有谁知道如何直接(或glassfish)为Payara服务器中的某些域启用CORS?
我正在使用Payara服务器4.1.1.171.1。
我有一个在localhost:3000上运行的应用程序需要与Payara服务器通信,但我一直收到CORS错误。
我发现的大多数链接只是简单地将域(即localhost)添加到响应头中,如下所示:
response.addHeader(“Access-Control-Allow-Origin”,“localhost”);
我已经在我的java代码中完成了它,它的工作原理。但我想知道如何直接更新服务器中的Payara(或glassfish)来做到这一点。因为我已经看到人们提出建议(即更新服务器配置文件以允许某些域的CORS)。这样java代码就不必专门添加上面的标题内容。
但是那些建议有一些不是Glassfish和Payara的服务器的例子。
甚至这个CORS链接https://enable-cors.org/server.html列出了20个左右的服务器/平台如何启用CORS,但没有一个是Payara或Glassfish。
有谁知道怎么做?
提前致谢!
您需要为每个调用创建一个拦截器,您必须在其中添加更多标头。在某些条件下你需要。请看下面的代码:
import javax.ws.rs.HttpMethod;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.container.ContainerResponseFilter;
import javax.ws.rs.container.PreMatching;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.ext.Provider;
@Provider
@PreMatching
public class CorsResponseFilter implements ContainerResponseFilter {
public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) {
String origin = requestContext.getHeaderString("Origin");
if ((origin != null)
&& origin.startsWith("http://localhost:4200") || origin.startsWith("http://localhost:8080"))) {
allowExceptionCors(requestContext, responseContext, origin);
}
}
private void allowExceptionCors(ContainerRequestContext requestContext, ContainerResponseContext responseContext, String origin) {
String methodHeader = requestContext.getHeaderString("Access-Control-Request-Method");
String requestHeaders = requestContext.getHeaderString("Access-Control-Request-Headers");
MultivaluedMap<String, Object> headers = responseContext.getHeaders();
headers.putSingle("Access-Control-Allow-Origin", origin);
headers.putSingle("Access-Control-Allow-Credentials", "true");
headers.putSingle("Access-Control-Allow-Methods", methodHeader);
headers.putSingle("Access-Control-Allow-Headers", "x-requested-with," + (requestHeaders == null ? "" : requestHeaders));
}
}
对于更开放的cors过滤,您可以使用以下内容:
import java.io.IOException;
import java.util.List;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.container.ContainerResponseFilter;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.ext.Provider;
@Provider
public class CorsResponseFilter implements ContainerResponseFilter {
public static final String ALLOWED_METHODS = "GET, POST, PUT, DELETE, OPTIONS, HEAD";
public final static int MAX_AGE = 42 * 60 * 60;
public final static String DEFAULT_ALLOWED_HEADERS = "origin,accept,content-type";
public final static String DEFAULT_EXPOSED_HEADERS = "location,info";
@Override
public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) throws IOException {
final MultivaluedMap<String, Object> headers = responseContext.getHeaders();
headers.add("Access-Control-Allow-Origin", "*");
headers.add("Access-Control-Allow-Headers", getRequestedAllowedHeaders(requestContext));
headers.add("Access-Control-Expose-Headers", getRequestedExposedHeaders(requestContext));
headers.add("Access-Control-Allow-Credentials", "true");
headers.add("Access-Control-Allow-Methods", ALLOWED_METHODS);
headers.add("Access-Control-Max-Age", MAX_AGE);
headers.add("x-responded-by", "cors-response-filter");
}
String getRequestedAllowedHeaders(ContainerRequestContext responseContext) {
List<String> headers = responseContext.getHeaders().get("Access-Control-Allow-Headers");
return createHeaderList(headers, DEFAULT_ALLOWED_HEADERS);
}
String getRequestedExposedHeaders(ContainerRequestContext responseContext) {
List<String> headers = responseContext.getHeaders().get("Access-Control-Expose-Headers");
return createHeaderList(headers, DEFAULT_EXPOSED_HEADERS);
}
String createHeaderList(List<String> headers, String defaultHeaders) {
if (headers == null || headers.isEmpty()) {
return defaultHeaders;
}
StringBuilder retVal = new StringBuilder();
for (int i = 0; i < headers.size(); i++) {
String header = (String) headers.get(i);
retVal.append(header);
retVal.append(',');
}
retVal.append(defaultHeaders);
return retVal.toString();
}
}
来自Adam Bien关于cors
的GitHub项目