Mar*_*mer 3 jersey basic-authentication cors angularjs
我完全迷住了。我是AngularJS的新手,我正尝试对我的jersey服务器api进行电话呼叫,但我没有运气。它可以使用curl或Advanced Rest客户端(Chrome浏览器加载项)运行。但是,当我尝试使用我的angularjs应用程序击打其余部分时,我纠正了以下内容。
“跨源请求被阻止:同源策略禁止读取位于http:// localhost:8080 / JerseyDemos / rest / employees的远程资源。(原因:缺少CORS标头'Access-Control-Allow-Origin')。”
客户:我的angularjs代码段
$scope.login = function() {
This lets me connect to my server on a different domain
$http.defaults.headers.common['Authorization'] = 'Basic ' + Base64.encode('username' + ':' + 'password');
$http({method: 'GET', url: 'http://localhost:8080/JerseyDemos/rest/employees'}).
success(function(data) {
console.log(data)
}).
服务器:我正在使用球衣框架
这是我的CORS筛选器...
import java.io.IOException;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.container.ContainerResponseFilter;
public class CorsResponseFilter implements ContainerResponseFilter {
@Override
public void filter(ContainerRequestContext request,
ContainerResponseContext response) throws IOException {
response.getHeaders().add("Access-Control-Allow-Origin", "*");
response.getHeaders().add("Access-Control-Allow-Headers",
"origin, content-type, accept, authorization");
response.getHeaders().add("Access-Control-Allow-Credentials", "true");
response.getHeaders().add("Access-Control-Allow-Methods",
"GET, POST, PUT, DELETE, OPTIONS, HEAD");
}
}
申请我的CORS筛选器的应用程序类
import com.howtodoinjava.jersey.provider.CorsResponseFilter;
import org.glassfish.jersey.filter.LoggingFilter;
import org.glassfish.jersey.server.ResourceConfig;
import com.howtodoinjava.jersey.provider.AuthenticationFilter;
import com.howtodoinjava.jersey.provider.GsonMessageBodyHandler;
public class CustomApplication extends ResourceConfig {
public CustomApplication()
{
packages("com.howtodoinjava.jersey");
register(CorsResponseFilter.class);
register(LoggingFilter.class);
register(GsonMessageBodyHandler.class);
register(AuthenticationFilter.class);
}
}
Web.xml
<display-name>Archetype Created Web Application</display-name>
<servlet>
<servlet-name>jersey-serlvet</servlet-name>
<servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
<init-param>
<param-name>javax.ws.rs.Application</param-name>
<param-value>com.howtodoinjava.jersey.CustomApplication</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>jersey-serlvet</servlet-name>
<url-pattern>/rest/*</url-pattern>
</servlet-mapping>
员工休息片段
@Provider
@Path("/employees")
public class JerseyService {
@Path("/all")
@RolesAllowed("ADMIN")
@GET
@Produces(MediaType.APPLICATION_JSON)
public Response getAllEmployees()
{
Employees list = new Employees();
list.setEmployeeList(new ArrayList<Employee>());
list.getEmployeeList().add(new Employee(1, "Lokesh Gupta"));
list.getEmployeeList().add(new Employee(2, "Alex Kolenchiskey"));
list.getEmployeeList().add(new Employee(3, "David Kameron"));
return Response.status(200).entity(list).header("Access-Control-Allow-Origin", "GET, POST, PUT, DELETE, OPTIONS, HEAD").build();
}
小智 5
对于刚开始使用Web服务的人来说,这是一个非常常见的错误,解决起来确实很简单,但是有时开发人员会花费很多时间来寻找解决方案。当您创建Web服务并尝试从其他应用程序访问它时会发生这种情况,因为您没有启用跨域资源共享(CORS),这意味着它不起作用,这意味着在一个域中加载的应用程序无法与之交互来自其他域的资源。您要做的就是启用CORS。
如何激活它取决于您的方案,在本教程中,我将展示如何为在Glassfish上运行的Java EE应用程序启用CORS,我假设您具有与此类似的EJB RESTful Web服务,并且当其他应用程序尝试使用它时,您会在Firebug控制台上看到Cross-Origin Request Blocked错误,在这种情况下,您要做的就是在应用程序中创建一个过滤器,只需在您的项目中创建一个与此类完全相同的类:
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
public class CORSFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
FilterChain filterChain) throws IOException, ServletException {
final HttpServletResponse response = (HttpServletResponse) servletResponse;
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, HEAD, OPTIONS");
response.setHeader("Access-Control-Allow-Headers", "Origin, Accept, x-auth-token, "
+ "Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers");
filterChain.doFilter(servletRequest, servletResponse);
}
@Override
public void destroy() {
}
}
现在,您必须在web.xml中注册过滤器,复制以下代码,并将“ yourPackage”替换为实际的软件包名称:
<filter>
<filter-name>cors</filter-name>
<filter-class>yourPackage.CORSFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>cors</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
而已!现在,您的应用程序将允许其资源与其他域共享。
| 归档时间: |
|
| 查看次数: |
2066 次 |
| 最近记录: |