如何使用SpringJavaMongoREST应用程序配置CORS?
我试图将这两个示例JavaSpring应用程序组合在一起,以便能够在一台服务器上运行我的Mongo数据库,并将JSON提供给另一台服务器上的前端应用程序
CORS教程: http://spring.io/guides/gs/rest-service-cors/
带休息的MongoDB http://spring.io/guides/gs/accessing-mongodb-data-rest/
我现在的“带REST的MongoDB”春季。io示例应用程序正在运行,但即使在添加了SimpleCORSFilter类(如上面的CORS示例所示)之后,它目前仍然不支持CORS
我在想,我可能只需要在某个地方配置这个新的SimpleCORSFilter类——在相当于web的注释中。xml—所以我尝试在SimpleCORSFilter类中使用@WebFilter(“/*”)
根据“MongoDB with REST”教程页面,“@Import(RepositoryRestMvcConfiguration.class)注释导入提供RESTful前端所需的Spring MVC控制器、JSON转换器和其他bean的集合。这些组件链接到Spring Data MongoDB后端。”这可能表明我还应该覆盖RepositoryRestMvcConfiguration中的某些内容来配置SimpleCORSFilter过滤器
我尝试在SimpleCORSFilter类本身上添加@WebFilter(“/”),但在使用curl--verbose的响应中没有看到访问控制-头。因此,我认为过滤器的配置不正确
有没有人有幸将这两个教程项目(或类似项目)结合起来
作为参考,我尝试配置的SimpleCORSFilter类如下:
package foo.bar;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;
@WebFilter("/*")
@Component
public class SimpleCORSFilter extends OncePerRequestFilter implements Filter {
/* Attempt #1 - based on original demo code from spring.io - could not get to work
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "x-requested-with");
chain.doFilter(req, res);
}
*/
// Attempt #2 - based on https://stackoverflow.com/questions/20583814/angular-and-cors which advised use of addHeader() instead of setHeader() - still no luck
@Override
protected void doFilterInternal(HttpServletRequest request,
HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
response.addHeader("Access-Control-Allow-Origin", "*");
response.addHeader("Access-Control-Allow-Methods",
"GET, POST, PUT, DELETE, OPTIONS");
response.addHeader("Access-Control-Allow-Headers",
"origin, content-type, accept, x-requested-with, sid, mycustom, smuser");
filterChain.doFilter(request, response);
}
// unable to override this final method
//public void init(FilterConfig filterConfig) {}
public void destroy() {}
}
。。。目前似乎正在执行配置的主要应用程序类如下所示:
package foo.bar;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.data.mongodb.repository.config.EnableMongoRepositories;
import org.springframework.data.rest.webmvc.config.RepositoryRestMvcConfiguration;
@Configuration
@EnableMongoRepositories
@Import(RepositoryRestMvcConfiguration.class)
@EnableAutoConfiguration
public class Application {
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
}
注意:我确实在这里找到了一个类似的帖子:CORS with Spring not working,但是这个解决方案涉及到使用JSONP,我也读到它是一种黑客行为,而且在任何情况下,这个问题似乎也没有得到解决
# 1 楼答案
我遇到了我认为类似的问题。关闭基本身份验证似乎解决了这个问题