springboot shiro vue造成的跨域問題

複雜請求

           造成複雜請求的原因就是在請求頭部添加了token等信息，瀏覽器會認爲是複雜請求。複雜請求的執行過程是有兩步的，瀏覽器會提前發送一個探針請求（也叫預請求）到服務端，這個請求通過以後纔會將真正的請求帶着header的信息發送出去

預請求被攔截

              預請求直接被shiro攔截了，所以真正的請求永遠也到不了後臺，這個就是問題的關鍵。此時需要自定義一個攔截器來處理預請求的問題

package com.**.common.shiro.filter;

import org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter;
import org.apache.shiro.web.util.WebUtils;
import org.springframework.web.bind.annotation.RequestMethod;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class MyShiroAuthFilter extends PassThruAuthenticationFilter {


	@Override
	public boolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
		HttpServletRequest req = (HttpServletRequest)request;
		if(req.getMethod().equals(RequestMethod.OPTIONS.name())){
			return true;
		}
		return super.onPreHandle(request, response, mappedValue);
	}
	@Override
	protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
		HttpServletResponse httpResp = WebUtils.toHttp(response);
		HttpServletRequest httpReq = WebUtils.toHttp(request);

		/**系統重定向會默認把請求頭清空，這裏通過攔截器重新設置請求頭，解決跨域問題*/
		httpResp.addHeader("Access-Control-Allow-Origin", httpReq.getHeader("Origin"));
		httpResp.addHeader("Access-Control-Allow-Headers", "*");
		httpResp.addHeader("Access-Control-Allow-Methods", "*");
		httpResp.addHeader("Access-Control-Allow-Credentials", "true");

		WebUtils.toHttp(response).sendRedirect(httpReq.getContextPath()+"/user/unauth");
		return false;
	}

}

 然後在shiro的配置文件中添加過濾器

 @Bean
    public ShiroFilterFactoryBean shirFilter(DefaultWebSecurityManager securityManager) {

        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager());
        Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();

        //注意過濾器配置順序 不能顛倒
        //配置退出 過濾器,其中的具體的退出代碼Shiro已經替我們實現了，登出後跳轉配置的loginUrl
        filterChainDefinitionMap.put("/user/logout", "logout");
        shiroFilterFactoryBean.setLoginUrl("/user/unauth");
        filterChainDefinitionMap.put("/user/unauth", "anon");
        filterChainDefinitionMap.put("/user/login", "anon");

        /**swagger攔截配置*/
        filterChainDefinitionMap.put("/swagger-ui.html", "anon");
        filterChainDefinitionMap.put("/swagger-resources/**", "anon");
        filterChainDefinitionMap.put("/swagger-resources", "anon");
        filterChainDefinitionMap.put("/v2/api-docs", "anon");
        filterChainDefinitionMap.put("/webjars/springfox-swagger-ui/**", "anon");

        Map<String, Filter> filters = new HashMap<>();
        filters.put("authc",new MyShiroAuthFilter());
        shiroFilterFactoryBean.setFilters(filters);
        filterChainDefinitionMap.put("/**", "authc");
        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
        return shiroFilterFactoryBean;
    }