如何在 JAX-RS Web 服务上启用跨域请求? [英] How to enable Cross domain requests on JAX-RS web services?

问题描述

我开发了一套宁静的网络服务.由于错误，我无法从远程客户端调用任何这些方法请求的资源上没有Access-Control-Allow-Origin"标头.

I developed a set of restful web services. I couldn't call any of these methods from remote clients due to the error No 'Access-Control-Allow-Origin' header is present on the requested resource.

服务在本地主机上完美运行.服务器端是否有任何更改或配置可以解决问题.即启用跨域请求.

The services work perfectly on localhost. Is there any changes or configs to do on the server side to resolve the issue. i.e. to enable cross domain requests.

我正在使用 WildFly 8、JavaEE 7

I'm using WildFly 8, JavaEE 7

推荐答案

我也想知道同样的事情，所以经过一番研究，我发现最简单的方法就是使用 JAX-RS ContainerResponseFilter 添加相关的 CORS 标头.这样您就不需要用 CXF 替换整个 Web 服务堆栈(Wildfly 使用 CXF 是某种形式，但它看起来不像它用于 JAX-RS 可能只有 JAX-WS).

I was wondering the same thing, so after a bit of research I found that the easiest way was simply to use a JAX-RS ContainerResponseFilter to add the relevant CORS headers. This way you don't need to replace the whole web services stack with CXF (Wildfly uses CXF is some form, but it doesn't look like it uses it for JAX-RS maybe only JAX-WS).

无论您是否使用此过滤器，它都会将标头添加到每个 REST Web 服务.

Regardless if you use this filter it will add the headers to every REST webservice.

package com.yourdomain.package;

import java.io.IOException;

import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.container.ContainerResponseFilter;
import javax.ws.rs.ext.Provider;

@Provider
public class CORSFilter implements ContainerResponseFilter {

   @Override
   public void filter(final ContainerRequestContext requestContext,
                      final ContainerResponseContext cres) throws IOException {
      cres.getHeaders().add("Access-Control-Allow-Origin", "*");
      cres.getHeaders().add("Access-Control-Allow-Headers", "origin, content-type, accept, authorization");
      cres.getHeaders().add("Access-Control-Allow-Credentials", "true");
      cres.getHeaders().add("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, HEAD");
      cres.getHeaders().add("Access-Control-Max-Age", "1209600");
   }

}

然后，当我使用 curl 进行测试时，响应包含 CORS 标头:

Then when I tested with curl, the response had the CORS headers:

$ curl -D - "http://localhost:8080/rest/test"
HTTP/1.1 200 OK
X-Powered-By: Undertow 1
Access-Control-Allow-Headers: origin, content-type, accept, authorization
Server: Wildfly 8
Date: Tue, 13 May 2014 12:30:00 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Transfer-Encoding: chunked
Content-Type: application/json
Access-Control-Max-Age: 1209600
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS, HEAD

我的理解是 @Provider 注释告诉 JAX-RS 运行时使用过滤器，没有注释什么都不会发生.

My understanding is that it's the @Provider annotation that tells the JAX-RS runtime to use the filter, without the annotation nothing happens.

我从 泽西岛示例.

I got the idea about using the ContainerResponseFilter from a Jersey example.

这篇关于如何在 JAX-RS Web 服务上启用跨域请求?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！