我一直在使用公开 SOAP 和 Restful 网络服务的企业应用程序。我在 web.xml 中实现 CORS 过滤器时使用了带有跨域调用的 Restful webservice。现在我正在尝试使用 SOAP 服务(我的 ajax 调用发生在该服务中)。这里如何配置CORS过滤器来跨域访问
添加代码片段
由于 Rest 实现是 servlet 映射,我的 servlet 映射如下
<servlet-name>RestServlet</servlet-name>
<servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
<init-param>
<param-name>com.sun.jersey.config.property.packages</param-name>
<param-value>com.servicedata.service</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>RestServlet</servlet-name>
<url-pattern>/services/*</url-pattern>
</servlet-mapping>
我已将我的应用程序部署在应用程序服务器中, 我的 Applciation.xml 看起来像这样
<module>
<web>
<web-uri>UI.war</web-uri>
<context-root>Web</context-root>
</web>
</module>
<module>
<web>
<web-uri>Router.war</web-uri>
<context-root>Router</context-root>
</web>
所以它会暴露在 http:<hostname>:<port>/Router/services/myservice/123
我可以使用 Restclient 访问此 URL,并得到了响应。
当我进行 ajax 调用时,我的应用程序不允许访问我的服务。[身份验证被拒绝]
所以我为此添加了一个 CORS 过滤器
class ResponseFilter{
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
httpServletResponse.setHeader("Access-Control-Allow-Origin", "*");
httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
httpServletResponse.setHeader("Access-Control-Max-Age", "3600");
httpServletResponse.setHeader("Access-Control-Allow-Headers", "x-requested-with");
chain.doFilter(request, response);
}
}
在 Web.xml 中
<filter>
<filter-name>CORS</filter-name>
<filter-class>com.servlet.ResponseFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CORS</filter-name>
<url-pattern>/services/*</url-pattern>
</filter-mapping>
它适用于休息,这很好。如果是 SOAP
我的 SOAP URL 是 http:<hostname>:<port>/Business/service/Manager
这是将在我的 wsdl 中定义的 URL。
因此,当我尝试访问部署在应用程序中的 SOAP 时,它不允许访问。这里不允许跨源,因为我有从本地 server.localhost 到主机服务器的 ajax 调用
我已经为 Rest 配置了 CORS,因为它是 servlet 映射。我该如何做 SOAP 服务。
最佳答案
1) 创建“handler.xml”并放入处理程序类的这些行。
<javaee:handler-chains xmlns:javaee="http://java.sun.com/xml/ns/javaee"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<javaee:handler-chain>
<javaee:handler>
<javaee:handler-class>somepackage.MySOAPHandler</javaee:handler-class>
</javaee:handler>
</javaee:handler-chain>
</javaee:handler-chains>
2) 在“somepackage”包中创建 SOAPHandler 类。
import javax.servlet.http.HttpServletResponse;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPMessage;
import javax.xml.transform.Source;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.stream.StreamResult;
import javax.xml.ws.handler.MessageContext;
import javax.xml.ws.handler.soap.SOAPHandler;
import javax.xml.ws.handler.soap.SOAPMessageContext;
import org.apache.log4j.Logger;
public class MySOAPHandler implements SOAPHandler<SOAPMessageContext> {
Logger logger;
public MySOAPHandler() {
super();
logger = Logger.getLogger(MySOAPHandler.class);
}
@Override
public void close(MessageContext arg0) {
}
@Override
public boolean handleFault(SOAPMessageContext arg0) {
return false;
}
@Override
public boolean handleMessage(SOAPMessageContext smc) {
System.out.println("Handling soap message...");
Map<String, List<String>> map = (Map<String, List<String>>)smc.get(MessageContext.HTTP_REQUEST_HEADERS);
Boolean outboundProperty = (Boolean) smc
.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);
if (outboundProperty.booleanValue()) {
logger.debug("\nOutbound message:");
//this is underlying http response object
HttpServletResponse response = (HttpServletResponse) smc.get(MessageContext.SERVLET_RESPONSE);
response.addHeader("Access-Control-Allow-Origin", "*");
response.addHeader("Access-Control-Allow-Credentials", "false");
response.addHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.addHeader("Access-Control-Allow-Headers", "Origin, Accept, x-requested-with, Content-Type, SOAPAction, Access-Control-Allow-Headers, Access-Control-Response-Headers, Access-Control-Allow-Methods, Access-Control-Allow-Origin");
} else {
logger.debug("\nInbound message:");
}
} catch (Exception e) {
e.printStackTrace();
}
return true;
}
@Override
public Set<QName> getHeaders() {
return null;
}
}
3) 为您的 WebServiceProvider 添加注释
@ServiceMode(value = javax.xml.ws.Service.Mode.MESSAGE)
@HandlerChain(file="handler.xml")
@WebServiceProvider(serviceName = "MyWS", portName = "MyWSPort", targetNamespace = "http://namespace = "WEB-INF/wsdl/MyWSDL.wsdl")
public class MyWS implements javax.xml.ws.Provider<SOAPMessage> {
...
}
然后就可以了。
关于java - 使用 CORS 过滤器进行 SOAP 服务,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/28434969/