我们正在尝试在tomcat上实现CORS过滤器以允许跨域请求。我们在两个不同的tomcat(不同的机器)上有两个GWT项目。在阅读了CORS过滤器文档CORS之后,我刚刚在tomcat的web.xml文件中添加了CORS过滤器。
`<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.preflight.maxage</param-name>
<param-value>10</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>`
但它不起作用。我得到了另一个与之相关的堆栈问题,但是如何在GWT中实现过滤器有点混乱?
用GWT实现CORS过滤器的实际程序是什么?
答案 0 :(得分:1)
扩展Filter并在服务器端添加类,如下所示:
注意:这只是一个让你前进的简单例子。如果你没有正确配置它,请告诉自己安全风险...
检查this article的最后一部分
public class CORSFilter implements Filter {
// For security reasons set this regex to an appropriate value
// example: ".*example\\.com"
private static final String ALLOWED_DOMAINS_REGEXP = ".*";
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) servletRequest;
HttpServletResponse resp = (HttpServletResponse) servletResponse;
String origin = req.getHeader("Origin");
if (origin != null && origin.matches(ALLOWED_DOMAINS_REGEXP)) {
resp.addHeader("Access-Control-Allow-Origin", origin);
if ("options".equalsIgnoreCase(req.getMethod())) {
resp.setHeader("Allow", "GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS");
if (origin != null) {
String headers = req.getHeader("Access-Control-Request-Headers");
String method = req.getHeader("Access-Control-Request-Method");
resp.addHeader("Access-Control-Allow-Methods", method);
resp.addHeader("Access-Control-Allow-Headers", headers);
// optional, only needed if you want to allow cookies.
resp.addHeader("Access-Control-Allow-Credentials", "true");
resp.setContentType("text/x-gwt-rpc");
}
resp.getWriter().flush();
return;
}
}
// Fix ios6 caching post requests
if ("post".equalsIgnoreCase(req.getMethod())) {
resp.addHeader("Cache-Control", "no-cache");
}
if (filterChain != null) {
filterChain.doFilter(req, resp);
}
}
@Override
public void destroy() {
}
@Override
public void init(FilterConfig arg0) throws ServletException {
}
}
不要忘记在web.xml中添加Filter(在WAR文件中,而不是在tomcat web.xml中)。
<filter>
<filter-name>corsFilter</filter-name>
<filter-class><YourProjectPath>.CORSFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>corsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>