Java Jersey CORS 不允许外部请求

【问题标题】:Java Jersey CORS not allowed external requestsJava Jersey CORS 不允许外部请求
【发布时间】:2021-09-03 21:01:09
【问题描述】:

我在 http://localhost:8093 上使用 Java Jersey 制作了一个简单的 REST API 接口,但是当我通过不同的服务(例如 http://localhost:80/)通过 javascript 发送 XmlHTTPRequest 时,不允许使用 CORS。 这是我非常简单的 sn-p 代码:

//---------------------------------------------应用程序.java:

import javax.ws.rs.ApplicationPath;

import org.glassfish.jersey.server.ResourceConfig;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication
@ApplicationPath("rest")
public class Application extends ResourceConfig {
    public static void main(String[] args) {
        SpringApplication.run(Application.class, args);    
        Runtime.getRuntime().addShutdownHook(new Thread(new Runnable() {
            public void run() {
            }
        }));    
    }
    
    public Application() {
        register(new UserAPI());
    }
}

//---------------------------------------------用户API.java:

import java.text.ParseException;
import java.util.Date;
import java.util.logging.Level;
import java.util.logging.Logger;

import javax.ws.rs.Consumes;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;


@Consumes("application/json")
@Produces("application/json")
@Path("user")
public class UserAPI {
    @POST
    @Path("add")    
    public void addUser(UserBean ub) throws ParseException, UserException, NullPasswordException{        
        Logger mongoLogger = Logger.getLogger( "org.mongodb.driver" );
        mongoLogger.setLevel(Level.SEVERE);
        
        User u= new User(ub.getUsername(), ub.getRole());
        (new MongoDataManager()).addUser(u);
}
    
    @POST
    @Path("edit")    
    public void editUser(UserBean ub) throws ParseException, UserException, NullPasswordException{        
        Logger mongoLogger = Logger.getLogger( "org.mongodb.driver" );
        mongoLogger.setLevel(Level.SEVERE);
        
        User u= new User(ub.getUsername(), ub.getPassword());
        u.setRole(Role.valueOf(ub.getRole()));
        u.setPasswordLastUpdate(new Date());
        
        (new MongoDataManager()).editUser(u);
        
}
    
    
    @POST
    @Path("delete")    
    public void deleteUser(UserBean ub) throws ParseException {        

        Logger mongoLogger = Logger.getLogger( "org.mongodb.driver" );
        mongoLogger.setLevel(Level.SEVERE);
        
        
        
        (new MongoDataManager()).deleteUser(ub.getUsername());    
         }
}

//--------------------------------------------- UserBean.java:

public class UserBean {
    private String         username, password, temppass;
    private String    residence;
    private String        role;
    private String        password_lastupdate;
    public String getUsername() {
        return username;
    }
    public void setUsername(String username) {
        this.username = username;
    }
    public String getPassword() {
        return password;
    }
    public void setPassword(String password) {
        this.password = password;
    }
    public String getTemppass() {
        return temppass;
    }
    public void setTemppass(String temppass) {
        this.temppass = temppass;
    }
    public String getResidence() {
        return residence;
    }
    public void setResidence(String residence) {
        this.residence = residence;
    }
    public String getRole() {
        return role;
    }
    public void setRole(String role) {
        this.role = role;
    }
    public String getPassword_lastupdate() {
        return password_lastupdate;
    }
    public void setPassword_lastupdate(String password_lastupdate) {
        this.password_lastupdate = password_lastupdate;
    }
    
}

//--------------------------------------------- Javascript函数:

 function create() {
    event.preventDefault()           
    let isNew = document.getElementById("createNuovoUser").checked;
    console.log(isNew)       
let url;
let request = new XMLHttpRequest();   // new HttpRequest instance


if (isNew){
    url = 'http://localhost:8093/rest/user/delete'
    request.open("POST", url, true);
    request.setRequestHeader("content-type", "application/json");

    request.onreadystatechange = function() {
        if (this.readyState === 4) {
            document.getElementById("createTextArea").value = username + "\n";
            alert("User eliminato");
        }
    };
     let username = document.getElementById("username").value 
     let role = document.getElementById("role").value
    request.send(JSON.stringify({"username": username}));
} else{
    url = 'http://localhost:8093/rest/user/add'
    request.open("POST", url, true);
    request.setRequestHeader("content-type", "application/json");

    request.onreadystatechange = function() {
        if (this.readyState === 4) {
            document.getElementById("createTextArea").value = username + "\n" + role;
            alert("User cereato");

        }
    };
    
   let username = document.getElementById("username").value
   let role = document.getElementById("role").value
    request.send(JSON.stringify({"username": username, "role": role}));

} }

感谢任何建议或解决方案 谢谢

【问题讨论】:

  • 您的服务器代码需要设置一些 CORS 标头 - learn cors in 6 minutes
  • 由于您正在执行的 javascript 从不同的端口提供服务,因此它被认为是不同的来源。当您发送 XHR 或 ajax 请求(在用户不知情的情况下)时,浏览器将应用 CORS 策略。您需要在服务器中设置 CORS 标头,以允许从其他端口访问。 Yoy 可以在 MDN 页面developer.mozilla.org/es/docs/Web/HTTP/CORS 中找到更多相关信息

标签: javascript java xmlhttprequest cors jersey


【解决方案1】:

这是球衣的正常问题。 您只需要添加一个允许“选项”请求的请求过滤器

看看这个话题 How to handle CORS using JAX-RS with Jersey

在实践中,你需要实现一个类来扩展服务器配置

import java.io.IOException;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.container.ContainerResponseFilter;

@Provider
public class CORSFilter implements ContainerResponseFilter {

@Override
public void filter(ContainerRequestContext request,
        ContainerResponseContext response) throws IOException {
    response.getHeaders().add("Access-Control-Allow-Origin", "*");
    response.getHeaders().add("Access-Control-Allow-Headers",
            "CSRF-Token, X-Requested-By, Authorization, Content-Type");
    response.getHeaders().add("Access-Control-Allow-Credentials", "true");
    response.getHeaders().add("Access-Control-Allow-Methods",
            "GET, POST, PUT, DELETE, OPTIONS, HEAD");
}

}

然后在服务器类中使用此代码显式选择它

final ResourceConfig resourceConfig = new ResourceConfig();
resourceConfig.register(new CORSFilter());

【讨论】:

  • 我尝试了很多指南,但结果总是否定的。你能为我的代码提供一个解决方案吗?
猜你喜欢
  • 2021-10-10
  • 2023-03-10
  • 2018-07-28
  • 1970-01-01
  • 2015-03-09
  • 2016-09-15
  • 2019-07-02
  • 2016-11-18
  • 2014-12-20
相关资源
最近更新 更多
热门标签
Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode