【发布时间】:2012-04-27 02:09:06
【问题描述】:
我正在使用最新版本的 GlassFish。我想设置 Access-Control-Allow-Origin 标头作为响应,以便可以从任何域调用我在 GlassFish 上托管的 API。但我不知道在哪里设置它。
【问题讨论】:
标签: glassfish java-ee-6 glassfish-3
【发布时间】:2012-04-27 02:09:06
【问题描述】:
就我而言,API 请求由 Jersey 专门处理,因此我可以在 ContainerResponseFilter 中设置响应标头:
package my.app;
import com.sun.jersey.spi.container.ContainerRequest;
import com.sun.jersey.spi.container.ContainerResponse;
import com.sun.jersey.spi.container.ContainerResponseFilter;
public class CrossOriginResourceSharingFilter implements ContainerResponseFilter {
@Override
public ContainerResponse filter(ContainerRequest creq, ContainerResponse cresp) {
cresp.getHttpHeaders().putSingle("Access-Control-Allow-Origin", "*");
cresp.getHttpHeaders().putSingle("Access-Control-Allow-Credentials", "true");
cresp.getHttpHeaders().putSingle("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT");
cresp.getHttpHeaders().putSingle("Access-Control-Allow-Headers", "Content-Type, Accept");
return cresp;
}
}
过滤器在 web.xml 中启用:
<servlet>
<servlet-name>Gateway Servlet</servlet-name>
<servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
<init-param>
<param-name>com.sun.jersey.spi.container.ContainerResponseFilters</param-name>
<param-value>my.app.CrossOriginResourceSharingFilter</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
如果你不使用 Jersey,我想你可以创建一个类似的 servlet 响应过滤器。
【讨论】:
-
你能举例说明如何在没有球衣的情况下做到这一点吗?
-
好吧,对于 CXF,帖子中描述的方法不起作用,因为来自 jax-rs 2.0 API 的 ContainerRequestFilter 没有从 Filter 扩展/实现,因此不能配置为 servlet 过滤器。尝试这样做会导致类转换异常。
-
如果 java ee 6 中没有 ContainerResponseFilter,这个答案是如何被接受的?
这是一种 Java EE 标准方法。除了使用的库包(javax)和获取头文件的方法调用不同(getHeaders)之外,它几乎与泽西岛示例完全相同。
import java.io.IOException;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.container.ContainerResponseFilter;
import javax.ws.rs.ext.Provider;
@Provider
public class RestResponseFilter implements ContainerResponseFilter{
@Override
public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) throws IOException{
responseContext.getHeaders().putSingle("Access-Control-Allow-Origin", "*");
responseContext.getHeaders().putSingle("Access-Control-Allow-Credentials", "true");
responseContext.getHeaders().putSingle("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT");
responseContext.getHeaders().putSingle("Access-Control-Allow-Headers", "Content-Type, Accept");
}
}
【讨论】:
-
glassfish 4.1 中的 web.xml 怎么样?
由于您使用标签 java-ee-6,我相信 @Provider 不受支持。我使用了以下代码,基于javaee6 tutorial:
import java.io.IOException;
import java.util.logging.Logger;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletResponse;
@WebFilter(filterName = "AddHeaderFilter", urlPatterns = {"/*"})
public class ResponseFilter implements Filter {
private final static Logger log = Logger.getLogger(ResponseFilter.class.getName() );
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
if (response instanceof HttpServletResponse) {
log.info("Adding headers");
HttpServletResponse http = (HttpServletResponse) response;
http.addHeader("Access-Control-Allow-Origin", "*");
http.addHeader("Access-Control-Allow-Credentials", "true");
http.addHeader("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT");
}
chain.doFilter(request, response);
}
【讨论】:
-
不错的选择,尽管它比@Provider 慢得多(认为值得指出)