我想在http://localhost:9080/StudentWeb/MyRest-rest/services/students/使用可用的REST资源 来自我的AngularJS应用程序,REST应用程序部署在Websphere Appliation Server中,具有以下部署描述符(web.xml)。应用程序与此配置完美配合,用户处于RegisteredUsers角色。
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<display-name>MyRestApplicationServicesWeb</display-name>
<servlet>
<description>
JAX-RS Tools Generated - Do not modify</description>
<servlet-name>MyRestRest</servlet-name>
<servlet-class>com.ibm.websphere.jaxrs.server.IBMRestServlet</servlet-class>
<init-param>
<param-name>javax.ws.rs.Application</param-name>
<param-value>com.myrest.student.rest.StudentApplication</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
<enabled>true</enabled>
<async-supported>false</async-supported>
</servlet>
<servlet-mapping>
<servlet-name>MyRestRest</servlet-name>
<url-pattern>/MyRest-rest/*</url-pattern>
</servlet-mapping>
<security-role>
<description>RegisteredUsers</description>
<role-name>RegisteredUsers</role-name>
</security-role>
<security-constraint>
<display-name>Area for authenticated users</display-name>
<web-resource-collection>
<web-resource-name>Protected Resources</web-resource-name>
<url-pattern>/MyRest-rest/services/*</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>RegisteredUsers</role-name>
</auth-constraint>
</security-constraint>
<filter>
<filter-name>CORSFilter</filter-name>
<filter-class>com.myrest.student.filter.StudentCORSFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CORSFilter</filter-name>
<url-pattern>/MyRest-rest/*</url-pattern>
</filter-mapping>
</web-app>
我希望通过将REST API转换为https来保护AngularJS应用和WAS REST端点之间的数据流。为此,
<user-data-constraint>
<description>Redirects http requests to https</description>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
。
请找到添加的CORS过滤器,
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
System.out.println("Inside Filter");
((HttpServletResponse) response).addHeader("Access-Control-Allow-Origin", "*");
((HttpServletResponse) response).addHeader("Access-Control-Allow-Credentials", "true");
((HttpServletResponse) response).addHeader("Access-Control-Allow-Method", "GET, POST, PUT, DELETE, OPTIONS");
((HttpServletResponse) response).addHeader("Content-Type", "application/json");
((HttpServletResponse) response).addHeader("Access-Control-Allow-Headers", "Content-Type");
String accessControlReqHeader = ((HttpServletRequest) request).getHeader("Access-Control-Request-Headers");
System.out.println(accessControlReqHeader);
if (((HttpServletRequest) request).getMethod().equalsIgnoreCase("OPTIONS")) {
((HttpServletResponse) response).addHeader("Access-Control-Allow-Headers", accessControlReqHeader);
} else {
chain.doFilter(request, response);
}
}
但现在在AngularJS应用程序上出现错误如下,
XMLHttpRequest cannot load http://localhost:9080/StudentWeb/MyRest-rest/services/students/12341234. The request was redirected to 'https://localhost:9443/StudentWeb/MyRest-rest/services/students/12341234', which is disallowed for cross-origin requests that require preflight.
我可以将此视为https的CORS问题。我怎样才能解决这个问题。
答案 0 :(得分:1)
这是您的问题,或者至少其中一个问题。
((HttpServletResponse)响应).addHeader(&#34; Access-Control-Allow-Origin&#34;,&#34; *&#34;);
使用CORS请求发送凭据时,您无法使用通配符。而是明确列出原点。如果您有很多,请检查客户端的origin头,如果您的服务器决定向该客户端提供内容,则返回请求源头的内容作为Access-Control-Allow-Origin响应头的值。