Tomcat跨域訪問(CROS)
阿新 • • 發佈:2018-11-09
文章目錄
專案場景:
兩個專案 ,同一域名不同埠 分別跑在同一臺機器的兩個tomcat中,構成跨域。
-
首先需要進行cros配置,詳見下面說明(這裡使用了cors-filter jar包方式)
-
意圖跨域訪問的請求不需要session驗證:跨域訪問在進行session驗證時可利用請求頭Referer引數判斷請求來源,若是來自允許的域則直接通過。
完成後,前端可直接使用ajax post請求 跨域提取資料(測試瀏覽器:chrome).
第一步:頁面js程式碼:
function createCORSRequest(method, url){
var xhr = new XMLHttpRequest();
if ("withCredentials" in xhr){
xhr.open(method, url, true);
} else if (typeof XDomainRequest != "undefined"){
xhr = new XDomainRequest();
xhr.open(method, url);
} else {
xhr = null;
}
return xhr;
}
var request = createCORSRequest("get", "http://192.168.5.221:8080/");
if (request){
request.onreadystatechange = function(){
if (request.readyState == 4 && request.status == 200) {
var response = request.responseText;
console.log(response)
}
request.send();
}
第二步:在tomcat伺服器下webapps/ROOT目錄下建立如下兩個xml檔案
1. clientaccesspolicy.xml
<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
2. crossdomain.xml
<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
第三步:修改Tomcat伺服器下conf/web.xml,或者專案WEB-INF/web.xml,
我選擇的是在專案下配置過濾器。我驗證了兩個,一個是tomcat下自帶的cors過濾器,一個是cors-filter-1.7.jar下的過濾器。兩個我都測試了,沒問題。
應用tomcat的filter配置如下:引數cors.allowOrigin可以指定具體的源來訪問
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.preflight.maxage</param-name>
<param-value>10</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
或者應用cors-filter-1.7.jar,還需要java-property-utils-1.9.jar,可以在http://mvnrepository.com/artifact/com.thetransactioncompany/cors-filter 選擇某個版本匯入pom.xml中,自動匯入jar包。
配置如下:引數cors.allowOrigin可以指定具體的源來訪問
<filter>
<filter-name>CORS</filter-name>
<filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>
<init-param>
<param-name>cors.allowOrigin</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.supportedMethods</param-name>
<param-value>GET, POST, HEAD, PUT, DELETE</param-value>
</init-param>
<init-param>
<param-name>cors.supportedHeaders</param-name>
<param-value>Accept, Origin, X-Requested-With, Content-Type, Last-Modified</param-value>
</init-param>
<init-param>
<param-name>cors.exposedHeaders</param-name>
<param-value>Set-Cookie</param-value>
</init-param>
<init-param>
<param-name>cors.supportsCredentials</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CORS</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>