我正在使用最新版本的 GlassFish。我想设置 Access-Control-Allow-Origin 标头作为响应,以便可以从任何域调用我在 GlassFish 上托管的 API。但我不知道在哪里设置它。
问问题
22775 次
4 回答
16
就我而言,API 请求由 Jersey 专门处理,因此我可以在以下位置设置响应标头ContainerResponseFilter:
package my.app;
import com.sun.jersey.spi.container.ContainerRequest;
import com.sun.jersey.spi.container.ContainerResponse;
import com.sun.jersey.spi.container.ContainerResponseFilter;
public class CrossOriginResourceSharingFilter implements ContainerResponseFilter {
@Override
public ContainerResponse filter(ContainerRequest creq, ContainerResponse cresp) {
cresp.getHttpHeaders().putSingle("Access-Control-Allow-Origin", "*");
cresp.getHttpHeaders().putSingle("Access-Control-Allow-Credentials", "true");
cresp.getHttpHeaders().putSingle("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT");
cresp.getHttpHeaders().putSingle("Access-Control-Allow-Headers", "Content-Type, Accept");
return cresp;
}
}
过滤器在 web.xml 中启用:
<servlet>
<servlet-name>Gateway Servlet</servlet-name>
<servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
<init-param>
<param-name>com.sun.jersey.spi.container.ContainerResponseFilters</param-name>
<param-value>my.app.CrossOriginResourceSharingFilter</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
如果你不使用 Jersey,我想你可以创建一个类似的 servlet 响应过滤器。
于 2012-05-29T13:01:03.250 回答
9
最好和最简单的方法是右键单击项目
并选择跨域资源共享过滤器
于 2016-11-21T02:48:44.230 回答
2
这是执行此操作的 Java EE 标准方法。除了使用的库包 (javax) 和获取标头的方法调用不同 (getHeaders) 之外,它几乎与 Jersey 示例完全相同。
import java.io.IOException;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.container.ContainerResponseFilter;
import javax.ws.rs.ext.Provider;
@Provider
public class RestResponseFilter implements ContainerResponseFilter{
@Override
public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) throws IOException{
responseContext.getHeaders().putSingle("Access-Control-Allow-Origin", "*");
responseContext.getHeaders().putSingle("Access-Control-Allow-Credentials", "true");
responseContext.getHeaders().putSingle("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT");
responseContext.getHeaders().putSingle("Access-Control-Allow-Headers", "Content-Type, Accept");
}
}
于 2014-05-29T15:38:58.490 回答
2
由于您使用标签 java-ee-6,我相信 @Provider 不受支持。我使用了以下代码,基于javaee6 教程:
import java.io.IOException;
import java.util.logging.Logger;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletResponse;
@WebFilter(filterName = "AddHeaderFilter", urlPatterns = {"/*"})
public class ResponseFilter implements Filter {
private final static Logger log = Logger.getLogger(ResponseFilter.class.getName() );
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
if (response instanceof HttpServletResponse) {
log.info("Adding headers");
HttpServletResponse http = (HttpServletResponse) response;
http.addHeader("Access-Control-Allow-Origin", "*");
http.addHeader("Access-Control-Allow-Credentials", "true");
http.addHeader("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT");
}
chain.doFilter(request, response);
}
于 2015-07-31T07:04:35.073 回答