关键字:同源 代表 协议 + ip + 端口 一致
我们需要新建一个工程,启动本地的 localhost:8081 然后再启动一个工程端口在 8082在8082的工程中的 html页面发起一个ajax请求
步骤:创建一个基本的springweb工程,新建一个普通的controller
<dependencies>
<!-- web 支持 -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<!-- thymeleaf 模板 -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
</dependencies>
@Controller
public class HomeController {
@RequestMapping("/")
public String index() {
return "index";
}
@RequestMapping("/testHello")
@ResponseBody
public String testHello() {
System.out.println("test Hello");
return "test Hello ";
}
}
<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org">
<head>
<meta charset="UTF-8">
<title>Title</title>
<script th:src="@{https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js}" type="text/javascript"></script>
</head>
<body>
<h2> spring cors web</h2>
<script>
axios.get('/testHello')
</script>
</body>
</html>
该注解可以放到类和方法上,当放到类上面时,这个类下面所有的方法都生效
@CrossOrigin(origins = {"*"})
@RequestMapping("/testHello")
@ResponseBody
public String testHello() {
System.out.println("test Hello");
return "test Hello ";
}
我们看到这个时候可以正常输出了
@Configuration
public class WebConfiguration implements WebMvcConfigurer {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")//处理所有请求
.allowCredentials(false)
.allowedMethods("*")
.allowedOrigins("*")
.allowedHeaders("*")
.exposedHeaders("*")
.maxAge(3600);
}
}
我们注释掉方法上面的//@CrossOrigin(origins = {"*"})
@Bean
public FilterRegistrationBean<CorsFilter> corsFilter() {
FilterRegistrationBean<CorsFilter> registrationBean = new FilterRegistrationBean<>();
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowCredentials(false);
configuration.setAllowedMethods(Arrays.asList("*"));
configuration.setAllowedHeaders(Arrays.asList("*"));
configuration.setAllowedOriginPatterns(Arrays.asList("*"));
configuration.setMaxAge(3600L);
UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource();
urlBasedCorsConfigurationSource.registerCorsConfiguration("/**", configuration);
registrationBean.setFilter(new CorsFilter(urlBasedCorsConfigurationSource));
registrationBean.setOrder(-1);
return registrationBean;
}
测试同样可以达到效果
<!-- SpringSecurity依赖-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
我们看到又跨域请求又出现了,我们该怎么解决呢?
Spring security 为我们提供了更优秀的解决方案
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.cors()
.configurationSource(configurationSource()) //处理跨域请求
.and()
.csrf().disable();
}
/**
* 配置spring security 跨域解决方案
* @return
*/
public CorsConfigurationSource configurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowCredentials(false);
configuration.setAllowedMethods(Arrays.asList("*"));
configuration.setAllowedHeaders(Arrays.asList("*"));
configuration.setAllowedOriginPatterns(Arrays.asList("*"));
configuration.setMaxAge(3600L);
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}