>
<version>2.2.4</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
</dependency>
javax.servlet
javax.servlet-api
3.0.1
假如
javax.servlet.jsp
jsp api
2.2
假如
javax.el
javax.el-api
2.2.4
假如
javax.servlet
jstl
1.2
这正是帮助我的原因!我已将一个类放入默认包中。例如com.package:
package com.package
import org.springframework.context.annotation.Configuration;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* Created by GMiskos on 14/6/2017.
*/
@Configuration
public class CORSFilter implements Filter{
public void doFilter(ServletRequest req, ServletResponse res, FilterChain
chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
response.setHeader("access-control-allow-origin", "*");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods", "POST, GET,
OPTIONS, DELETE, HEAD, PUT");
response.setHeader("Access-Control-Max-Age", "3600");
//response.setHeader("Access-Control-Allow-Headers", "Content-
Type, Accept, X-Requested-With, remember-me");
response.setHeader("Access-Control-Allow-Headers", "Origin,
Accept, X-Requested-With, Content-Type, Access-Control-Request-Method,
Access-Control-Request-Headers");
chain.doFilter(req, res);
}
public void init(FilterConfig filterConfig) {
}
public void destroy() {
}
}
在我的web.xml中的befare结束标记(…可能很重要)
科尔斯
com.package.CORSFilter
科尔斯
/*
最后,我在pom.xml中添加了这个依赖项
<!-- servlet dependencies -->
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.0.1</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.servlet.jsp</groupId>
<artifactId>jsp-api</artifactId>
<version>2.2</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.el</groupId>
<artifactId>javax.el-api</artifactId>
<version>2.2.4</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
</dependency>
javax.servlet
javax.servlet-api
3.0.1
假如
javax.servlet.jsp
jsp api
2.2
假如
javax.el
javax.el-api
2.2.4
假如
javax.servlet
jstl
1.2
我试过这个,但没有效果。您的答案中没有列出需要的其他配置吗?我尝试了这个,但没有效果。您的回答中没有列出需要的其他配置吗?谢谢您的解决方案。我的wildfly服务器有一个问题,它说在ajax请求之后,我的HTTP动词不是GET或POST
。有什么想法吗?Ajax请求通常首先使用HTTP选项请求来检查是否允许进行GET/POST调用。听起来你的服务器只允许GET和POST。因此,您还需要将其配置为允许选项。上面的配置将允许的方法设置如下:response.setHeader(“访问控制允许方法”、“GET、HEAD、OPTIONS、POST、PUT”)代码>感谢您的解决方案。我的wildfly服务器有一个问题,它说我的HTTP动词不是GET或POST