springmvc跨域配置:
<mvc:cors>
<mvc:mapping path="/**/**"
allowed-origins="http://127.0.0.1:8099"
allow-credentials="true"
allowed-headers="*"
max-age="1800"
allowed-methods="*"
/>
</mvc:cors>
注意:allow-credentials爲true時,allowed-origins必須爲具體域,而不是*;
shiro跨域配置:繼承AuthenticatingFilter類,重寫以下方法
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
//...你的邏輯
HttpServletResponse httpResponse = (HttpServletResponse) response;
httpResponse.setHeader("Access-Control-Allow-Credentials", "true");
httpResponse.setHeader("Access-Control-Allow-Origin", HttpContextUtils.getOrigin());
//...你的邏輯
}
@Override
protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response) {
HttpServletResponse httpResponse = (HttpServletResponse) response;
httpResponse.setContentType("application/json;charset=utf-8");
httpResponse.setHeader("Access-Control-Allow-Credentials", "true");
httpResponse.setHeader("Access-Control-Allow-Origin", HttpContextUtils.getOrigin());
//...你的邏輯
}
HttpContextUtils類
public class HttpContextUtils {
public static HttpServletRequest getHttpServletRequest() {
return ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
}
public static String getDomain(){
HttpServletRequest request = getHttpServletRequest();
StringBuffer url = request.getRequestURL();
return url.delete(url.length() - request.getRequestURI().length(), url.length()).toString();
}
public static String getOrigin(){
HttpServletRequest request = getHttpServletRequest();
return request.getHeader("Origin");
}
}
以上配置無誤後,action方法便可跨域了,如果要使得靜態資源可以訪問,還需要將靜態資源交由springmvc管理,默認是由tomcat等服務器管理的。配置如下:
<mvc:resources mapping="/靜態資源映射路徑/**" location="/靜態資源所在路徑/" />