sofastack/sofa-rpc-boot-projects

REST协议的服务如何实现跨域拦截?

Closed this issue · 5 comments

wangxiaotao00 commented

Describe the bug

在RESTful协议做服务的时候,我们增加了跨域请求的拦截起功能, 但是不走我们的拦截起, 请帮忙看看这个问题,谢谢!

代码如下:
@Provider
public class CommonContainerResponseFilter extends CorsFilter {

@Override
public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) throws IOException {
    String origin = requestContext.getHeaderString(CorsHeaders.ORIGIN);

    if (origin == null || requestContext.getProperty("cors.failure") != null) {
        // don't do anything if origin is null, its an OPTIONS request, or cors.failure is set
        return;
    }

    responseContext.getHeaders().putSingle(CorsHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, origin);
    responseContext.getHeaders().putSingle(CorsHeaders.ACCESS_CONTROL_ALLOW_METHODS, "*");
    StringBuilder allowHeaders = new StringBuilder();
    MultivaluedMap<String, String> headers = requestContext.getHeaders();
    for (String headerKey : headers.keySet()) {
        allowHeaders.append(headerKey).append(",");
    }
    responseContext.getHeaders().putSingle(CorsHeaders.ACCESS_CONTROL_ALLOW_HEADERS, allowHeaders.toString());


    if (allowCredentials) {
        responseContext.getHeaders().putSingle(CorsHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
    }

    if (exposedHeaders != null) {
        responseContext.getHeaders().putSingle(CorsHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, exposedHeaders);
    }
}

public void setAllowedOrigins(Set allowedOrigins) {
this.allowedOrigins = allowedOrigins;
}

}

Expected behavior

Actual behavior

Steps to reproduce

Minimal yet complete reproducer code (or GitHub URL to code)

Environment

  • Starter version:
  • JVM version (e.g. java -version):
  • OS version (e.g. uname -a):
  • Maven version:
  • IDE version:
JervyShi commented

@wangxiaotao00 可以提供一个能复现问题的最小工程示例么?

wangxiaotao00 commented

spring-boot-sse 2.zip

这个里面是完整的demo, 请查看

JervyShi commented

目前 SOFA RPC 里的 Rest 模块主要定位还是 RPC 调用,没有面向用户访问层做更多兼容,自定义的 Filter 目前不会被主动加入 SOFA RPC 内的 Filter 链,com.alipay.sofa.rpc.config.JAXRSProviderManager 提供了自定义 Filter 注入的扩展,可以通过 JAXRSProviderManager#registerCustomProviderInstance 来注入自定义 Filter。

wangxiaotao00 commented

可以提供一个demo吗, 用JAXRSProviderManager来注入的我上面发的fiter还是没能够生效。

wangxiaotao00 commented

已解决,谢谢

  • 👍1