跨域请求处理优化

Author: 734839030

src/main/java/com/seezoon/framework/common/context/filter/CorsFilter.java

@@ -12,36 +12,47 @@
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.seezoon.framework.common.context.utils.PropertyUtil;
 
 /**
  * 测试时候前后端分离 在web.xml 配置
- * @author hdf
- * 2018年4月7日
+ * 
+ * @author hdf 2018年4月7日
  */
 public class CorsFilter implements Filter {
 
+	protected Logger logger = LoggerFactory.getLogger(CorsFilter.class);
+	private boolean cors = false;
+
 	@Override
 	public void init(FilterConfig filterConfig) throws ServletException {
-
+		cors = PropertyUtil.getBoolean("cors.switch");
 	}
 
 	@Override
 	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
 			throws IOException, ServletException {
-		HttpServletResponse servletResponse = (HttpServletResponse) response;
-		HttpServletRequest servletRequest = (HttpServletRequest)request;
-		String origin = servletRequest.getHeader("Origin");
-		if (StringUtils.isNotEmpty(origin)) {
-			servletResponse.setHeader("Access-Control-Allow-Origin", origin);
-		} else {
-			servletResponse.setHeader("Access-Control-Allow-Origin", "*");
+		if (cors) {
+			logger.warn("-------- cors is turn on ----------");
+			HttpServletResponse servletResponse = (HttpServletResponse) response;
+			HttpServletRequest servletRequest = (HttpServletRequest) request;
+			String origin = servletRequest.getHeader("Origin");
+			if (StringUtils.isNotEmpty(origin)) {
+				//允许客户端携带跨域cookie，此时origin值不能为“*”，只能为指定单一域名
+				servletResponse.setHeader("Access-Control-Allow-Origin", origin);
+			} else {
+				servletResponse.setHeader("Access-Control-Allow-Origin", "*");
+			}
+			servletResponse.setHeader("Access-Control-Allow-Methods", "*");
+			servletResponse.setHeader("Access-Control-Allow-Headers", "*,Content-Type");
+			servletResponse.setHeader("Access-Control-Expose-Headers", "*");
+			servletResponse.setHeader("Access-Control-Max-Age", "3600");
+			servletResponse.setHeader("Access-Control-Allow-Credentials", "true");
 		}
-		servletResponse.setHeader("Access-Control-Allow-Methods", "*");
-		servletResponse.setHeader("Access-Control-Allow-Headers", "*,Content-Type");
-		servletResponse.setHeader("Access-Control-Expose-Headers", "*");
-		servletResponse.setHeader("Access-Control-Max-Age", "3600");
-		servletResponse.setHeader("Access-Control-Allow-Credentials", "true");
-		chain.doFilter(request, servletResponse);
+		chain.doFilter(request, response);
 	}
 
 	@Override

src/main/java/com/seezoon/framework/common/context/utils/PropertyUtil.java

@@ -0,0 +1,36 @@
+package com.seezoon.framework.common.context.utils;
+
+import org.apache.commons.configuration.Configuration;
+import org.apache.commons.configuration.ConfigurationException;
+import org.apache.commons.configuration.PropertiesConfiguration;
+
+/**
+ * 配置文件读取
+ * 
+ * @author hdf 2018年4月19日
+ */
+public class PropertyUtil {
+
+	private static Configuration config = null;
+
+	static {
+		try {
+			// 默认从classpath 根路径开始
+			config = new PropertiesConfiguration("application.properties");
+		} catch (ConfigurationException e) {
+			throw new RuntimeException(e);
+		}
+	}
+
+	public static boolean getBoolean(String key) {
+		return config.getBoolean(key, false);
+	}
+
+	public static int getInteger(String key) {
+		return config.getInteger(key, null);
+	}
+
+	public static String getString(String key) {
+		return config.getString(key, null);
+	}
+}

src/main/java/com/seezoon/framework/common/file/FileConfig.java

@@ -1,49 +1,49 @@
 package com.seezoon.framework.common.file;
 
 import org.springframework.beans.factory.annotation.Value;
-import org.springframework.stereotype.Component;
+
+import com.seezoon.framework.common.context.utils.PropertyUtil;
 
 /**
  * 文件模块配置信息
  * 
  * @author hdf 2018年4月15日
  */
-@Component
 public class FileConfig {
 
 	/**
 	 * 存储介质 local= 本地，aliyun=阿里云
 	 */
-	@Value("${file.storage}")
-	private String fileStorage;
+	//@Value("${file.storage}")
+	private String fileStorage = PropertyUtil.getString("file.storage");
 	/**
 	 * 本地公网访问前缀
 	 */
-	@Value("${file.local.urlPrefix}")
-	private String localUrlPrefix;
+	//@Value("${file.local.urlPrefix}")
+	private String localUrlPrefix = PropertyUtil.getString("file.local.urlPrefix");
 	/**
 	 * 本地存储路径
 	 */
-	@Value("${file.local.storePath}")
-	private String localStorePath;
+	//@Value("${file.local.storePath}")
+	private String localStorePath = PropertyUtil.getString("file.local.storePath");
 
 	/**
 	 * 阿里云公网访问前缀
 	 */
-	@Value("${file.aliyun.urlPrefix}")
-	private String aliyunUrlPrefix;
+	//@Value("${file.aliyun.urlPrefix}")
+	private String aliyunUrlPrefix = PropertyUtil.getString("file.aliyun.urlPrefix");
 	/**
 	 * 阿里云bucket 即存储路径
 	 */
-	@Value("${file.aliyun.bucket}")
-	private String aliyunBucket;
+	//@Value("${file.aliyun.bucket}")
+	private String aliyunBucket = PropertyUtil.getString("file.aliyun.bucket");
 
-	@Value("${file.aliyun.endpoint}")
-	private String aliyunEndpoint;
-	@Value("${file.aliyun.accessKeyId}")
-	private String aliyunAccessKeyId;
+	//@Value("${file.aliyun.endpoint}")
+	private String aliyunEndpoint = PropertyUtil.getString("file.aliyun.endpoint");
+	//@Value("${file.aliyun.accessKeyId}")
+	private String aliyunAccessKeyId = PropertyUtil.getString("file.aliyun.accessKeyId");
 	@Value("${file.aliyun.accessKeySecret}")
-	private String aliyunAccessKeySecret;
+	private String aliyunAccessKeySecret = PropertyUtil.getString("file.aliyun.accessKeySecret");
 
 	public String getFileStorage() {
 		return fileStorage;

src/main/java/com/seezoon/framework/common/file/FileHandlerFactory.java

@@ -6,7 +6,6 @@
 
 import com.alibaba.fastjson.JSON;
 import com.seezoon.framework.common.Constants;
-import com.seezoon.framework.common.context.support.SpringContextHolder;
 import com.seezoon.framework.common.file.handler.AliFileFileHandler;
 import com.seezoon.framework.common.file.handler.FileHandler;
 import com.seezoon.framework.common.file.handler.LocalFileHandler;
@@ -17,7 +16,7 @@ public class FileHandlerFactory {
 	private static FileHandler fileHandler = null;
 
 	// 文件配置
-	private static FileConfig fileConfig = SpringContextHolder.getBean(FileConfig.class);
+	private static FileConfig fileConfig = new FileConfig();
 
 	public static FileHandler getHandler() {
 		if (null != fileHandler) {

src/main/java/com/seezoon/framework/modules/system/shiro/FormAuthenticationFilter.java

@@ -13,7 +13,9 @@
 import com.seezoon.framework.common.web.HttpStatus;
 
 /**
- * 自定义shiro 登录filter 适合ajax 登录
+ * 自定义shiro 登录filter 
+ * 账密未认证过会触发这个拦截器
+ * 适合ajax 登录
  * 
  * 自定义HTTP 请求头，310 未登录
  * @author hdf
@@ -39,4 +41,5 @@ protected boolean onAccessDenied(ServletRequest request, ServletResponse respons
 			return false;
 		//}
 	}
+	
 }

src/main/java/com/seezoon/framework/modules/system/shiro/UserFilter.java

@@ -0,0 +1,35 @@
+package com.seezoon.framework.modules.system.shiro;
+
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+
+import org.springframework.stereotype.Component;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+/**
+ * 账密或者remember 的拦截器 
+ * 
+ * 解决在remember的情况下，跨域请求options 请求无法携带cookie 的问题
+ *   
+ * @author hdf
+ * 2018年4月19日
+ */
+@Component
+public class UserFilter extends org.apache.shiro.web.filter.authc.UserFilter {
+
+	@Override
+	protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
+		HttpServletRequest req = (HttpServletRequest)request;
+		//跨域的options 请求直接过
+		if (RequestMethod.OPTIONS.name().equalsIgnoreCase(req.getMethod())) {
+			return true;
+		}
+		return super.onAccessDenied(request, response);
+	}
+
+	@Override
+	protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
+		return super.isAccessAllowed(request, response, mappedValue);
+	}
+}

src/main/resources/application.properties

@@ -1,3 +1,7 @@
+#\u7a0b\u5e8f\u8de8\u57df\uff0c\u6d4b\u8bd5\u65f6\u5019\u4e3a\u4e86\u65b9\u4fbf\u5f00\u542f\uff0c\u4e0a\u751f\u4ea7\u7f6e\u4e3afalse\uff0c\u5efa\u8bae\u5728ngnix \u4e0a\u914d\u7f6e\u8de8\u57df
+cors.switch=true
+cors.switch=
+
 #\u540e\u7aef\u63a5\u53e3\u8def\u5f84\u524d\u7f00
 admin.path=/a
 #\u524d\u7aef\u63a5\u53e3\u8def\u5f84\u524d\u7f00

src/main/resources/spring-context-shiro.xml

@@ -36,6 +36,7 @@
 		<property name="filters">
 			<map>
 				<entry key="authc" value-ref="formAuthenticationFilter" />
+				<entry key="user" value-ref="userFilter" /> 
 			</map>
 		</property>
 		<property name="filterChainDefinitions">

src/test/java/com/seezoon/framework/common/context/support/PropertyUtilTest.java

@@ -0,0 +1,14 @@
+package com.seezoon.framework.common.context.support;
+
+import org.junit.Test;
+
+import com.seezoon.framework.common.context.utils.PropertyUtil;
+
+public class PropertyUtilTest {
+
+	@Test
+	public void t1() {
+		System.out.println(PropertyUtil.getBoolean("cors.switch1"));
+		System.out.println(PropertyUtil.getString("cors.switch1"));
+	}
+}