CORSfilter未按预期工作

我试图从我的Webstorm应用程序发送请求到我的后端应用程序,它们都在不同的端口,我在前端使用angularJS,在后端使用java。 我已经阅读了一些关于CORSfilter的内容,并且我了解到为了做Cross Origin Requests,我需要实现它们。 然而,在做完这个我的错误后,正在 

Failed to load resource: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:63343' is therefore not allowed access. http://localhost:8080/register?password=&username= XMLHttpRequest cannot load http://localhost:8080/register?password=&username=. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:63343' is therefore not allowed access.

没有改变导致我相信我做错了什么,这是我发送请求的代码: 

 var charmanderServices = angular.module('charmanderServices', ['ngResource']); var hostAdress = "http://localhost:8080"; charmanderServices.factory("register", ["$resource", function($resource){ console.log('in service'); return $resource(hostAdress + "/register", {}, { 'registerUser' : { method: 'POST', isArray: false, params: { username: '@username', password: '@password' } }, headers : {'Content-Type' : 'application/x-www-form-urlencoded'} }); } ]);

我的corsFilter写得像这样: 

 @Component public class SimpleCORSFilter implements Filter { public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { //This is not even printing System.out.println("Cheers lads, I'm in the filter"); HttpServletResponse response = (HttpServletResponse) res; response.setHeader("Access-Control-Allow-Origin", "*"); response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE"); response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader("Access-Control-Allow-Headers", "x-requested-with, X-Auth-Token, Content-Type"); chain.doFilter(req, res); } public void init(FilterConfig filterConfig) {} public void destroy() {} }

这是我的web.xml: 

  Project   org.springframework.web.context.ContextLoaderListener    cors com.robin.filters.SimpleCORSFilter   cors /*   dispatcherServlet org.springframework.web.servlet.DispatcherServlet  contextConfigLocation classpath:/spring/applicationContext.xml  1   dispatcherServlet /

这是我正在捕获请求的控制器: 

 @Controller public class UserController { @Autowired private UserService userService; @RequestMapping(value = "/register" , method= RequestMethod.POST, produces = "application/json") @ResponseBody public boolean register(@RequestParam(value = "username") String username, @RequestParam(value = "password") String password){ System.out.println("Im in register hurray"); return userService.register(username, password); } }

更新:我已尝试将filter实现为OncePerRequestFilter,仍然无法正常工作。 有人能够在这里帮助我吗?

更新#2:还试过这个, http://software.dzhuvinov.com/cors-filter-installation.html ,没有运气

更新#3:这是我在控制台中的输出,我可以看到响应没有添加任何标头: 

 Request URL:http://localhost:8080/register?password=g&username=g Request Method:OPTIONS Status Code:200 OK Request Headersview source Accept:*/* Accept-Encoding:gzip,deflate,sdch Accept-Language:en-US,en;q=0.8,nl;q=0.6 Access-Control-Request-Headers:accept, content-type Access-Control-Request-Method:POST Connection:keep-alive Host:localhost:8080 Origin:http://localhost:63343 Referer:http://localhost:63343/Project/index.html?uName=g&uPassword=g&uPasswordConfirm=g User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.152 Safari/537.36 Query String Parametersview sourceview URL encoded password:g username:g Response Headersview source Allow:GET, HEAD, POST, PUT, DELETE, OPTIONS Content-Length:0 Date:Fri, 04 Apr 2014 09:50:35 GMT Server:Apache-Coyote/1.1

更新#4:使用@WebFilter而不是@Component注释filter,没有帮助

更新#5:这是我的applicationContext.xml文件: 

          com.robin.model     org.hibernate.dialect.MySQL5Dialect true create     com.robin.model.User

我还在这里添加了我的控制器和register.html文件中的代码: 

 charmanderControllers.controller('registerController', ['$scope', 'register', function($scope, register){ $scope.username = ''; $scope.password = ''; $scope.register = function () { register.registerUser({'username': $scope.username, 'password': $scope.password}).$promise.then(function(data){ switch(data.response){ case true: //succes $scope.registered = true; $scope.userExists = false; break; case false: //user exists $scope.registered = false; $scope.userExists = true; break; } console.log(data.response); }) }; $scope.checkValidRegister = function (invalid) { console.log(invalid); console.log($scope.passwordConfirm); console.log($scope.password); console.log($scope.username); if (invalid || $scope.password != $scope.passwordConfirm) { console.log("I shouldnt be here"); $scope.validation = true; if ($scope.password != $scope.passwordConfirm) { $scope.passwordError = true; } } else { register(); } }; }]);

register.html 

  
Register now!
 
 
   
 
   
 
   Passwords do not match!

您的代码和配置总体上看起来很好,我能够在本地环境中运行它。 请从SimpleCORSFilter删除@Component注释,因为您将它用作普通的Servletfilter,并且它不需要是Spring上下文的一部分。

UPD。 Tomcat 7有自己的CORSfilter实现 。 您可以查看文档和源代码以获取更多详细信息。 我已修改标头以反映其默认配置,应该按预期工作。

由于您已经在使用Spring,如果您使用的是Spring 4.2或更高版本,则不需要CorsFilter ,但可以使用CrossOrigin简单地注释您的控制器方法。 这是关于此的优秀文章 ,值得一读。

还请检查描述不同平台的CORS配置的 nice资源。

这是我使用普通Filter实现的工作示例:

控制器: 

 @Controller public class UserController { private static Logger log = Logger.getAnonymousLogger(); @RequestMapping( value = "/register", method = RequestMethod.POST, consumes = "application/x-www-form-urlencoded") @ResponseBody public String register(@RequestParam(value = "user") String username, @RequestParam(value = "password") String password) { log.info(username + " " + password); return "true"; } }

过滤: 

 public class CorsFilter implements Filter { private static final Logger log = Logger.getAnonymousLogger(); @Override public void init(FilterConfig filterConfig) throws ServletException { } @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { log.info("Adding Access Control Response Headers"); HttpServletResponse response = (HttpServletResponse) servletResponse; response.setHeader("Access-Control-Allow-Origin", "*"); response.setHeader("Access-Control-Allow-Credentials", "true"); response.setHeader("Access-Control-Allow-Methods", "POST, GET, HEAD, OPTIONS"); response.setHeader("Access-Control-Allow-Headers", "Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers"); filterChain.doFilter(servletRequest, servletResponse); } @Override public void destroy() { } }

在web.xml中过滤映射: 

   cors com.udalmik.filter.CorsFilter   cors /register

JS从单独的Web应用程序(JQuery)执行请求: 

 $(document).ready(function() { $('#buttonId').click(function() { $.ajax({ type: "POST", url: "http://localhost:8080/register", success : function(data){ console.log(data); }, data : { user : 'test.user@acme.com', password : 'password' } }); } }
Interesting Posts

即使存在所有CORS标头,也会出现跨源资源共享问题

异步执行多个任务并在JavaScript函数中返回第一个成功的结果

如何组合现有的Google App引擎后端和AngularJS Web应用程序?

Spring文件上传 – 获得预期的MultipartHttpServletRequest:是否配置了MultipartResolver? 错误

为SPA前端配置Spring Boot

如何将Cross Origin资源共享与Spring MVC 4.0.0 RESTful Webservice集成

Access-Control-Allow-Origin是否足以防止XSRF攻击?

如何在angularjs中阅读pdf流

Spring MVC和Angularjs

AngularJS与Apache Tiles