如何配置Lagom框架与CORS配合使用?

时间:2018-11-26 12:48:05

标签: java microservices lagom

如何配置Lagom框架以处理CORS请求(方法请求“选项”)。

2 个答案:

答案 0 :(得分:1)

通过这种方式,我已经为我的一个项目启用了Lagom中的CORS。

在服务类中定义一个方法来处理 OPTIONS 调用。

ServiceCall<NotUsed, Done> options();

在service-impl类中实现该方法。

@Override
public ServiceCall<NotUsed, Done> options() {
    return request -> CompletableFuture.completedFuture(Done.getInstance());
}

在描述符中定义选项调用。例如,假设实际的呼叫是

GET /api/v0.1/user

服务描述符应如下所示:

@Override
default Descriptor descriptor() {
    // @formatter:off
    return named("notification").withCalls(
            restCall(Method.GET, "/api/v0.1/user", this::getUser),
            restCall(Method.OPTIONS, "/api/v0.1/user", this::options)

    ).withAutoAcl(true).withHeaderFilter(new CORSHeaderFilter());
    // @formatter:on
}

请注意,它使用

附加了标题过滤器
.withHeaderFilter(new CORSHeaderFilter()) 

CORSHeaderFilter类应如下所示。

import com.lightbend.lagom.javadsl.api.transport.HeaderFilter;
import com.lightbend.lagom.javadsl.api.transport.Method;
import com.lightbend.lagom.javadsl.api.transport.RequestHeader;
import com.lightbend.lagom.javadsl.api.transport.ResponseHeader;

public class CORSHeaderFilter implements HeaderFilter {

    @Override
    public RequestHeader transformClientRequest(RequestHeader request) {
        return request;
    }

    @Override
    public RequestHeader transformServerRequest(RequestHeader request) {
        return request;
    }

    @Override
    public ResponseHeader transformServerResponse(ResponseHeader response, RequestHeader request) {
        ResponseHeader modifiedResponse = response.withHeader("Access-Control-Allow-Origin", "*");
        if (Method.OPTIONS.equals(request.method())) {
            modifiedResponse = modifiedResponse.withStatus(204).withHeader("Access-Control-Allow-Headers",
                    "Authorization,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With" +
                            ",If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range").
                    withHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS, PATCH").
                    withHeader("Access-Control-Max-Age", "1728000");
        }
        return modifiedResponse;
    }

    @Override
    public ResponseHeader transformClientResponse(ResponseHeader response, RequestHeader request) {
        ResponseHeader modifiedResponse = response.withHeader("Access-Control-Allow-Origin", "*");
        if (Method.OPTIONS.equals(request.method())) {
            modifiedResponse = modifiedResponse.withStatus(204).withHeader("Access-Control-Allow-Headers",
                    "Authorization,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With" +
                            ",If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range").
                    withHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS, PATCH").
                    withHeader("Access-Control-Max-Age", "1728000");
        }
        return modifiedResponse;
    }
}

无论何时添加新端点,请确保也添加该端点的 OPTIONS 版本。

答案 1 :(得分:0)

要允许用Java编写的Lagom服务与CORS一起使用,您需要为每个Play实施CORS过滤器:

package example.service.impl


import play.filters.cors.CORSFilter;
import play.http.DefaultHttpFilters;

import javax.inject.Inject;

// See https://playframework.com/documentation/2.5.x/CorsFilter
public class MyCORSFilter extends DefaultHttpFilters {
    @Inject
    public MyCORSFilter(CORSFilter corsFilter) {
        super(corsFilter);
    }
}

,然后在您的application.conf中,添加过滤器:

play.http.filters = "example.service.impl.MyCORSFilter"

// To properly setup the CORSFilter, please refer to https://playframework.com/documentation/2.5.x/CorsFilter
// This example is only meant to show what's required for Lagom to use CORS.
play.filters.cors {
  // review the values of all these settings to fulfill your needs. These values are not meant for production.
  pathPrefixes = ["/api"]
  allowedOrigins = null
  allowedHttpMethods = null
  allowedHttpHeaders = null
  exposedHeaders = []
  supportsCredentials = false
  preflightMaxAge = 6 hour
}

有关更多信息,请参见example CORS servicePlay docs