Spring Boot 简明教程

Spring Boot - CORS Support

跨源资源共享 (CORS) 是一种安全概念,允许限制在 Web 浏览器中实现的资源。它可以防止 JavaScript 代码针对不同的源创建或使用请求。

Cross-Origin Resource Sharing (CORS) is a security concept that allows restricting the resources implemented in web browsers. It prevents the JavaScript code producing or consuming the requests against different origin.

例如,如果你的 Web 应用程序正在 8080 端口运行,并且通过使用 JavaScript 尝试从 9090 端口使用 RESTful Web 服务。在这种情况下,你将在 Web 浏览器上遇到跨源资源共享安全问题。

For example, your web application is running on 8080 port and by using JavaScript you are trying to consuming RESTful web services from 9090 port. Under such situations, you will face the Cross-Origin Resource Sharing security issue on your web browsers.

需要两个条件来处理此问题 −

Two requirements are needed to handle this issue −

  1. RESTful web services should support the Cross-Origin Resource Sharing.

  2. RESTful web service application should allow accessing the API(s) from the 8080 port.

在本章中,我们将详细了解如何为 RESTful Web 服务应用程序启用跨源请求。

In this chapter, we are going to learn in detail about How to Enable Cross-Origin Requests for a RESTful Web Service application.

Enable CORS in Controller Method

我们需要通过 @CrossOrigin 为控制器方法添加注解来设置 RESTful Web 服务的来源。此 @CrossOrigin 注解支持特定的 REST API,而并非整个应用程序。

We need to set the origins for RESTful web service by using @CrossOrigin annotation for the controller method. This @CrossOrigin annotation supports specific REST API, and not for the entire application.

@RequestMapping(value = "/products")
@CrossOrigin(origins = "http://localhost:8080")

public ResponseEntity<Object> getProduct() {
   return null;
}

Global CORS Configuration

我们需要定义所示的 @Bean 配置,以将 CORS 配置支持全局应用于你的 Spring Boot 应用程序。

We need to define the shown @Bean configuration to set the CORS configuration support globally to your Spring Boot application.

@Bean
public WebMvcConfigurer corsConfigurer() {
   return new WebMvcConfigurerAdapter() {
      @Override
      public void addCorsMappings(CorsRegistry registry) {
         registry.addMapping("/products").allowedOrigins("http://localhost:9000");
      }
   };
}

在 Spring Boot 主应用程序中全局设置 CORS 配置的代码如下所示。

To code to set the CORS configuration globally in main Spring Boot application is given below.

package com.tutorialspoint.demo;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.Bean;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;

@SpringBootApplication
public class DemoApplication {
   public static void main(String[] args) {
      SpringApplication.run(DemoApplication.class, args);
   }
   @Bean
   public WebMvcConfigurer corsConfigurer() {
      return new WebMvcConfigurerAdapter() {
         @Override
         public void addCorsMappings(CorsRegistry registry) {
            registry.addMapping("/products").allowedOrigins("http://localhost:8080");
         }
      };
   }
}

现在,你可以创建一个在 8080 端口上运行的 Spring Boot Web 应用程序,以及可以在 9090 端口上运行的你的 RESTful 服务应用程序。有关 RESTful Web 服务实现的更多详细信息,你可以参阅本教程中题为 Consuming RESTful Web Services 的章节。

Now, you can create a Spring Boot web application that runs on 8080 port and your RESTful web service application that can run on the 9090 port. For further details about implementation about RESTful Web Service, you can refer to the chapter titled Consuming RESTful Web Services of this tutorial.