基于springboot搭建的后台框架,做了跨域,能访问到接口,后台设置了拦截器
public class LoginInterceptor implements HandlerInterceptor {
//这个方法是在访问接口之前执行的,只需要在这里写验证登录状态的业务逻辑,就可以在用户调用指定接口之前验证登录状态
public boolean preHandle(HttpServletRequest request, HttpSession session, HttpServletResponse response, Object handler) throws Exception {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse rep = (HttpServletResponse) response;
rep.setHeader("Access-Control-Allow-Origin", req.getHeader("Origin"));
rep.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
rep.setHeader("Access-Control-Max-Age", "3600");
rep.setHeader("Access-Control-Allow-Headers", "Content-Type,XFILENAME,XFILECATEGORY,XFILESIZE");
rep.setHeader("Access-Control-Allow-Credentials","true"); //是否支持cookie跨域
String loginName = (String) session.getAttribute("loginName");
System.out.println("loginName======"+loginName);
if (loginName == null || loginName.equals("")){
return false;
}else {
return true;
}
}
@Configuration
public class WebConfigurer implements WebMvcConfigurer {
@Autowired
private LoginInterceptor loginInterceptor;
// 这个方法用来配置静态资源,如html,js,css等
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/static/**");
}
//设置跨域访问
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOrigins("*")
.allowedHeaders("*")
.exposedHeaders("access-control-allow-headers",
"access-control-allow-methods",
"access-control-allow-origin",
"access-control-max-age",
"X-Frame-Options")
.allowedMethods("GET", "HEAD", "POST", "PUT", "PATCH", "DELETE", "OPTIONS", "TRACE")
.allowCredentials(true).maxAge(3600);
}
// 这个方法用来注册拦截器,写好的拦截器需要通过这里添加注册才能生效
@Override
public void addInterceptors(InterceptorRegistry registry) {
// addPathPatterns("/**") 表示拦截所有的请求,excludePathPatterns("/login", "/register") 表示除了登陆与注册之外
registry.addInterceptor(loginInterceptor).addPathPatterns("/**").excludePathPatterns("/loginAndInit", "/registerUser", "/getUsers");
}
}
yml配置文件部分
#服务器配置,配80能够省去地址后的端口号
server:
port: 80
session-timeout: 3600 * 24 * 7
tomcat.max-threads: 0
tomcat.uri-encoding: UTF-8
前端html页面使用ajax调用,加了
````crossDomain:true,
xhrFields: {
withCredentials: true
},
async:true,
但是每次登录后一分钟不访问就掉了,明明设置的都是3600以上了,再掉其他接口后台取session存的值时就成null了。求大佬解答!!感激不尽!!明天要演示系统,头很大!!!