我的项目中有一个自定义拦截器,我在我的控制器上放了一个@CrossOrigin(origin =“*”,maxAge = 3600)。
当我 不 使用自定义拦截器时, @CrossOrigin正常 ,
但当我 使用 我的自定义拦截器时, @CrossOrign无效 !
我还尝试使用 自定义CorsInterceptor 来处理问题,但是, 它 不起作用
我应该如何解决跨域问题?
这是我自定义的CorsInterceptor:
public class ProcessInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request,
HttpServletResponse response, Object handler) throws Exception {
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods",
"POST, GET, OPTIONS,PUT, HEAD, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "Content-Type");
response.setHeader("Access-Control-Allow-Credentials", "true");
return true;
}
@Override
public void postHandle(HttpServletRequest request,
HttpServletResponse response, Object handler,
ModelAndView modelAndView) throws Exception {
// TODO Auto-generated method stub
}
@Override
public void afterCompletion(HttpServletRequest request,
HttpServletResponse response, Object handler, Exception ex)
throws Exception {
// TODO Auto-generated method stub
}
这是我的mvc配置:
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/**" />
<bean class="com.dorm.interceptor.ProcessInterceptor"></bean>
</mvc:interceptor>
<mvc:interceptor>
<mvc:mapping path="/**" />
<mvc:exclude-mapping path="/static/css/**" />
<mvc:exclude-mapping path="/user/login" />
<mvc:exclude-mapping path="/student/login" />
<mvc:exclude-mapping path="/static/fonts/**" />
<mvc:exclude-mapping path="/static/js/**" />
<mvc:exclude-mapping path="/static/img/**" />
<mvc:exclude-mapping path="/user/testsession" />
<mvc:exclude-mapping path="/swagger-ui.html" />
<mvc:exclude-mapping path="/swagger-resources/**" />
<mvc:exclude-mapping path="/webjars/**" />
<mvc:exclude-mapping path="/v2/**" />
<bean class="com.dorm.interceptor.LoginAndPermInter"></bean>
</mvc:interceptor>
</mvc:interceptors>
控制器上的@CrossOrgin
@CrossOrigin(origins = "*", maxAge = 3600)
public class UserLoginController {//...}
答案 0 :(得分:0)
如果您使用mvc XML命名空间,我建议您使用mvc:cors命名空间。 我不确定这是一个确切的解决方案,但我很成功。
- mvc XML命名空间 -
<!-- CORS -->
<mvc:cors>
<mvc:mapping path="/**" allowed-origins="*"/>
</mvc:cors>
根据Spring Framework中的CORS支持,CORS请求包括带有OPTIONS方法的预检。这意味着应该在诸如GET或POST之类的请求之前请求OPTIONS方法。因此,如果您尝试通过拦截器处理授权,则可以在preHandle上为OPTIONS方法添加一些操作。实际上,这取决于浏览器。 IE并不重要,但Chrome和Firefox需要它。
https://spring.io/blog/2015/06/08/cors-support-in-spring-framework
- 拦截器Bean -
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
if (request.getMethod().equals("OPTIONS")) {
// return true or Some actions to avoid CORS;
}
}