一、跨域介绍
跨域是指浏览器不能执行其他网站的脚本,是因为浏览器的同源策略造成的,是浏览器的安全限制。
同源策略 域名、协议、端口号均相同 同源策略出现原因 保证用户安全,避免出现跨站攻击等恶意行为。
跨域配置就是让我们的后端服务和前端服务互相认识对象,将对方当成是正常的友好关系,而不是伪造的假性关系。
二、跨域工具配置
1、定义跨域配置文件
/**
因为把跨域配置放在的工具包里,所以我们定义了一个配置类,可以供其他服务动态配置基础跨域参数
**/
@EnableConfigurationProperties(CrossOriginConfiguration.class)
public class CrossOriginFilterConfiguration {
private Logger logger = LoggerFactory.getLogger(CrossOriginFilterEnable.class);
private final CrossOriginConfiguration crossOriginConfiguration;
public CrossOriginFilterConfiguration(CrossOriginConfiguration crossOriginConfiguration) {
this.crossOriginConfiguration = crossOriginConfiguration;
}
@Bean
public FilterRegistrationBean registration() {
logger.debug("CorsFilter init... , configuration -> {}", crossOriginConfiguration);
FilterRegistrationBean<CorsFilter> bean = new FilterRegistrationBean<>();
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.addAllowedOrigin(crossOriginConfiguration.getOrigin());
config.addAllowedHeader(crossOriginConfiguration.getHeader());
config.addAllowedMethod(crossOriginConfiguration.getMethod());
config.setAllowCredentials(crossOriginConfiguration.getCredentials());
source.registerCorsConfiguration(crossOriginConfiguration.getPattern(), config);
CorsFilter corsFilter = new CorsFilter(source);
bean.setFilter(corsFilter);
return bean;
}
}
2、定义快捷导入配置的方式 - 注解
@Target({ElementType.TYPE, ElementType.METHOD})
@Retention(RetentionPolicy.RUNTIME)
@Documented
/*
很简单的一个配置,只需要在这里导入我们的配置文件给Spring加载即可
*/
@Import(CrossOriginFilterConfiguration.class)
public @interface CrossOriginFilterEnable {
}
3、配置文件类
@Data
@ConfigurationProperties(prefix = "cors")
public class CrossOriginConfiguration {
private static final String DEFAULT_PATTERN = "/**";
private String pattern = DEFAULT_PATTERN;
private String origin = ALL;
private String header = ALL;
private String method = ALL;
private Boolean credentials = Boolean.TRUE;
}
