最近內建shiro到項目中,遇到該一個報複Response for preflight is invalid (redirect)的問題。
- shiro內建,配置無權限的路徑
@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean shiroFilterFactoryBean(DefaultWebSecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
shiroFilterFactoryBean.setLoginUrl("/unauth");
shiroFilterFactoryBean.setUnauthorizedUrl("/forbidden");
Map<String, String> filterMap = InstanceUtil.newLinkedHashMap();
for (String filter : filters.split("\\;")) {
String[] keyValue = filter.split("\\=");
filterMap.put(keyValue[0], keyValue[1]);
}
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
return shiroFilterFactoryBean;
}
将登陸位址的url位址配置為/unauth
- 将無權限的路徑配置成傳回json資料
@RequestMapping(value = "/unauth")
@ResponseBody
public Object unauth() {
return ErrorResponseData.newInstance(HttpCode.UNAUTHORIZED, "未登陸");
}
- 但在前端調用時,進行options預檢時,報以下錯誤
Failed to load http://127.0.0.1:9080/getUserInfo: Response for preflight is invalid (redirect)
exception.js:32 Error: Network Error
at createError (createError.js:16)
at XMLHttpRequest.handleError (xhr.js:87)
經分析,報錯原因是進行預檢時,沒有帶上token,倒置會重定向到unauth路徑中,是以進行調用時,會報如下錯誤。
解決辦法是通過過濾器,如果判斷請求為OPTIONS預檢時,直接傳回成功。 示例代碼如下:
package com.starmark.core.shiro.advice;
import org.springframework.boot.web.servlet.ServletComponentScan;
import org.springframework.stereotype.Component;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@Component
@ServletComponentScan
@WebFilter(urlPatterns = "/*",filterName = "shiroLoginFilter")
public class ShiroLoginFilter implements Filter {
private FilterConfig config = null;
@Override
public void init(FilterConfig config) throws ServletException {
this.config = config;
}
@Override
public void destroy() {
this.config = null;
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) servletResponse;
HttpServletRequest request = (HttpServletRequest) servletRequest;
// 允許哪些Origin發起跨域請求,nginx下正常
// response.setHeader( "Access-Control-Allow-Origin", config.getInitParameter( "AccessControlAllowOrigin" ) );
response.setHeader( "Access-Control-Allow-Origin", "*" );
// 允許請求的方法
response.setHeader( "Access-Control-Allow-Methods", "POST,GET,OPTIONS,DELETE,PUT" );
// 多少秒内,不需要再發送預檢驗請求,可以緩存該結果
response.setHeader( "Access-Control-Max-Age", "3600" );
// 表明它允許跨域請求包含xxx頭
response.setHeader( "Access-Control-Allow-Headers", "x-auth-token,Origin,Access-Token,X-Requested-With,Content-Type, Accept" );
//是否允許浏覽器攜帶使用者身份資訊(cookie)
response.setHeader( "Access-Control-Allow-Credentials", "true" );
// response.setHeader( "Access-Control-Expose-Headers", "*" );
if (request.getMethod().equals( "OPTIONS" )) {
response.setStatus( 200 );
return;
}
filterChain.doFilter( servletRequest, response );
}
}
加入該過濾器後,解決了。
![使用underscore的template自定義模闆[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)