tomcat 7 cors过滤器

时间:2013-06-24 01:47:49

标签: tomcat tomcat7 cors web.xml 

Ubuntu 12.10   
Tomcat 7.0.41   
Chrome 27.0.1453.116

我想使用Tomcat新的原生CORS过滤器来允许Access-Control-Allow-Origin: *。配置看起来很简单但是当我使用Chrome的“开发人员工具”或Firefox的Firebug来检查 Access-Control-Allow-Origin:* 时,它没有出现在响应头中:

Request URL:http://XXX.XXX.XX.99:8984/SimpleServlet/simple-servlet   
Request Method:GET   
Status Code:200 OK   
Request Headersview source   
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8   
Accept-Encoding:gzip,deflate,sdch   
Accept-Language:en-US,en;q=0.8   
Cache-Control:max-age=0    
Connection:keep-alive    
DNT:1     
Host:198.100.45.99:8984     
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36     
Response Headersview source   
Content-Length:103       
Content-Type:text/html;charset=ISO-8859-1     
Date:Mon, 24 Jun 2013 00:19:30 GMT      
Server:Apache-Coyote/1.1

为了进行测试,我已经部署了一个简单的servlet,并在WEB-INF / web.xml中配置了以下内容。

<?xml version="1.0" encoding="ISO-8859-1"?>   
<web-app
    xmlns="http://java.sun.com/xml/ns/javaee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3.0.xsd"
    version="3.0">   
    <servlet>   
        <servlet-name>SimpleServlet</servlet-name>   
        <servlet-class>com.javaranch.codebarn.servletjsp.SimpleServlet</servlet-class>   
    </servlet>   
    <servlet-mapping>   
        <servlet-name>SimpleServlet</servlet-name>   
        <url-pattern>/simple-servlet</url-pattern>    
    </servlet-mapping>   
    <filter>     
        <filter-name>CorsFilter</filter-name>     
        <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>    
        <init-param>     
            <param-name>cors.allowed.origins</param-name>     
            <param-value>*</param-value>     
        </init-param>     
        <init-param>     
            <param-name>cors.allowed.headers</param-name>     
            <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>     
        </init-param>     
        <init-param>     
            <param-name>cors.exposed.headers</param-name>      
            <param-value>Access-Control-Allow-Origin</param-value>       
        </init-param>     
        <!--     
        <init-param>     
            <param-name>cors.logging.enabled</param-name>     
            <param-value>true</param-value>     
        </init-param>     
        -->     
    </filter>     
    <filter-mapping>     
        <filter-name>CorsFilter</filter-name>     
        <url-pattern>/*</url-pattern>     
    </filter-mapping>    
</web-app>

我错过了什么?我也尝试过Dzhuvinov的java类/过滤器,并尝试在WEB-INF / web.xml和$ CATALINA_BASE / conf / web.xml中配置过滤器。有什么可能阻止这种配置?

我该如何解决这个问题?看来在最初的eBay cors-filter产品中,有一个切换日志记录的参数,但这没有反映在Tomcat v7.0.41文档中。

1 个答案:

答案 0 :(得分:1)

问题不在web.xml过滤器配置中;相反,它是测试结果的测量方式。而不是使用Chrome的开发人员工具,请使用test-cors.org(http://client.cors-api.appspot.com/client)。另请参阅https://groups.google.com/forum/#!topic/gs-discussion/kgdCFuJoTt4

相关问题
最新问题