1. 首頁
  2. 問答
  3. 將CORS過濾器應用於Tomcat 4XX響應

將CORS過濾器應用於Tomcat 4XX響應

2014-11-05 61 views
1

我有一個Tomcat 6服務器配置了BASIC身份驗證服務,通過一個CORS過濾器將一個REST API添加到AngularJS前端。憑藉標題中提供的有效憑據,一切正常。當身份驗證未獲批准時(401,403),CORS頭未掛接,客戶端無法確定狀態碼。有沒有辦法讓我配置CORS過濾器來影響這些響應?有沒有人知道我在哪裏可以找到一張圖表,展示過濾器和身份驗證如何適應Tomcat的架構?將CORS過濾器應用於Tomcat 4XX響應

我在Chrome中得到的錯誤是這樣的:http://imgur.com/2hTEpiu(我沒有足夠的聲譽發佈圖片)

安全配置,像這樣:

<security-role> 
    <role-name>phys_user</role-name> 
</security-role> 

<security-constraint> 
    <web-resource-collection> 
     <web-resource-name>Rest Service</web-resource-name> 
     <url-pattern>/rest/*</url-pattern> 
     <http-method>GET</http-method> 
     <http-method>POST</http-method> 
    </web-resource-collection> 
    <auth-constraint> 
     <role-name>phys_user</role-name> 
    </auth-constraint> 
</security-constraint> 

<login-config> 
    <auth-method>BASIC</auth-method> 
</login-config>

我有嘗試註冊一個與澤西島的自定義ContainerResponseFilter:

@PreMatching 
public class ResponseCorsFilter implements ContainerResponseFilter { 

    @Override 
    public ContainerResponse filter(ContainerRequest req, ContainerResponse res) { 
     Response.ResponseBuilder rb = Response.fromResponse(res.getResponse()); 
     rb.header("Access-Control-Allow-Origin", "*") 
      .header("Access-Control-Allow-Methods", "GET, POST, OPTIONS"); 

     String reqHeader = req.getHeaderValue("Access-Control-Request-Headers"); 
     if(reqHeader != null && !reqHeader.equals("")) 
      rb.header("Access-Control-Allow-Headers", reqHeader); 

     res.setResponse(rb.build()); 
     return res; 
    } 
}

...並在web.xml

<init-param> 
    <param-name>com.sun.jersey.spi.container.ContainerResponseFilters</param-name> 
    <param-value>cm.security.ResponseCorsFilter</param-value> 
</init-param>

我已經使用來自庫中的CORS濾波器也嘗試:

<filter> 
    <filter-name>CorsFilter</filter-name> 
    <filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class> 
    <init-param> 
     <param-name>cors.allowOrigin</param-name> 
     <param-value>*</param-value> 
    </init-param> 
    <init-param> 
     <param-name>cors.supportedMethods</param-name> 
     <param-value>GET, POST, OPTIONS</param-value> 
    </init-param> 
    <init-param> 
     <param-name>cors.supportedHeaders</param-name> 
     <param-value>accept, authorization, origin</param-value> 
    </init-param> 
    <init-param> 
     <param-name>cors.supportsCredentials</param-name> 
     <param-value>true</param-value> 
    </init-param> 
</filter> 

<filter-mapping> 
    <filter-name>CorsFilter</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping>

來源

2014-11-05 xum

回答

0

如果(method.equals(GeneralEnums.HttpMethodType.OPTIONS.toString())){ 拋出新的WebApplicationException(Status.OK); }

在您的ContainerRequestFilter中添加上述行。它像一個魅力。

也看看這個鏈接。

Jersey REST + CORS + Jquery AJAX CALL

來源

2015-01-02 08:05:22 Jone

相關問題

 相關問題