最近集成shiro到项目中,遇到该一个报复Response for preflight is invalid (redirect)的问题。
- shiro集成,配置无权限的路径
@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean shiroFilterFactoryBean(DefaultWebSecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
shiroFilterFactoryBean.setLoginUrl("/unauth");
shiroFilterFactoryBean.setUnauthorizedUrl("/forbidden");
Map<String, String> filterMap = InstanceUtil.newLinkedHashMap();
for (String filter : filters.split("\\;")) {
String[] keyValue = filter.split("\\=");
filterMap.put(keyValue[0], keyValue[1]);
}
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
return shiroFilterFactoryBean;
}
将登陆地址的url地址配置为/unauth
- 将无权限的路径配置成返回json数据
@RequestMapping(value = "/unauth")
@ResponseBody
public Object unauth() {
return ErrorResponseData.newInstance(HttpCode.UNAUTHORIZED, "未登陆");
}
- 但在前端调用时,进行options预检时,报以下错误
Failed to load http://127.0.0.1:9080/getUserInfo: Response for preflight is invalid (redirect)
exception.js:32 Error: Network Error
at createError (createError.js:16)
at XMLHttpRequest.handleError (xhr.js:87)
经分析,报错原因是进行预检时,没有带上token,倒置会重定向到unauth路径中,所以进行调用时,会报如下错误。
解决办法是通过过滤器,如果判断请求为OPTIONS预检时,直接返回成功。 示例代码如下:
package com.starmark.core.shiro.advice;
import org.springframework.boot.web.servlet.ServletComponentScan;
import org.springframework.stereotype.Component;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@Component
@ServletComponentScan
@WebFilter(urlPatterns = "/*",filterName = "shiroLoginFilter")
public class ShiroLoginFilter implements Filter {
private FilterConfig config = null;
@Override
public void init(FilterConfig config) throws ServletException {
this.config = config;
}
@Override
public void destroy() {
this.config = null;
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) servletResponse;
HttpServletRequest request = (HttpServletRequest) servletRequest;
// 允许哪些Origin发起跨域请求,nginx下正常
// response.setHeader( "Access-Control-Allow-Origin", config.getInitParameter( "AccessControlAllowOrigin" ) );
response.setHeader( "Access-Control-Allow-Origin", "*" );
// 允许请求的方法
response.setHeader( "Access-Control-Allow-Methods", "POST,GET,OPTIONS,DELETE,PUT" );
// 多少秒内,不需要再发送预检验请求,可以缓存该结果
response.setHeader( "Access-Control-Max-Age", "3600" );
// 表明它允许跨域请求包含xxx头
response.setHeader( "Access-Control-Allow-Headers", "x-auth-token,Origin,Access-Token,X-Requested-With,Content-Type, Accept" );
//是否允许浏览器携带用户身份信息(cookie)
response.setHeader( "Access-Control-Allow-Credentials", "true" );
// response.setHeader( "Access-Control-Expose-Headers", "*" );
if (request.getMethod().equals( "OPTIONS" )) {
response.setStatus( 200 );
return;
}
filterChain.doFilter( servletRequest, response );
}
}
加入该过滤器后,解决了。
