youhua

2026-03-23 00:08:19 +08:00
parent ca33e0d3c5
commit 2fdd842b89
11 changed files with 1196 additions and 380 deletions
--- a/src/main/java/com/it/rattan/config/WebConfig.java
+++ b/src/main/java/com/it/rattan/config/WebConfig.java
@@ -1,13 +1,17 @@
 package com.it.rattan.config;

+import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.web.cors.CorsConfiguration;
-import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
-import org.springframework.web.filter.CorsFilter;
+import org.springframework.core.Ordered;
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

+import javax.servlet.*;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
@Configuration
 public class WebConfig implements WebMvcConfigurer {

@@ -17,24 +21,46 @@ public class WebConfig implements WebMvcConfigurer {
    }

    /**
-     * 跨域配置
+     * 跨域过滤器 - 支持凭证，最高优先级
     */
    @Bean
-    public CorsFilter corsFilter() {
-        CorsConfiguration config = new CorsConfiguration();
-        // 允许所有来源
-        config.addAllowedOrigin("*");
-        // 允许所有请求头
-        config.addAllowedHeader("*");
-        // 允许所有请求方法
-        config.addAllowedMethod("*");
-        // 允许携带凭证
-        config.setAllowCredentials(true);
-        // 预检请求缓存时间
-        config.setMaxAge(3600L);
+    public FilterRegistrationBean<Filter> corsFilterRegistration() {
+        FilterRegistrationBean<Filter> registration = new FilterRegistrationBean<>();
+        registration.setFilter(new CorsFilter());
+        registration.addUrlPatterns("/*");
+        registration.setName("corsFilter");
+        registration.setOrder(Ordered.HIGHEST_PRECEDENCE);
+        return registration;
+    }

-        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
-        source.registerCorsConfiguration("/**", config);
-        return new CorsFilter(source);
+    /**
+     * CORS 过滤器实现
+     */
+    private static class CorsFilter implements Filter {
+        @Override
+        public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
+                throws IOException, ServletException {
+            HttpServletResponse response = (HttpServletResponse) res;
+            HttpServletRequest request = (HttpServletRequest) req;
+
+            String origin = request.getHeader("Origin");
+            if (origin != null) {
+                response.setHeader("Access-Control-Allow-Origin", origin);
+            } else {
+                response.setHeader("Access-Control-Allow-Origin", "*");
+            }
+            response.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
+            response.setHeader("Access-Control-Allow-Headers", "*");
+            response.setHeader("Access-Control-Allow-Credentials", "true");
+            response.setHeader("Access-Control-Expose-Headers", "Authorization");
+            response.setHeader("Access-Control-Max-Age", "3600");
+
+            if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
+                response.setStatus(HttpServletResponse.SC_OK);
+                return;
+            }
+
+            chain.doFilter(req, res);
+        }
    }
 }