Controller method CORS configuration

You can add to your @RequestMapping annotated handler method a @CrossOrigin annotation in order to enable CORS on it (by default @CrossOrigin allows all origins and the HTTP methods specified in the @RequestMapping annotation):

@RestController

@RequestMapping("/account")

public class AccountController {

	@CrossOrigin

	@RequestMapping("/{id}")

	public Account retrieve(@PathVariable Long id) {

		// ...

	}

	@RequestMapping(method = RequestMethod.DELETE, value = "/{id}")

	public void remove(@PathVariable Long id) {

		// ...

	}

}

It is also possible to enable CORS for the whole controller:

@CrossOrigin(origins = "http://domain2.com", maxAge = 3600)

@RestController

@RequestMapping("/account")

public class AccountController {

	@RequestMapping("/{id}")

	public Account retrieve(@PathVariable Long id) {

		// ...

	}

	@RequestMapping(method = RequestMethod.DELETE, value = "/{id}")

	public void remove(@PathVariable Long id) {

		// ...

	}

}

In this example CORS support is enabled for both retrieve() and remove() handler methods, and you can also see how you can customize the CORS configuration using@CrossOrigin attributes.

You can even use both controller and method level CORS configurations, Spring will then combine both annotation attributes to create a merged CORS configuration.

@CrossOrigin(maxAge = 3600)

@RestController

@RequestMapping("/account")

public class AccountController {

	@CrossOrigin(origins = "http://domain2.com")

	@RequestMapping("/{id}")

	public Account retrieve(@PathVariable Long id) {

		// ...

	}

	@RequestMapping(method = RequestMethod.DELETE, value = "/{id}")

	public void remove(@PathVariable Long id) {

		// ...

	}

}

Global CORS configuration

In addition to fine-grained, annotation-based configuration you’ll probably want to define some global CORS configuration as well. This is similar to using filters but can be declared withing Spring MVC and combined with fine-grained @CrossOrigin configuration. By default all origins and GETHEAD and POST methods are allowed.

JavaConfig

Enabling CORS for the whole application is as simple as:

@Configuration

@EnableWebMvc

public class WebConfig extends WebMvcConfigurerAdapter {

	@Override

	public void addCorsMappings(CorsRegistry registry) {

		registry.addMapping("/**");

	}

}

You can easily change any properties, as well as only apply this CORS configuration to a specific path pattern:

@Configuration

@EnableWebMvc

public class WebConfig extends WebMvcConfigurerAdapter {

	@Override

	public void addCorsMappings(CorsRegistry registry) {

		registry.addMapping("/api/**")

			.allowedOrigins("http://domain2.com")

			.allowedMethods("PUT", "DELETE")

			.allowedHeaders("header1", "header2", "header3")

			.exposedHeaders("header1", "header2")

			.allowCredentials(false).maxAge(3600);

	}

}

XML namespace

It is also possible to configure CORS with the mvc XML namespace.

This minimal XML configuration enable CORS on /** path pattern with the same default properties than the JavaConfig one:

<mvc:cors>

	<mvc:mapping path="/**" />

</mvc:cors>

It is also possible to declare several CORS mappings with customized properties:

<mvc:cors>

	<mvc:mapping path="/api/**"

		allowed-origins="http://domain1.com, http://domain2.com"

		allowed-methods="GET, PUT"

		allowed-headers="header1, header2, header3"

		exposed-headers="header1, header2" allow-credentials="false"

		max-age="123" />

	<mvc:mapping path="/resources/**"

		allowed-origins="http://domain1.com" />

</mvc:cors>

How does it work?

CORS requests (including preflight ones with an OPTIONS method) are automatically dispatched to the various HandlerMappings registered. They handle CORS preflight requests and intercept CORS simple and actual requests thanks to a CorsProcessor implementation (DefaultCorsProcessor by default) in order to add the relevant CORS response headers (likeAccess-Control-Allow-Origin). CorsConfiguration allows you to specify how the CORS requests should be processed: allowed origins, headers, methods, etc. It can be provided in various ways:

spring mvc 跨域请求处理——spring 4.2 以上的更多相关文章

  1. 关于Spring MVC跨域

    1.Sping MVC 3.X跨域 关于跨域问题,主要用的比较多的是cros跨域. 详细介绍请看https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Ac ...

  2. spring mvc 跨域问题。。。解决

    官方推荐方式: http://spring.io/blog/2015/06/08/cors-support-in-spring-framework 方式1: $.ajax({ //前台:常规写法.注意 ...

  3. spring mvc跨域设置(全局)

    //--------------第一步//spring 5版本全局配置方式 @Configuration @EnableWebMvc public class SpringMvcBeans imple ...

  4. spring mvc跨域(ajax post json)--filter方案

    @RequestMapping(value = "/login.do",method = RequestMethod.POST) public Message login(Http ...

  5. spring mvc跨域(post)--filter方案

    import javax.servlet.*; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.Http ...

  6. spring boot跨域请求访问配置以及spring security中配置失效的原理解析

    一.同源策略 同源策略[same origin policy]是浏览器的一个安全功能,不同源的客户端脚本在没有明确授权的情况下,不能读写对方资源. 同源策略是浏览器安全的基石. 什么是源 源[orig ...

  7. spring boot 跨域请求

    场景 网站localhost:56338要访问网站localhost:3001的服务 在网站localhost:3001中增加CORS相关Java Config @Configuration @Ord ...

  8. SpringBoot 优雅配置跨域多种方式及Spring Security跨域访问配置的坑

    前言 最近在做项目的时候,基于前后端分离的权限管理系统,后台使用 Spring Security 作为权限控制管理, 然后在前端接口访问时候涉及到跨域,但我怎么配置跨域也没有生效,这里有一个坑,在使用 ...

  9. Spring MVC 3.0.5+Spring 3.0.5+MyBatis3.0.4全注解实例详解(二)

    在上一篇文章中我详细的介绍了如何搭建maven环境以及生成一个maven骨架的web项目,那么这章中我将讲述Spring MVC的流程结构,Spring MVC与Struts2的区别,以及例子中的一些 ...

随机推荐

  1. Android开发之获取相册照片和获取拍照照片二

    转至 http://blog.csdn.net/beyond0525/article/details/8940840 上一篇文章中讲解了照相机获取照片的时候遇到了可能取得的uri为null的状态,并给 ...

  2. (实用)win7/8修改远程桌面连接默认端口

    记录备忘. 在启用windows操作系统的远程连接时,使用默认的3389端口是一件比较危险的事情,通常我们将其改成一个比较独特的端口,使得目标系统不会直接将远程桌面连接的功能直接暴露在网络环境下. 步 ...

  3. ie7/8浏览器报错:对象不支持“trim”属性或方法

    解决方法: 方法1: 使用jquery里面的全局函数$.trim()代替原生js方法trim(): $.trim( 你要替换的字符 ); 方法2: Function.prototype.method ...

  4. Eclipse的SVN插件移动中文名称文件提示org.tigris.subversion.javahl.ClientException: Bogus URL

    今天一个同事使用Eclipse的SVN插件,在"SVN资源库"视图,移动一个中文名称的文件,提示org.tigris.subversion.javahl.ClientExcepti ...

  5. mothur summary.seqs 统计fasta文件中每条序列的长度

    在介绍summary.seqs的用法之前,我们首先需要搞清楚两个概念: 1)ambiguous bases 中文叫做模糊碱基,对于DNA序列来说,只有ATCG 4种碱基,在IUPAC定义的碱基标准中, ...

  6. C# 反射(GetType) 获取动态Json对象属性值的方法

    之前在开发一个程序,希望能够通过属性名称读取出属性值,但是由于那时候不熟悉反射,所以并没有找到合适的方法,做了不少的重复性工作啊! 然后今天我再上网找了找,被我找到了,跟大家分享一下. 其实原理并不复 ...

  7. php判断文件存在是用file_exists 还是 is_file

    From: http://www.php100.com/html/php/hanshu/2013/0905/4672.html [导读] 在写程序时发现在判断文件是否存在时,有两种写法,有的人用了is ...

  8. Gateway/Worker模型 数据库使用示例

    From: http://www.bubuko.com/infodetail-777418.html 1.数据库配置Applications/XXX/Config/Db.php <?php na ...

  9. matlabr2015b安装教程

    R2015b MATLAB破解版安装教程 MATLAB和Mathematica.Maple并称为三大数学软件.它在数学类科技应用软件中在数值计算方面首屈一指.MATLAB可以进行矩阵运算.绘制函数和数 ...

  10. slab着色,可以减少cache conflict miss概率么?

    以内部slab为例,管理区 + object总大小+left_over size = 1page,我们做个极端假设,cache为 direct-mapped caches. 1.没有采用slab着色: ...