带有嵌入式Jetty的Cross Origin Filter

Question

我正在尝试让CrossOriginFilter与几个嵌入式Jetty服务器一起工作,这两个服务器都运行在我们的内部网络上.两者都在运行servlet,但我需要服务器A的网页才能发布到服务器B的servlet.我想我需要将ACCESS_CONTROL_ALLOW_ORIGIN添加到CrossOriginFilter,但是找不到如何使用没有web.xml的嵌入式Jetty实例来证明这一点并不容易.尝试访问服务器b的serlvets时,我在浏览器中收到以下错误消息

No 'Access-Control-Allow-Origin' header is present on the requested resource

我使用angularjs发布到控制器中的其他服务器的servlet.

这是其中一个服务器的代码(两者都差不多)

Server server = new Server(httpPort);

ResourceHandler resource_handler = new ResourceHandler();
resource_handler.setDirectoriesListed(true);
resource_handler.setWelcomeFiles(new String[] { "index.html" });
resource_handler.setResourceBase("./http/");

ServletHandler handler = new ServletHandler();
handler.addServletWithMapping(ServerPageRoot.class, "/servlet/*");

FilterHolder holder = new FilterHolder(CrossOriginFilter.class);
holder.setInitParameter(CrossOriginFilter.ALLOWED_ORIGINS_PARAM, "*");
holder.setInitParameter(CrossOriginFilter.ACCESS_CONTROL_ALLOW_ORIGIN_HEADER, "*");
holder.setInitParameter(CrossOriginFilter.ALLOWED_METHODS_PARAM, "GET,POST,HEAD");
holder.setInitParameter(CrossOriginFilter.ALLOWED_HEADERS_PARAM, "X-Requested-With,Content-Type,Accept,Origin");

handler.addFilter(holder );

HandlerList handlers = new HandlerList();
handlers.setHandlers(new Handler[] { resource_handler, handler,new DefaultHandler() });
server.setHandler(handlers);
server.start();

Answer 1

几点:

• 不要那样ServletHandler裸体.这ServletHandler是一个ServletContextHandler使用的内部类.
• 这ServletContextHandler是为ServletContext您正在使用的各种servlet和过滤器提供所需对象和状态的原因.
• 该ServletContextHandler还提供了整体的上下文路径声明的地方
• 这ServletContextHandler也是欢迎文件声明的地方.
• ResourceHandler当你DefaultServlet有空的时候,不要使用它的功能更强大,功能更丰富.

例:

Server server = new Server(httpPort);

// Setup the context for servlets
ServletContextHandler context = new ServletContextHandler();
// Set the context for all filters and servlets
// Required for the internal servlet & filter ServletContext to be sane
context.setContextPath("/");
// The servlet context is what holds the welcome list 
// (not the ResourceHandler or DefaultServlet)
context.setWelcomeFiles(new String[] { "index.html" });

// Add a servlet
context.addServlet(ServerPageRoot.class,"/servlet/*");

// Add the filter, and then use the provided FilterHolder to configure it
FilterHolder cors = context.addFilter(CrossOriginFilter.class,"/*",EnumSet.of(DispatcherType.REQUEST));
cors.setInitParameter(CrossOriginFilter.ALLOWED_ORIGINS_PARAM, "*");
cors.setInitParameter(CrossOriginFilter.ACCESS_CONTROL_ALLOW_ORIGIN_HEADER, "*");
cors.setInitParameter(CrossOriginFilter.ALLOWED_METHODS_PARAM, "GET,POST,HEAD");
cors.setInitParameter(CrossOriginFilter.ALLOWED_HEADERS_PARAM, "X-Requested-With,Content-Type,Accept,Origin");

// Use a DefaultServlet to serve static files.
// Alternate Holder technique, prepare then add.
// DefaultServlet should be named 'default'
ServletHolder def = new ServletHolder("default", DefaultServlet.class);
def.setInitParameter("resourceBase","./http/");
def.setInitParameter("dirAllowed","false");
context.addServlet(def,"/");

// Create the server level handler list.
HandlerList handlers = new HandlerList();
// Make sure DefaultHandler is last (for error handling reasons)
handlers.setHandlers(new Handler[] { context, new DefaultHandler() });

server.setHandler(handlers);
server.start();