HttpServletpublic abstract class HttpServlet extends GenericServlet implements SerializableProvides an abstract class to be subclassed to create
an HTTP servlet suitable for a Web site. A subclass of
HttpServlet must override at least
one method, usually one of these:
-
doGet, if the servlet supports HTTP GET requests
-
doPost, for HTTP POST requests
-
doPut, for HTTP PUT requests
-
doDelete, for HTTP DELETE requests
-
init and destroy,
to manage resources that are held for the life of the servlet
-
getServletInfo, which the servlet uses to
provide information about itself
There's almost no reason to override the service
method. service handles standard HTTP
requests by dispatching them to the handler methods
for each HTTP request type (the doXXX
methods listed above).
Likewise, there's almost no reason to override the
doOptions and doTrace methods.
Servlets typically run on multithreaded servers,
so be aware that a servlet must handle concurrent
requests and be careful to synchronize access to shared resources.
Shared resources include in-memory data such as
instance or class variables and external objects
such as files, database connections, and network
connections.
See the
Java Tutorial on Multithreaded Programming for more
information on handling multiple threads in a Java program. |
| Fields Summary |
|---|
| private static final String | METHOD_DELETE | | private static final String | METHOD_HEAD | | private static final String | METHOD_GET | | private static final String | METHOD_OPTIONS | | private static final String | METHOD_POST | | private static final String | METHOD_PUT | | private static final String | METHOD_TRACE | | private static final String | HEADER_IFMODSINCE | | private static final String | HEADER_LASTMOD | | private static final String | LSTRING_FILE | | private static ResourceBundle | lStrings |
| Constructors Summary |
|---|
public HttpServlet()Does nothing, because this is an abstract class.
|
| Methods Summary |
|---|
| protected void | doDelete(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)Called by the server (via the service method)
to allow a servlet to handle a DELETE request.
The DELETE operation allows a client to remove a document
or Web page from the server.
This method does not need to be either safe
or idempotent. Operations requested through
DELETE can have side effects for which users
can be held accountable. When using
this method, it may be useful to save a copy of the
affected URL in temporary storage.
If the HTTP DELETE request is incorrectly formatted,
doDelete returns an HTTP "Bad Request"
message.
String protocol = req.getProtocol();
String msg = lStrings.getString("http.method_delete_not_supported");
if (protocol.endsWith("1.1")) {
resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED, msg);
} else {
resp.sendError(HttpServletResponse.SC_BAD_REQUEST, msg);
}
| | protected void | doGet(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)Called by the server (via the service method) to
allow a servlet to handle a GET request.
Overriding this method to support a GET request also
automatically supports an HTTP HEAD request. A HEAD
request is a GET request that returns no body in the
response, only the request header fields.
When overriding this method, read the request data,
write the response headers, get the response's writer or
output stream object, and finally, write the response data.
It's best to include content type and encoding. When using
a PrintWriter object to return the response,
set the content type before accessing the
PrintWriter object.
The servlet container must write the headers before
committing the response, because in HTTP the headers must be sent
before the response body.
Where possible, set the Content-Length header (with the
{@link javax.servlet.ServletResponse#setContentLength} method),
to allow the servlet container to use a persistent connection
to return its response to the client, improving performance.
The content length is automatically set if the entire response fits
inside the response buffer.
When using HTTP 1.1 chunked encoding (which means that the response
has a Transfer-Encoding header), do not set the Content-Length header.
The GET method should be safe, that is, without
any side effects for which users are held responsible.
For example, most form queries have no side effects.
If a client request is intended to change stored data,
the request should use some other HTTP method.
The GET method should also be idempotent, meaning
that it can be safely repeated. Sometimes making a
method safe also makes it idempotent. For example,
repeating queries is both safe and idempotent, but
buying a product online or modifying data is neither
safe nor idempotent.
If the request is incorrectly formatted, doGet
returns an HTTP "Bad Request" message.
String protocol = req.getProtocol();
String msg = lStrings.getString("http.method_get_not_supported");
if (protocol.endsWith("1.1")) {
resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED, msg);
} else {
resp.sendError(HttpServletResponse.SC_BAD_REQUEST, msg);
}
| | protected void | doHead(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)Receives an HTTP HEAD request from the protected
service method and handles the
request.
The client sends a HEAD request when it wants
to see only the headers of a response, such as
Content-Type or Content-Length. The HTTP HEAD
method counts the output bytes in the response
to set the Content-Length header accurately.
If you override this method, you can avoid computing
the response body and just set the response headers
directly to improve performance. Make sure that the
doHead method you write is both safe
and idempotent (that is, protects itself from being
called multiple times for one HTTP HEAD request).
If the HTTP HEAD request is incorrectly formatted,
doHead returns an HTTP "Bad Request"
message.
NoBodyResponse response = new NoBodyResponse(resp);
doGet(req, response);
response.setContentLength();
| | protected void | doOptions(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)Called by the server (via the service method)
to allow a servlet to handle a OPTIONS request.
The OPTIONS request determines which HTTP methods
the server supports and
returns an appropriate header. For example, if a servlet
overrides doGet, this method returns the
following header:
Allow: GET, HEAD, TRACE, OPTIONS
There's no need to override this method unless the
servlet implements new HTTP methods, beyond those
implemented by HTTP 1.1.
Method[] methods = getAllDeclaredMethods(this.getClass());
boolean ALLOW_GET = false;
boolean ALLOW_HEAD = false;
boolean ALLOW_POST = false;
boolean ALLOW_PUT = false;
boolean ALLOW_DELETE = false;
boolean ALLOW_TRACE = true;
boolean ALLOW_OPTIONS = true;
for (int i=0; i<methods.length; i++) {
Method m = methods[i];
if (m.getName().equals("doGet")) {
ALLOW_GET = true;
ALLOW_HEAD = true;
}
if (m.getName().equals("doPost"))
ALLOW_POST = true;
if (m.getName().equals("doPut"))
ALLOW_PUT = true;
if (m.getName().equals("doDelete"))
ALLOW_DELETE = true;
}
String allow = null;
if (ALLOW_GET)
if (allow==null) allow=METHOD_GET;
if (ALLOW_HEAD)
if (allow==null) allow=METHOD_HEAD;
else allow += ", " + METHOD_HEAD;
if (ALLOW_POST)
if (allow==null) allow=METHOD_POST;
else allow += ", " + METHOD_POST;
if (ALLOW_PUT)
if (allow==null) allow=METHOD_PUT;
else allow += ", " + METHOD_PUT;
if (ALLOW_DELETE)
if (allow==null) allow=METHOD_DELETE;
else allow += ", " + METHOD_DELETE;
if (ALLOW_TRACE)
if (allow==null) allow=METHOD_TRACE;
else allow += ", " + METHOD_TRACE;
if (ALLOW_OPTIONS)
if (allow==null) allow=METHOD_OPTIONS;
else allow += ", " + METHOD_OPTIONS;
resp.setHeader("Allow", allow);
| | protected void | doPost(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)Called by the server (via the service method)
to allow a servlet to handle a POST request.
The HTTP POST method allows the client to send
data of unlimited length to the Web server a single time
and is useful when posting information such as
credit card numbers.
When overriding this method, read the request data,
write the response headers, get the response's writer or output
stream object, and finally, write the response data. It's best
to include content type and encoding. When using a
PrintWriter object to return the response, set the
content type before accessing the PrintWriter object.
The servlet container must write the headers before committing the
response, because in HTTP the headers must be sent before the
response body.
Where possible, set the Content-Length header (with the
{@link javax.servlet.ServletResponse#setContentLength} method),
to allow the servlet container to use a persistent connection
to return its response to the client, improving performance.
The content length is automatically set if the entire response fits
inside the response buffer.
When using HTTP 1.1 chunked encoding (which means that the response
has a Transfer-Encoding header), do not set the Content-Length header.
This method does not need to be either safe or idempotent.
Operations requested through POST can have side effects for
which the user can be held accountable, for example,
updating stored data or buying items online.
If the HTTP POST request is incorrectly formatted,
doPost returns an HTTP "Bad Request" message.
String protocol = req.getProtocol();
String msg = lStrings.getString("http.method_post_not_supported");
if (protocol.endsWith("1.1")) {
resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED, msg);
} else {
resp.sendError(HttpServletResponse.SC_BAD_REQUEST, msg);
}
| | protected void | doPut(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)Called by the server (via the service method)
to allow a servlet to handle a PUT request.
The PUT operation allows a client to
place a file on the server and is similar to
sending a file by FTP.
When overriding this method, leave intact
any content headers sent with the request (including
Content-Length, Content-Type, Content-Transfer-Encoding,
Content-Encoding, Content-Base, Content-Language, Content-Location,
Content-MD5, and Content-Range). If your method cannot
handle a content header, it must issue an error message
(HTTP 501 - Not Implemented) and discard the request.
For more information on HTTP 1.1, see RFC 2616
.
This method does not need to be either safe or idempotent.
Operations that doPut performs can have side
effects for which the user can be held accountable. When using
this method, it may be useful to save a copy of the
affected URL in temporary storage.
If the HTTP PUT request is incorrectly formatted,
doPut returns an HTTP "Bad Request" message.
String protocol = req.getProtocol();
String msg = lStrings.getString("http.method_put_not_supported");
if (protocol.endsWith("1.1")) {
resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED, msg);
} else {
resp.sendError(HttpServletResponse.SC_BAD_REQUEST, msg);
}
| | protected void | doTrace(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)Called by the server (via the service method)
to allow a servlet to handle a TRACE request.
A TRACE returns the headers sent with the TRACE
request to the client, so that they can be used in
debugging. There's no need to override this method.
int responseLength;
String CRLF = "\r\n";
String responseString = "TRACE "+ req.getRequestURI()+
" " + req.getProtocol();
Enumeration reqHeaderEnum = req.getHeaderNames();
while( reqHeaderEnum.hasMoreElements() ) {
String headerName = (String)reqHeaderEnum.nextElement();
responseString += CRLF + headerName + ": " +
req.getHeader(headerName);
}
responseString += CRLF;
responseLength = responseString.length();
resp.setContentType("message/http");
resp.setContentLength(responseLength);
ServletOutputStream out = resp.getOutputStream();
out.print(responseString);
| | private java.lang.reflect.Method[] | getAllDeclaredMethods(java.lang.Class c)
if (c.equals(javax.servlet.http.HttpServlet.class)) {
return null;
}
Method[] parentMethods = getAllDeclaredMethods(c.getSuperclass());
Method[] thisMethods = c.getDeclaredMethods();
if ((parentMethods != null) && (parentMethods.length > 0)) {
Method[] allMethods =
new Method[parentMethods.length + thisMethods.length];
System.arraycopy(parentMethods, 0, allMethods, 0,
parentMethods.length);
System.arraycopy(thisMethods, 0, allMethods, parentMethods.length,
thisMethods.length);
thisMethods = allMethods;
}
return thisMethods;
| | protected long | getLastModified(javax.servlet.http.HttpServletRequest req)Returns the time the HttpServletRequest
object was last modified,
in milliseconds since midnight January 1, 1970 GMT.
If the time is unknown, this method returns a negative
number (the default).
Servlets that support HTTP GET requests and can quickly determine
their last modification time should override this method.
This makes browser and proxy caches work more effectively,
reducing the load on server and network resources.
return -1;
| | private void | maybeSetLastModified(javax.servlet.http.HttpServletResponse resp, long lastModified)
if (resp.containsHeader(HEADER_LASTMOD))
return;
if (lastModified >= 0)
resp.setDateHeader(HEADER_LASTMOD, lastModified);
| | protected void | service(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)Receives standard HTTP requests from the public
service method and dispatches
them to the doXXX methods defined in
this class. This method is an HTTP-specific version of the
{@link javax.servlet.Servlet#service} method. There's no
need to override this method.
String method = req.getMethod();
if (method.equals(METHOD_GET)) {
long lastModified = getLastModified(req);
if (lastModified == -1) {
// servlet doesn't support if-modified-since, no reason
// to go through further expensive logic
doGet(req, resp);
} else {
long ifModifiedSince = req.getDateHeader(HEADER_IFMODSINCE);
if (ifModifiedSince < (lastModified / 1000 * 1000)) {
// If the servlet mod time is later, call doGet()
// Round down to the nearest second for a proper compare
// A ifModifiedSince of -1 will always be less
maybeSetLastModified(resp, lastModified);
doGet(req, resp);
} else {
resp.setStatus(HttpServletResponse.SC_NOT_MODIFIED);
}
}
} else if (method.equals(METHOD_HEAD)) {
long lastModified = getLastModified(req);
maybeSetLastModified(resp, lastModified);
doHead(req, resp);
} else if (method.equals(METHOD_POST)) {
doPost(req, resp);
} else if (method.equals(METHOD_PUT)) {
doPut(req, resp);
} else if (method.equals(METHOD_DELETE)) {
doDelete(req, resp);
} else if (method.equals(METHOD_OPTIONS)) {
doOptions(req,resp);
} else if (method.equals(METHOD_TRACE)) {
doTrace(req,resp);
} else {
//
// Note that this means NO servlet supports whatever
// method was requested, anywhere on this server.
//
String errMsg = lStrings.getString("http.method_not_implemented");
Object[] errArgs = new Object[1];
errArgs[0] = method;
errMsg = MessageFormat.format(errMsg, errArgs);
resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, errMsg);
}
| | public void | service(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res)Dispatches client requests to the protected
service method. There's no need to
override this method.
HttpServletRequest request;
HttpServletResponse response;
try {
request = (HttpServletRequest) req;
response = (HttpServletResponse) res;
} catch (ClassCastException e) {
throw new ServletException("non-HTTP request or response");
}
service(request, response);
|
|
