devbox
2023面试高手
这个屌丝很懒,什么也没留下!
关注作者
热门标签
热门文章
当前位置:   article > 正文

java -- 基础 -- 网络相关_org.springframework.web.servlet.mvc.method.annotat

作者:2023面试高手 | 2024-03-13 17:33:32

org.springframework.web.servlet.mvc.method.annotation public interface respo

转载地址:  https://segmentfault.com/a/1190000011145364

1、通过 jsonp 跨域

  • 配置类
  1. package com.sample.common.advice;
  2.  
  3. import com.sample.modules.web.controller.JsonpController;
  4. import org.springframework.web.bind.annotation.ControllerAdvice;
  5. import org.springframework.web.servlet.mvc.method.annotation.AbstractJsonpResponseBodyAdvice;
  6.  
  7. //配置jsonp,这里选择了 JsonpController
  8. @ControllerAdvice(basePackageClasses = {JsonpController.class})
  9. public class JSONPConfiguration extends AbstractJsonpResponseBodyAdvice {
  10.     public JSONPConfiguration(){
  11.         super("callback","jsonp");
  12.     }
  13. }
  • 控制器
  1. package com.sample.modules.web.controller;
  2.  
  3. import org.springframework.web.bind.annotation.RequestMapping;
  4. import org.springframework.web.bind.annotation.RestController;
  5.  
  6. import java.util.HashMap;
  7. import java.util.Map;
  8.  
  9. @RestController
  10. public class JsonpController {
  11.  
  12.     @RequestMapping(value = "/jsonp")
  13.     public Map<String, Object> jsonp(){
  14.         Map<String, Object> result = new HashMap<>();
  15.         result.put("username", "admin");
  16.         return result;
  17.     }
  18. }
  • 网页文件
  1. <!DOCTYPE html>
  2. <html>
  3.     <head>
  4.         <meta charset="UTF-8">
  5.         <title></title>
  6.         <script src="https://cdn.bootcss.com/jquery/3.4.1/jquery.min.js"></script>
  7.     </head>
  8.     <body>
  9.     </body>
  10.     <script>
  11.         $(function(){
  12.             $.ajax({
  13.                 type:"get",
  14.                 dataType: 'jsonp',
  15.                 jsonpCallback: "jsonpcallback",
  16.                 url:"http://www.test001.com:8080/jsonp"
  17.             });
  18.         })		
  19. 		
  20.         function jsonpcallback(result){
  21.             alert(JSON.stringify(result))
  22.         }
  23.     </script>
  24. </html>

2、通过跨域资源共享(CORS)

  • 配置类
  1. package com.sample.common.config;
  2.  
  3. import org.springframework.context.annotation.Bean;
  4. import org.springframework.context.annotation.Configuration;
  5. import org.springframework.web.cors.CorsConfiguration;
  6. import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
  7. import org.springframework.web.filter.CorsFilter;
  8.  
  9. @Configuration
  10. public class CorsConfig {
  11.  
  12.     private CorsConfiguration buildConfig() {
  13.         CorsConfiguration corsConfiguration = new CorsConfiguration();
  14.         corsConfiguration.addAllowedOrigin("*"); // 1允许任何域名使用
  15.         corsConfiguration.addAllowedHeader("*"); // 2允许任何头
  16.         corsConfiguration.addAllowedMethod("*"); // 3允许任何方法(post、get等)
  17.         return corsConfiguration;
  18.     }
  19.  
  20.     @Bean
  21.     public CorsFilter corsFilter() {
  22.         UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
  23.         source.registerCorsConfiguration("/**", buildConfig()); // 4
  24.         return new CorsFilter(source);
  25.     }
  26. }
  • 网页文件
  1. <!DOCTYPE html>
  2. <html>
  3.     <head>
  4.         <meta charset="UTF-8">
  5.         <title></title>
  6.         <script src="https://cdn.bootcss.com/jquery/3.4.1/jquery.min.js"></script>
  7.     </head>
  8.     <body>
  9.     </body>
  10.     <script>
  11.         $(function(){
  12.             $.ajax({
  13.                 type:"get",
  14.                 dataType: 'json',
  15.                 url:"http://www.test001.com:8080/jsonp",
  16.                 success: function(result){
  17.                     alert(JSON.stringify(result))
  18.                 }
  19.             });
  20.         })		
  21.     </script>
  22. </html>

  • 注意事项

  1. response.setHeader("Access-Control-Allow-Origin", "http://localhost:4001");
  2.  
  3. //添加了Credentials, Origin不能为*, 必须指定
  4. response.addHeader("Access-Control-Allow-Credentials", "true");
  5. response.setHeader("Access-Control-Allow-Methods", "*");
  6.  
  7. //需要配置header
  8. response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type,token,Accept, Connection, User-Agent, Cookie");
  9. response.setHeader("Access-Control-Max-Age", "3600");

3、防盗链

  1. package com.vim.modules.web;
  2.  
  3. import javax.servlet.*;
  4. import javax.servlet.annotation.WebFilter;
  5. import javax.servlet.http.HttpServletRequest;
  6. import javax.servlet.http.HttpServletResponse;
  7. import java.io.IOException;
  8.  
  9. @WebFilter(urlPatterns = "/images/*")
  10. public class ChainStealingFilter implements Filter{
  11.  
  12.     @Override
  13.     public void init(FilterConfig filterConfig) throws ServletException {
  14.  
  15.     }
  16.  
  17.     @Override
  18.     public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException {
  19.         HttpServletRequest request = (HttpServletRequest)servletRequest;
  20.         HttpServletResponse response = (HttpServletResponse)servletResponse;
  21.  
  22.         String referer = request.getHeader("referer");
  23.         String serverName = request.getServerName();
  24.  
  25.         if(referer == null || !(referer.contains(serverName))){
  26.             request.getRequestDispatcher("/images/error.jpg").forward(request, response);
  27.             return;
  28.         }
  29.         chain.doFilter(request, response);
  30.     }
  31.  
  32.     @Override
  33.     public void destroy() {
  34.  
  35.     }
  36. }

 

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/2023面试高手/article/detail/229781
推荐阅读
相关标签

Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。

  

闽ICP备14008679号