Java服务端 CORS 跨域配置

现在的web程序架构越来越趋向于前后端分离，前后端分离的好处，这里就不再说了。但面临的问题就有一个，那就是跨域的问题。这里简单记录一下服务端这边的解决方案。

本文相关部分参考及引用自 http://blog.csdn.net/andong154564667/article/details/51508042

外部jar包实现

---

maven 加入依赖：

  <dependency>        <groupId>com.thetransactioncompany</groupId>        <artifactId>java-property-utils</artifactId>        <version>1.7.1</version>    </dependency>    <dependency>        <groupId>com.thetransactioncompany</groupId>        <artifactId>cors-filter</artifactId>        <version>2.5</version>    </dependency>  

web.xml中配置：

    <filter>        <description>跨域过滤器</description>        <filter-name>CORS</filter-name>        <filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>        <init-param>            <param-name>cors.allowOrigin</param-name>            <param-value>*</param-value>        </init-param>        <init-param>            <param-name>cors.supportedMethods</param-name>            <param-value>GET, POST, HEAD, PUT, DELETE, OPTIONS</param-value>        </init-param>        <init-param>            <param-name>cors.supportedHeaders</param-name>            <param-value>Accept, Origin, X-Requested-With, Content-Type, fuserkey</param-value>        </init-param>        <init-param>            <param-name>cors.exposedHeaders</param-name>            <param-value>Set-Cookie</param-value>        </init-param>        <init-param>            <param-name>cors.supportsCredentials</param-name>            <param-value>true</param-value>        </init-param>    </filter>    <filter-mapping>        <filter-name>CORS</filter-name>        <url-pattern>*.do</url-pattern>    </filter-mapping>

自定义Filter实现

---

这里使用的是基于 servlet 3.0 注解方式配置Filter，需要servlet 3.0, tomcat 7及以上的才有此包。相关基于注解方式配置Filter，Servlet 自行百度。

import org.apache.commons.lang3.StringUtils;import javax.servlet.*;import javax.servlet.annotation.WebFilter;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import java.io.IOException;/** * 跨域过滤器 * * 基于 servlet 3.0 注解方式配置Filter * 需要servlet 3.0, tomcat 7及以上的才有此包. * 多个filter的执行顺序，通过类名排序. * * @author yanfa.Chen * @date 2017/12/1 */@WebFilter(filterName = "corsFilter", value = {"*.do"})public class CorsFilter implements Filter {    /*    Access-Control-Allow-Origin：允许访问的客户端域名，例如：http://web.xxx.com，若为*，则表示从任意域都能访问，即不做任何限制；    Access-Control-Allow-Methods：允许访问的方法名，多个方法名用逗号分割，例如：GET,POST,PUT,DELETE,OPTIONS；    Access-Control-Allow-Credentials：是否允许请求带有验证信息，若要获取客户端域下的cookie时，需要将其设置为true；    Access-Control-Allow-Headers：允许服务端访问的客户端请求头，多个请求头用逗号分割，例如：Content-Type；    Access-Control-Expose-Headers：允许客户端访问的服务端响应头，多个响应头用逗号分割。    */    /**     * 允许的请求源，默认为所有。     * 如果需要配置为允许多个域名，则可以采用数组形式，如果当前请求的origin 包含在白名单中就设置该域名到origin中。     */    private final String allowOrigin = "*";    /**     * 允许请求的方法     */    private final String allowMethods = "GET,POST,PUT,DELETE,OPTIONS";    private final String allowCredentials = "true";    private final String allowHeaders = "Accept, Origin, X-Requested-With, Content-Type, fuserkey";    private final String exposeHeaders = "Set-Cookie";    @Override    public void destroy() {    }    @Override    public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {        HttpServletRequest request = (HttpServletRequest) req;        HttpServletResponse response = (HttpServletResponse) resp;        String currentOrigin = request.getHeader("Origin");        if(StringUtils.isNotEmpty(allowOrigin)){            response.setHeader("Access-Control-Allow-Origin", allowOrigin);        }        response.setHeader("Access-Control-Allow-Methods", allowMethods);        response.setHeader("Access-Control-Allow-Credentials", allowCredentials);        response.setHeader("Access-Control-Allow-Headers", allowHeaders);        response.setHeader("Access-Control-Expose-Headers", exposeHeaders);        chain.doFilter(req, resp);    }    @Override    public void init(FilterConfig config) throws ServletException {        System.out.println("CorsFilter 启动了");    }}