环境:公司局域网下开发工具下联调;
后端:idea 192.168.0.60;前端:vscode 192.168.0.232
前端已经设置withCredentials:true;
后端:
package com.lbwh.controller.login;
import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class CorsFilter implements Filter {
public CorsFilter(){
System.out.println("CorsFilter正在构造……");
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("CorsFilter init...");
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
System.out.println("CorsFilter doFilter...");
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
//允许请求携带认证信息(cookie)
res.setHeader("Access-Control-Allow-Credentials", "true");
//指定允许其他域名访问
res.setHeader("Access-Control-Allow-Origin", "http://192.168.0.232:3000/");
//允许请求的类型
res.setHeader("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH");
//允许的请求头字段
res.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
//设置预检请求的有效期
//浏览器同源策略:出于安全考虑,浏览器限制跨域的http请求。怎样限制呢?通过发送两次请求:预检请求、用户请求。
//1、预检请求作用:获知服务器是否允许该跨域请求:如果允许,才发起第二次真实的请求;如果不允许,则拦截第二次请求
//2、单位:s,在此期间不用发送预检请求。
//3、若为0:表示每次请求都发送预检请求,每个ajax请求之前都会先发送预检请求。
res.setHeader("Access-Control-Max-Age", "3600");
//OPTIONS Method表示浏览器发送的预检请求。
if ("OPTIONS".equalsIgnoreCase(req.getMethod())) {
res.setStatus(HttpServletResponse.SC_OK);
} else {
chain.doFilter(req, res);
}
}
@Override
public void destroy() {
System.out.println("CorsFilter destroy...");
}
}
package com.lbwh.controller.login;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport;
@Configuration
public class WebConfig extends WebMvcConfigurationSupport {
@Override
protected void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new PassportInterceptor()).addPathPatterns("/**").excludePathPatterns("/termion/**",
"/Login/login",
"/Login/LoginOut"
);
super.addInterceptors(registry);
}
}
package com.lbwh.controller.login;
import java.io.PrintWriter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import com.alibaba.fastjson.JSONObject;
import com.lbwh.utils.JwtUtils;
@Component
public class PassportInterceptor implements HandlerInterceptor{
@Override
public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler)
throws Exception {
String tokens = request.getHeader("token");
if(tokens != null && !"".equals(tokens)){
String token = tokens.trim().replaceAll("/^\"|\"$/g","''");
boolean flag = JwtUtils.verify(token);
if(flag) {
return true;
}
}
return false;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
ModelAndView modelAndView) throws Exception {
// TODO Auto-generated method stub
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
throws Exception {
// TODO Auto-generated method stub
}
}
以上三个文件我想应该设置的没错,我的token也用但是用于其他地方了。现在的问题就是公司局域网下开发工具内联调硬是后端方法获取不到session,目前不考虑redis,因为不算是分布式。跟环境有关系?只能正式环境下前后端同一台机器部署下还有这个问题吗?正式环境我并没有测试过。求大佬问题出在哪里?