无法致电Spring REST服务
我的春季服务
@RequestMapping(value = "/MAS/authenticate", method = RequestMethod.POST) public ResponseEntity<Map<String, String>> authenticate(@RequestBody Subject subject) { Map<String, String> result = new HashMap<String, String>(); result.put("result_detail", "Invalid Password"); result.put("result", "failure"); HttpHeaders responseHeaders = new HttpHeaders(); responseHeaders.setContentType(MediaType.APPLICATION_JSON); responseHeaders.add("Access-Control-Allow-Origin", "*"); // also added header to allow cross domain request for any domain return new ResponseEntity<Map<String, String>>(result, responseHeaders, HttpStatus.OK); }
我的AJAX代码
$.ajax( { crossDomain: true, type: "POST", contentType: "application/json; charset=utf-8", async: false, url: "http://localhost:8080/SpringMVC/rest/MAS/authenticate", headers: {"Access-Control-Allow-Origin" : "*"}, data:{}, dataType: "json", //also tried "jsonp" success: function(data, status, jqXHR) { alert('success'); }, error: function(jqXHR, status) { alert('error'); } });
我收到以下错误:(
跨域请求被阻止:同源策略禁止读取位于http:// localhost:8080 / SpringMVC / rest / MAS / authenticate的远程资源。可以通过将资源移到同一域或启用CORS来解决此问题。
我也尝试过dataType: "jsonp"。它将我的body对象附加到URL中,URL变为不同的URL,然后无法访问我的服务URL,并得到404错误。
dataType: "jsonp"
我的浏览器:firefox 36.0.4
我如何摆脱这个错误,有什么帮助吗?
我的AJAX通话和服务都还可以。在互联网上搜索了很多之后,我发现它的服务器端问题不是客户端问题。
在Spring的服务器端,我们必须实现允许CORS请求的过滤器。
过滤器将如下所示。
import java.io.IOException; import javax.servlet.FilterChain; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.springframework.web.filter.OncePerRequestFilter; public class CORSFilter extends OncePerRequestFilter { private static final Log LOG = LogFactory.getLog(CORSFilter.class); @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { response.addHeader("Access-Control-Allow-Origin", "*"); if (request.getHeader("Access-Control-Request-Method") != null && "OPTIONS".equals(request.getMethod())) { LOG.trace("Sending Header...."); // CORS "pre-flight" request response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE"); // response.addHeader("Access-Control-Allow-Headers", "Authorization"); response.addHeader("Access-Control-Allow-Headers", "Content-Type"); response.addHeader("Access-Control-Max-Age", "1"); } filterChain.doFilter(request, response); } }
并在web.xml中将此过滤器应用于您的服务请求,如下所示
<filter> <filter-name>cors</filter-name> <filter-class>com.test.common.controller.CORSFilter</filter-class> <!-- your package name and filter class --> </filter> <filter-mapping> <filter-name>cors</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
这可能会帮助遇到此问题的其他人。:)