Through the filter to solve the cross-domain problem, you can across multiple domains, domain can be through the @value annotation

Different domains across domains refer to "Protocol +ip+ Ports", and as long as one of them is not the same, cross-domain access is prohibited for security purposes, and browsers are not accessible for cross-domain default. Now many applications of the client and server are separate, so how to enable the client and server in different domains to achieve cross-domain access, and the client may be more than one, then how to achieve multiple client Cross-domain access to a server.

The projects in this article are built by default and are implemented using spring security, first building properties files in the Src/main/resources directory, Enter access-control-allow-origin=http://192.168.1.1,http://192.168.1.2,http://192.168.1.3 in the configuration file, representing the client's three domains. (The site must have "http://" and a port number, which uses the default port number 80, so you can omit)

1, through the @value annotation from the properties file to take the number of strings to build a class, and use the @component annotation annotation class, attributes applicable @value annotation, note that reference Org.springframework.beans package.

@Component public
class Myfilter {

	@Value ("${access-control-allow-origin:}")//There is no difference between the colon plus and no feeling
	string[] Originproperties; Here you can receive multiple properties separated by commas directly in an array

This allows you to get an array of client source domains directly.

Sometimes @value can not get the value, the problem is about a few:

1. There are many XML files under Resources

2. attribute to COM. start with

3. If there is application.yml at the same time under resources, this file must also have this attribute

4. property cannot be static

2, through the filter set response head "Access-control-allow-origin"

"Access-control-allow-origin" is the trust site for the response header and can only set up one site. Let the newly built class inherit Javax.servlet.Filter, rewrite the Dofilter method, and set the "Access-control-allow-origin" of all the requested HttpServletResponse headers to trust the site. Note reference to the Javax.servlet package.

Httpservletresponse.setheader ("Access-control-allow-origin", "http://192.168.1.72");

In this way, of course, you can only implement across one domain.

3, across multiple domains

The "Origin" attribute represents the request source of the request header, and the 1th step is to take an array of multiple domain names from the properties, using the code below to obtain the source of the access, to determine whether the access source is in the domain name array.

<pre name= "code" class= "java" ><span style= "White-space:pre" > </span>//resolve Cross-domain issues, add trust to several client sources  Override public void Dofilter (ServletRequest request, servletresponse response, Filterchain chain) throws IOException,
		servletexception {HttpServletRequest HttpRequest = (httpservletrequest) request;

		HttpServletResponse HttpResponse = (httpservletresponse) response;
		String Curorigin = Httprequest.getheader ("Origin");
		System.out.println ("Current source of Access is:" +curorigin); If the current access source is within the Access-control-allow-origin configuration scope of application.properties, access is allowed, otherwise if (Curorigin!= null) {for (int i = 0; i < originproperties.length;
				i++) {//system.out.println ("the source that allows Cross-domain access is:" +originproperties[i]);
				if (Curorigin.equals (Originproperties[i])) {Httpresponse.setheader ("Access-control-allow-origin", CurOrigin); }} else {//For unsolicited requests (such as entering requests directly in the browser address bar), just allow our own machines to Httpresponse.setheader ("Access-control-allow-origin", "
		http://127.0.0.1 "); } httpresponse.setHeader ("Access-control-allow-methods", "POST, Get, OPTIONS, DELETE, Put,head"); Which domain the request comes from, I allow the source of which domain, that is, to allow all domains to access the service, which is also too insecure//if (Httprequest.getheader ("Origin")!= null) {//Httpresponse.setheader
		("Access-control-allow-origin", Curorigin);
	Please do not forget, let the filter in the default way to handle the request and response, if not written, then response no body chain.dofilter (request, response); }

This will set the source for Cross-domain access based on the source of the User: "Access-control-allow-origin".

4. Security Across Domains

If you use spring security, it is secured through a chain of filters that has the highest filter default priority and is the first to intercept the request. So we have to set our own Cross-domain filter to the highest priority:

@EnableWebSecurity public
class Securityconfig extends Websecurityconfigureradapter {
	
	@Autowired
	Myfilter Myfilter;

	protected void Configure (Httpsecurity http) throws Exception {
		//spring security filter defaults to the front of the entire filter chain, So we need to put our own Cross-domain filter in the front
		http.addfilterbefore (myfilter, Channelprocessingfilter.class)
	 	    . Authorizerequests ()
	 	    . Anyrequest (). authenticated ();
	}
}

This article does not focus on spring security, so just write a simple example. In this way, instead of using JSONP, we can implement across multiple domains.