解决SpringBoot整合Shiro 跨域问题及前端报错401问题解决
111111
import lombok.extern.slf4j.Slf4j; import org.springframework.stereotype.Component; import javax.servlet.*; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @Component @Slf4j public class CORSFilter implements Filter { public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) { HttpServletResponse response = (HttpServletResponse) res; HttpServletRequest request = (HttpServletRequest) req; //放行所有,类似*,这里*无效 response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin")); response.setHeader("Access-Control-Allow-Credentials", "true"); //允许请求方式 response.setHeader("Access-Control-Allow-Methods", "POST,PUT, GET, OPTIONS, DELETE"); response.setHeader("Access-Control-Max-Age", "3600"); //需要放行header头部字段 如需鉴权字段,自行添加,如Authorization response.setHeader("Access-Control-Allow-Headers", "content-type,x-requested-with,token,Authorization,authorization,Gwids,gwids"); try { chain.doFilter(request, response); } catch (Exception e) { log.error("CORS过滤器放行异常:", e); } } public void init(FilterConfig filterConfig) { } public void destroy() { } }
222222222222222222
import com.caimore.modules.security.oauth2.Oauth2Filter; import com.caimore.modules.security.oauth2.Oauth2Realm; import org.apache.shiro.mgt.SecurityManager; import org.apache.shiro.session.mgt.SessionManager; import org.apache.shiro.spring.LifecycleBeanPostProcessor; import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor; import org.apache.shiro.spring.web.ShiroFilterFactoryBean; import org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.apache.shiro.web.session.mgt.DefaultWebSessionManager; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpStatus; import org.springframework.web.bind.annotation.RequestMethod; import javax.servlet.Filter; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.util.HashMap; import java.util.LinkedHashMap; import java.util.Map; @Configuration public class ShiroConfig extends BasicHttpAuthenticationFilter { @Override protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception { HttpServletResponse httpResponse = (HttpServletResponse) response; HttpServletRequest httpRequest = (HttpServletRequest) request; //无条件放行OPTIONS if (httpRequest.getMethod().equals(RequestMethod.OPTIONS.name())) { setHeader(httpRequest, httpResponse); return true; } return super.preHandle(request, response); } /** * 为response设置header,实现跨域 */ private void setHeader(HttpServletRequest request, HttpServletResponse response) { response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin")); response.setHeader("Access-Control-Allow-Credentials", "true"); response.setHeader("Access-Control-Allow-Methods", "POST,PUT,GET,OPTIONS,DELETE"); response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader("Access-Control-Allow-Headers", "content-type,x-requested-with,token,Authorization,authorization,Gwids,gwids"); response.setHeader("Content-Type", "application/json;charset=UTF-8"); response.setStatus(HttpStatus.OK.value()); } @Bean public DefaultWebSessionManager sessionManager(){ DefaultWebSessionManager sessionManager = new DefaultWebSessionManager(); sessionManager.setSessionValidationSchedulerEnabled(false); sessionManager.setSessionIdUrlRewritingEnabled(false); return sessionManager; } @Bean("securityManager") public SecurityManager securityManager(Oauth2Realm oAuth2Realm, SessionManager sessionManager) { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); securityManager.setRealm(oAuth2Realm); securityManager.setSessionManager(sessionManager); securityManager.setRememberMeManager(null); return securityManager; } // @Autowired // private UploadFileProperties uploadFileProperties; @Bean("shiroFilter") public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) { ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean(); shiroFilter.setSecurityManager(securityManager); // System.out.println("uploadFileProperties.getPath():" + uploadFileProperties.getPath()); //oauth过滤 Map<String, Filter> filters = new HashMap<String, Filter>(); filters.put("oauth2", new Oauth2Filter()); shiroFilter.setFilters(filters); Map<String, String> filterMap = new LinkedHashMap<String, String>(); filterMap.put("/webjars/**", "anon"); filterMap.put("/druid/**", "anon"); filterMap.put("/login", "anon"); filterMap.put("/file/**", "anon"); filterMap.put("/swagger/**", "anon"); filterMap.put("/v2/api-docs", "anon"); filterMap.put("/doc.html", "anon"); filterMap.put("/swagger-resources/**", "anon"); filterMap.put("/captcha", "anon"); filterMap.put("/favicon.ico", "anon"); filterMap.put("/**/*.html", "anon"); filterMap.put("/**/*.js", "anon"); filterMap.put("/**/*.css", "anon"); filterMap.put("/**/*.jpg", "anon"); filterMap.put("/**/*.png", "anon"); filterMap.put("/**/*.gif", "anon"); filterMap.put("/**/fonts/**", "anon"); filterMap.put("/", "anon"); filterMap.put("/**", "oauth2"); shiroFilter.setFilterChainDefinitionMap(filterMap); return shiroFilter; } @Bean("lifecycleBeanPostProcessor") public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() { return new LifecycleBeanPostProcessor(); } @Bean public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) { AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor(); advisor.setSecurityManager(securityManager); return advisor; } }
posted on 2025-06-12 14:16 yebinghuai-qq-com 阅读(73) 评论(0) 收藏 举报
浙公网安备 33010602011771号