使用Spring CROS解决项目中的跨域问题

CROS(Cross-Origin Resource Sharing) 用于解决浏览器中跨域请求的问题。简单的Get请求可以使用JSONP来解决,而对于其它复杂的请求则需要后端应用的支持CROS。Spring在4.2版本之后提供了@CrossOrigin 注解来实现对Cross的支持。

  • 在Controller方法上配置
1
2
3
4
5
6

@CrossOrigin(origins = {"http://loaclhost:8088"})
@RequestMapping(value = "/crossTest",method = RequestMethod.GET)
public String greeting() {
return "corss test";
}
  • 在Controller上配置,那么这个Controller中的所有方法都会支持CORS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

@CrossOrigin(origins = "http://localhost:8088",maxAge = 3600)
@Controller
@RequestMapping("/api")
public class AppController {

@RequestMapping(value = "/crossTest",method = RequestMethod.GET)
public String greeting() {
return "corss test";
}

}
  • Java Config全局配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;

@Configuration
@EnableWebMvc
public class SpringWebConfig extends WebMvcConfigurerAdapter {

/**
* {@inheritDoc}
* <p>This implementation is empty.
*
* @param registry
*/
@Override
public void addCorsMappings(CorsRegistry registry) {
super.addCorsMappings(registry);
// 对所有的URL配置
registry.addMapping("/**");

// 针对某些URL配置
registry.addMapping("/api/**").allowedOrigins("http:///localhost:8088")
.allowedMethods("PUT","DELETE")
.allowedHeaders("header1","header2","header3")
.exposedHeaders("header1","header2")
.allowCredentials(false).maxAge(3600);
}
}
  • XML全局配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd">

<mvc:cors>
<!--<mvc:mapping path=""/>-->
<mvc:mapping path="/api/**"
allowed-origins="http://localhost:8088,http://localhost:8888"
allowed-methods="GET,PUT"
allowed-headers="header1,header2"
exposed-headers="header1,header2"
allow-credentials="false"
max-age="3600" />
</mvc:cors>
</beans>