=============
后端_跨域访问
=============

对于前后端分离的项目，不可避免地存在跨域访问问题。

本项目直接在后端进行全局跨域处理。

1 添加跨域访问配置类

/src/main/java/com/weihome/barblog/config/CorsConfig.java：

/**
 * 跨域访问配置类
 */
@Configuration
public class CorsConfig implements WebMvcConfigurer {
    @Override
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/**")
            .allowedOrigins("*")
            .allowedMethods("GET", "HEAD", "POST", "PUT", "DELETE", "OPTIONS")
            .allowCredentials(true)
            .maxAge(3600)
            .allowedHeaders("*");
    }
}

2 为JWT过滤器类的预处理方法中添加针对跨域访问的操作

/src/main/java/com/weihome/barblog/shiro/JwtFilter.java：

...
public class JwtFilter extends AuthenticatingFilter {
    ...
    /**
     * 预处理
     */
    @Override
    protected boolean preHandle(
        ServletRequest servletRequest, ServletResponse servletResponse)
        throws Exception {
        HttpServletRequest request =
            WebUtils.toHttp(servletRequest);

        // 针对跨域访问时的OPTIONS请求，响应以正常状态(200)
        if (request.getMethod().equals(RequestMethod.OPTIONS.name())) {
            HttpServletResponse response =
                WebUtils.toHttp(servletResponse);

            response.setHeader("Access-control-Allow-Origin",
                request.getHeader("Origin"));
            response.setHeader("Access-Control-Allow-Methods",
                "GET,POST,OPTIONS,PUT,DELETE");
            response.setHeader("Access-Control-Allow-Headers",
                request.getHeader("Access-Control-Request-Headers"));
            response.setStatus(
                org.springframework.http.HttpStatus.OK.value());

            return false;
        }

        return super.preHandle(servletRequest, servletResponse);
    }
    ...
}