【发布时间】:2015-07-22 06:48:38
【问题描述】:
我想使用http://localhost:9080/StudentWeb/MyRest-rest/services/students/ 提供的 REST 资源 来自我的 AngularJS 应用程序,REST 应用程序部署在 Websphere Appliation Server 中,具有以下部署描述符 (web.xml)。并且应用程序在此配置下完美运行,用户处于 RegisteredUsers 角色。
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<display-name>MyRestApplicationServicesWeb</display-name>
<servlet>
<description>
JAX-RS Tools Generated - Do not modify</description>
<servlet-name>MyRestRest</servlet-name>
<servlet-class>com.ibm.websphere.jaxrs.server.IBMRestServlet</servlet-class>
<init-param>
<param-name>javax.ws.rs.Application</param-name>
<param-value>com.myrest.student.rest.StudentApplication</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
<enabled>true</enabled>
<async-supported>false</async-supported>
</servlet>
<servlet-mapping>
<servlet-name>MyRestRest</servlet-name>
<url-pattern>/MyRest-rest/*</url-pattern>
</servlet-mapping>
<security-role>
<description>RegisteredUsers</description>
<role-name>RegisteredUsers</role-name>
</security-role>
<security-constraint>
<display-name>Area for authenticated users</display-name>
<web-resource-collection>
<web-resource-name>Protected Resources</web-resource-name>
<url-pattern>/MyRest-rest/services/*</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>RegisteredUsers</role-name>
</auth-constraint>
</security-constraint>
<filter>
<filter-name>CORSFilter</filter-name>
<filter-class>com.myrest.student.filter.StudentCORSFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CORSFilter</filter-name>
<url-pattern>/MyRest-rest/*</url-pattern>
</filter-mapping>
</web-app>
我希望通过将转换 REST API 添加到 https 来保护 AngularJS 应用程序和 WAS REST 端点之间的数据流。对于这一点,
<user-data-constraint>
<description>Redirects http requests to https</description>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
在安全约束标签中。
请找到添加的 CORS 过滤器,
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
System.out.println("Inside Filter");
((HttpServletResponse) response).addHeader("Access-Control-Allow-Origin", "*");
((HttpServletResponse) response).addHeader("Access-Control-Allow-Credentials", "true");
((HttpServletResponse) response).addHeader("Access-Control-Allow-Method", "GET, POST, PUT, DELETE, OPTIONS");
((HttpServletResponse) response).addHeader("Content-Type", "application/json");
((HttpServletResponse) response).addHeader("Access-Control-Allow-Headers", "Content-Type");
String accessControlReqHeader = ((HttpServletRequest) request).getHeader("Access-Control-Request-Headers");
System.out.println(accessControlReqHeader);
if (((HttpServletRequest) request).getMethod().equalsIgnoreCase("OPTIONS")) {
((HttpServletResponse) response).addHeader("Access-Control-Allow-Headers", accessControlReqHeader);
} else {
chain.doFilter(request, response);
}
}
但现在 AngularJS 应用程序出现如下错误,
XMLHttpRequest cannot load http://localhost:9080/StudentWeb/MyRest-rest/services/students/12341234. The request was redirected to 'https://localhost:9443/StudentWeb/MyRest-rest/services/students/12341234', which is disallowed for cross-origin requests that require preflight.
我可以将此视为 https 的 CORS 问题。我该如何解决这个问题。
【问题讨论】:
-
对于 angularjs 路由的 index.html 页面请求的 URL 重写配置如何。除了 CORS 错误之外,我的应用程序在这里中断,现在我将其修复为接受标头为 *?有什么帮助吗?