Preflight OPTIONS request to SOAP service does not work

百般思念 提交于 2021-02-07 21:48:31

问题


What I want to do: Call a cross-domain SOAP-Service from JavaScript using jQuery with the jQuery Soap plugin (by Remy Blom). (that is, I call $.soap(); in JavaScript)

What I did: CORS Setting on the server side (CXF) are working (using the org.eclipse.jetty.servlets.CrossOriginFilter), so the following is present in the answer:

Access-Control-Allow-Head...    X-Requested-With,Content-Type,Accept,Origin
Access-Control-Allow-Meth...    GET,POST,OPTIONS,HEAD
Access-Control-Allow-Orig...    http://localhost:8082
Content-Type                    application/soap+xml;charset=UTF-8

What is missing: Firefox and Chrome send preflight OPTIONS requests prior to the POST request for the SOAP call. Obviously SOAP does not allow the OPTIONS verb.

It does not work with SoapUI (5.0) as well as CXF (2.7.7). It is even stated in a comment in org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor line 130ff:

/*
 * Reject OPTIONS, and any other noise that is not allowed in SOAP.
 */

So, my question is: How can I modify my SOAP servcie implementation (using CXF), such that the OPTIONS request returns successfully?


回答1:


Even if it's a little bit late, I had the same problem recently and maybe it will help future travelers.

In the case of an OPTIONS request you may not continue with the FilterChain. I created a simple CORSFilter, which looks like this:

import java.io.IOException;
import javax.servlet.*;
import javax.servlet.http.*

public class CORSFilter implements Filter {
    @Override
    public void init(FilterConfig filterConfig) throws ServletException {}

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        HttpServletRequest req = (HttpServletRequest) request;
        HttpServletResponse resp = (HttpServletResponse) response;

        resp.addHeader("Access-Control-Allow-Origin", "*");
        resp.addHeader("Access-Control-Allow-Methods", "GET, POST");
        resp.addHeader("Access-Control-Allow-Headers", req.getHeader("Access-Control-Request-Headers"));

        if (!req.getMethod().equalsIgnoreCase("OPTIONS")) {
            chain.doFilter(request, response)
        }
    }

    @Override
    public void destroy() {}
}

And I added the following to my web.xml:

<filter>
    <filter-name>CORSFilter</filter-name>
    <filter-class>CORSFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>CORSFilter</filter-name>
    <url-pattern>/api/*</url-pattern>
</filter-mapping>


来源:https://stackoverflow.com/questions/28451459/preflight-options-request-to-soap-service-does-not-work

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!