SSM-跨域

以下提供 4 种方法，推荐前两种

@CrossOrigin 注解 Controller

在 Controller 类或方法上加上 @CrossOrigin 注解即可允许所有 ip 跨域访问
在 Controller 类上表示该 Controller 的所有方法都支持跨域
在 Controller 中的方法上表示仅该方法支持跨域

1 2	@CrossOrigin(origins = "*") // 允许所有ip跨域 @CrossOrigin(origins = "192.168.0.1") //只允许指定ip跨域

在 SpringMVC 配置文件 spring-context.xml 中配置跨域请求

<!-- 接口跨域配置 -->
<mvc:cors>
	<!-- allowed-methods="*" --> <!-- 表示所有请求都有效 -->
	<mvc:mapping path="/**" allowed-origins="*"
		allowed-methods="POST, GET, OPTIONS, DELETE, PUT"
		allowed-headers="Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With"
		allow-credentials="true" />
</mvc:cors>

使用 cors-filter 包配置跨域

引入 pom.xml 依赖

<!-- cors-filter包：配置跨域 -->
<dependency>
	<groupId>com.thetransactioncompany</groupId>
	<artifactId>cors-filter</artifactId>
	<version>2.5</version>
</dependency>

在 web.xml 文件中注册 Filter 跨域过滤器

<!-- 配置跨域过滤器 -->
<filter>
	<filter-name>CORS</filter-name>
	<filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>
	<init-param>
		<param-name>cors.allowOrigin</param-name>
		<param-value>*</param-value>
	</init-param>
	<init-param>
		<param-name>cors.supportedMethods</param-name>
		<!-- <param-value>*</param-value> --> <!-- 表示所有请求都有效 -->
		<param-value>GET, POST, HEAD, PUT, DELETE</param-value>
	</init-param>
	<init-param>
		<param-name>cors.supportedHeaders</param-name>
		<param-value>Accept, Origin, X-Requested-With, Content-Type, Last-Modified</param-value>
	</init-param>
	<init-param>
		<param-name>cors.exposedHeaders</param-name>
		<param-value>Set-Cookie</param-value>
	</init-param>
	<init-param>
		<param-name>cors.supportsCredentials</param-name>
		<param-value>true</param-value>
	</init-param>
</filter>
<filter-mapping>
	<filter-name>CORS</filter-name>
	<url-pattern>/*</url-pattern>
</filter-mapping>

自定义 CrossingFilter 跨域过滤器

自定义过滤器，实现 Filter 接口

package com.bjtcrj.filter;
 
import java.io.IOException;
 
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
 
public class CrossingFilter implements Filter {
 
	private boolean isCross = false;
 
	@Override
	public void destroy() {
		isCross = false;
	}
 
	@Override
	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
			throws IOException, ServletException {
		if (isCross) {
			HttpServletRequest httpServletRequest = (HttpServletRequest) request;
			HttpServletResponse httpServletResponse = (HttpServletResponse) response;
			System.out.println("拦截请求: " + httpServletRequest.getServletPath());
			httpServletResponse.setHeader("Access-Control-Allow-Origin", "*");
			// httpServletResponse.setHeader("Access-Control-Allow-Methods", "*"); // 表示所有请求都有效
			httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
			httpServletResponse.setHeader("Access-Control-Max-Age", "0");
			httpServletResponse.setHeader("Access-Control-Allow-Headers",
					"Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With,userId,token");
			httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
			httpServletResponse.setHeader("XDomainRequestAllowed", "1");
		}
		chain.doFilter(request, response);
	}
 
	@Override
	public void init(FilterConfig filterConfig) throws ServletException {
		String isCrossStr = filterConfig.getInitParameter("IsCross");
		isCross = isCrossStr.equals("true") ? true : false;
		System.out.println("跨域开启状态：" + isCrossStr);
	}
}

web.xml 中注册过滤器

<!-- 配置跨域过滤器 -->
<filter>
	<filter-name>CrossingFilter</filter-name>
	<filter-class>com.bjtcrj.filter.CrossingFilter</filter-class>
	<init-param>
		<param-name>IsCross</param-name>
		<param-value>true</param-value>
	</init-param>
</filter>
<filter-mapping>
	<filter-name>CrossingFilter</filter-name>
	<url-pattern>/*</url-pattern>
</filter-mapping>