Spring Security処理クロスドメイン
1419 ワード
1.手書きでフィールドをまたぐ処理Filter
public class CorsFilter extends OncePerRequestFilter {
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
FilterChain filterChain) throws ServletException, IOException {
String orignalHeader = StringUtils.defaultIfBlank(request.getHeader("Origin"), "*");
//
response.setHeader("Access-Control-Max-Age", "3600");
//
response.setHeader("Access-Control-Allow-Headers", request.getHeader("Access-Control-Request-Headers"));
response.setHeader("Access-Control-Allow-Origin", orignalHeader);
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE, PUT");
if (OPTIONS.matches(request.getMethod())) {
response.setStatus(SC_OK);
} else {
filterChain.doFilter(request, response);
}
}
}
2.spring-securityモジュールに追加するフィルタチェーンのヘッド位置public class WebMvcConfig extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.addFilterBefore(new CorsFilter (), WebAsyncManagerIntegrationFilter.class);
}
}