public interface HttpServletRequest extends ServletRequest
ServletRequest
interface to provide
request information for HTTP servlets.
The servlet container creates an HttpServletRequest
object and passes it as an argument to the servlet's service
methods (doGet
, doPost
, etc).
Modifier and Type | Field and Description |
---|---|
static String |
BASIC_AUTH
String identifier for Basic authentication.
|
static String |
CLIENT_CERT_AUTH
String identifier for Client Certificate authentication.
|
static String |
DIGEST_AUTH
String identifier for Digest authentication.
|
static String |
FORM_AUTH
String identifier for Form authentication.
|
Modifier and Type | Method and Description |
---|---|
boolean |
authenticate(HttpServletResponse response)
Use the container login mechanism configured for the
ServletContext to authenticate the user making
this request. |
String |
changeSessionId()
Change the session id of the current session associated with this
request and return the new session id.
|
String |
getAuthType()
Returns the name of the authentication scheme used to protect
the servlet.
|
String |
getContextPath()
Returns the portion of the request URI that indicates the context
of the request.
|
Cookie[] |
getCookies()
Returns an array containing all of the
Cookie
objects the client sent with this request. |
long |
getDateHeader(String name)
Returns the value of the specified request header
as a
long value that represents a
Date object. |
String |
getHeader(String name)
Returns the value of the specified request header
as a
String . |
Enumeration<String> |
getHeaderNames()
Returns an enumeration of all the header names
this request contains.
|
Enumeration<String> |
getHeaders(String name)
Returns all the values of the specified request header
as an
Enumeration of String objects. |
default HttpServletMapping |
getHttpServletMapping()
|
int |
getIntHeader(String name)
Returns the value of the specified request header
as an
int . |
String |
getMethod()
Returns the name of the HTTP method with which this
request was made, for example, GET, POST, or PUT.
|
Part |
getPart(String name)
Gets the
Part with the given name. |
Collection<Part> |
getParts()
Gets all the
Part components of this request, provided
that it is of type multipart/form-data . |
String |
getPathInfo()
Returns any extra path information associated with
the URL the client sent when it made this request.
|
String |
getPathTranslated()
Returns any extra path information after the servlet name
but before the query string, and translates it to a real
path.
|
String |
getQueryString()
Returns the query string that is contained in the request
URL after the path.
|
String |
getRemoteUser()
Returns the login of the user making this request, if the
user has been authenticated, or
null if the user
has not been authenticated. |
String |
getRequestedSessionId()
Returns the session ID specified by the client.
|
String |
getRequestURI()
Returns the part of this request's URL from the protocol
name up to the query string in the first line of the HTTP request.
|
StringBuffer |
getRequestURL()
Reconstructs the URL the client used to make the request.
|
String |
getServletPath()
Returns the part of this request's URL that calls
the servlet.
|
HttpSession |
getSession()
Returns the current session associated with this request,
or if the request does not have a session, creates one.
|
HttpSession |
getSession(boolean create)
Returns the current
HttpSession
associated with this request or, if there is no
current session and create is true, returns
a new session. |
default Map<String,String> |
getTrailerFields()
Get the request trailer fields.
|
Principal |
getUserPrincipal()
Returns a
java.security.Principal object containing
the name of the current authenticated user. |
boolean |
isRequestedSessionIdFromCookie()
Checks whether the requested session ID was conveyed to the
server as an HTTP cookie.
|
boolean |
isRequestedSessionIdFromUrl()
Deprecated.
As of Version 2.1 of the Java Servlet
API, use
isRequestedSessionIdFromURL()
instead. |
boolean |
isRequestedSessionIdFromURL()
Checks whether the requested session ID was conveyed to the
server as part of the request URL.
|
boolean |
isRequestedSessionIdValid()
Checks whether the requested session ID is still valid.
|
default boolean |
isTrailerFieldsReady()
Return a boolean indicating whether trailer fields are ready to read
using
getTrailerFields() . |
boolean |
isUserInRole(String role)
Returns a boolean indicating whether the authenticated user is included
in the specified logical "role".
|
void |
login(String username,
String password)
Validate the provided username and password in the password validation
realm used by the web container login mechanism configured for the
ServletContext . |
void |
logout()
Establish
null as the value returned when
getUserPrincipal , getRemoteUser ,
and getAuthType is called on the request. |
default PushBuilder |
newPushBuilder()
Instantiates a new instance of
PushBuilder for issuing server
push responses from the current request. |
<T extends HttpUpgradeHandler> |
upgrade(Class<T> handlerClass)
Creates an instance of
HttpUpgradeHandler for a given
class and uses it for the http protocol upgrade processing. |
getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentLengthLong, getContentType, getDispatcherType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameter, getParameterMap, getParameterNames, getParameterValues, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequestDispatcher, getScheme, getServerName, getServerPort, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, removeAttribute, setAttribute, setCharacterEncoding, startAsync, startAsync
static final String BASIC_AUTH
static final String FORM_AUTH
static final String CLIENT_CERT_AUTH
static final String DIGEST_AUTH
String getAuthType()
null
is returned.
Same as the value of the CGI variable AUTH_TYPE.
null
if the request was
not authenticated.Cookie[] getCookies()
Cookie
objects the client sent with this request.
This method returns null
if no cookies were sent.Cookies
included with this request, or null
if the request has no cookieslong getDateHeader(String name)
long
value that represents a
Date
object. Use this method with
headers that contain dates, such as
If-Modified-Since
.
The date is returned as the number of milliseconds since January 1, 1970 GMT. The header name is case insensitive.
If the request did not have a header of the
specified name, this method returns -1. If the header
can't be converted to a date, the method throws
an IllegalArgumentException
.
name
- a String
specifying the
name of the headerlong
value
representing the date specified
in the header expressed as
the number of milliseconds
since January 1, 1970 GMT,
or -1 if the named header
was not included with the
requestIllegalArgumentException
- If the header value
can't be converted
to a dateString getHeader(String name)
String
. If the request did not include a header
of the specified name, this method returns null
.
If there are multiple headers with the same name, this method
returns the first head in the request.
The header name is case insensitive. You can use
this method with any request header.name
- a String
specifying the
header nameString
containing the
value of the requested
header, or null
if the request does not
have a header of that nameEnumeration<String> getHeaders(String name)
Enumeration
of String
objects.
Some headers, such as Accept-Language
can be sent
by clients as several headers each with a different value rather than
sending the header as a comma separated list.
If the request did not include any headers
of the specified name, this method returns an empty
Enumeration
.
The header name is case insensitive. You can use
this method with any request header.
name
- a String
specifying the
header nameEnumeration
containing
the values of the requested header. If
the request does not have any headers of
that name return an empty
enumeration. If
the container does not allow access to
header information, return nullEnumeration<String> getHeaderNames()
Some servlet containers do not allow
servlets to access headers using this method, in
which case this method returns null
null
int getIntHeader(String name)
int
. If the request does not have a header
of the specified name, this method returns -1. If the
header cannot be converted to an integer, this method
throws a NumberFormatException
.
The header name is case insensitive.
name
- a String
specifying the name
of a request headerNumberFormatException
- If the header value
can't be converted
to an int
default HttpServletMapping getHttpServletMapping()
Return the HttpServletMapping
by which the HttpServlet
for this HttpServletRequest
was invoked.
The mappings for any applicable Filter
s are
not indicated in the result. If the currently active Servlet
invocation was obtained by a call to
ServletRequest.getRequestDispatcher(java.lang.String)
followed by a call to
RequestDispatcher.forward(javax.servlet.ServletRequest, javax.servlet.ServletResponse)
, the returned HttpServletMapping
is the one corresponding to the path used to
obtain the RequestDispatcher
. If the currently active
Servlet
invocation was obtained by a call to ServletRequest.getRequestDispatcher(java.lang.String)
followed by a call to RequestDispatcher.include(javax.servlet.ServletRequest, javax.servlet.ServletResponse)
, the returned HttpServletMapping
is the one corresponding to the path that
caused the first Servlet
in the invocation sequence to be
invoked. If the currently active Servlet
invocation was
obtained by a call to AsyncContext.dispatch()
, the returned HttpServletMapping
is the one corresponding to the path that
caused the first Servlet
in the invocation sequence to be
invoked. See RequestDispatcher.FORWARD_MAPPING
, RequestDispatcher.INCLUDE_MAPPING
and AsyncContext.ASYNC_MAPPING
for additional request
attributes related to HttpServletMapping
. If the
currently active Servlet
invocation was obtained by a
call to ServletContext.getNamedDispatcher(java.lang.String)
,
the returned HttpServletMapping
is the one corresponding
to the path for the mapping last applied to this request.
The returned object is immutable. Servlet 4.0 compliant implementations must override this method.
HttpServletMapping
describing the manner in which
the current request was invoked.HttpServletMapping
that returns the empty string for the match
value, pattern and servlet name and null
for the match
type.String getMethod()
String
specifying the name
of the method with which
this request was madeString getPathInfo()
This method returns null
if there
was no extra path information.
Same as the value of the CGI variable PATH_INFO.
String
, decoded by the
web container, specifying
extra path information that comes
after the servlet path but before
the query string in the request URL;
or null
if the URL does not have
any extra path informationString getPathTranslated()
If the URL does not have any extra path information,
this method returns null
or the servlet container
cannot translate the virtual path to a real path for any reason
(such as when the web application is executed from an archive).
The web container does not decode this string.
String
specifying the
real path, or null
if
the URL does not have any extra path
informationdefault PushBuilder newPushBuilder()
PushBuilder
for issuing server
push responses from the current request. This method returns null
if the current connection does not support server push, or server
push has been disabled by the client via a
SETTINGS_ENABLE_PUSH
settings frame value of 0
(zero).PushBuilder
for issuing server push responses
from the current request, or null if push is not supportedString getContextPath()
It is possible that a servlet container may match a context by
more than one context path. In such cases this method will return the
actual context path used by the request and it may differ from the
path returned by the
ServletContext.getContextPath()
method.
The context path returned by
ServletContext.getContextPath()
should be considered as the prime or preferred context path of the
application.
String
specifying the
portion of the request URI that indicates the context
of the requestServletContext.getContextPath()
String getQueryString()
null
if the URL does not have a query string. Same as the value
of the CGI variable QUERY_STRING.String
containing the query
string or null
if the URL
contains no query string. The value is not
decoded by the container.String getRemoteUser()
null
if the user
has not been authenticated.
Whether the user name is sent with each subsequent request
depends on the browser and type of authentication. Same as the
value of the CGI variable REMOTE_USER.String
specifying the login
of the user making this request, or null
if the user login is not knownboolean isUserInRole(String role)
false
.
The role name "*" should never be used as an argument in calling
isUserInRole
. Any call to isUserInRole
with
"*" must return false.
If the role-name of the security-role to be tested is "**", and
the application has NOT declared an application security-role with
role-name "**", isUserInRole
must only return true if
the user has been authenticated; that is, only when
getRemoteUser()
and getUserPrincipal()
would both return
a non-null value. Otherwise, the container must check
the user for membership in the application role.
role
- a String
specifying the name
of the roleboolean
indicating whether
the user making this request belongs to a given role;
false
if the user has not been
authenticatedPrincipal getUserPrincipal()
java.security.Principal
object containing
the name of the current authenticated user. If the user has not been
authenticated, the method returns null
.java.security.Principal
containing
the name of the user making this request;
null
if the user has not been
authenticatedString getRequestedSessionId()
null
.String
specifying the session
ID, or null
if the request did
not specify a session IDisRequestedSessionIdValid()
String getRequestURI()
First line of HTTP request | Returned Value | |
---|---|---|
POST /some/path.html HTTP/1.1 | /some/path.html | |
GET http://foo.bar/a.html HTTP/1.0 | /a.html | |
HEAD /xyz?a=b HTTP/1.1 | /xyz |
To reconstruct an URL with a scheme and host, use
HttpUtils.getRequestURL(javax.servlet.http.HttpServletRequest)
.
String
containing
the part of the URL from the
protocol name up to the query stringHttpUtils.getRequestURL(javax.servlet.http.HttpServletRequest)
StringBuffer getRequestURL()
If this request has been forwarded using
RequestDispatcher.forward(javax.servlet.ServletRequest, javax.servlet.ServletResponse)
, the server path in the
reconstructed URL must reflect the path used to obtain the
RequestDispatcher, and not the server path specified by the client.
Because this method returns a StringBuffer
,
not a string, you can modify the URL easily, for example,
to append query parameters.
This method is useful for creating redirect messages and for reporting errors.
StringBuffer
object containing
the reconstructed URLString getServletPath()
This method will return an empty string ("") if the servlet used to process this request was matched using the "/*" pattern.
String
containing
the name or path of the servlet being
called, as specified in the request URL,
decoded, or an empty string if the servlet
used to process the request is matched
using the "/*" pattern.HttpSession getSession(boolean create)
HttpSession
associated with this request or, if there is no
current session and create
is true, returns
a new session.
If create
is false
and the request has no valid HttpSession
,
this method returns null
.
To make sure the session is properly maintained, you must call this method before the response is committed. If the container is using cookies to maintain session integrity and is asked to create a new session when the response is committed, an IllegalStateException is thrown.
create
- true
to create
a new session for this request if necessary;
false
to return null
if there's no current sessionHttpSession
associated
with this request or null
if
create
is false
and the request has no valid sessiongetSession()
HttpSession getSession()
HttpSession
associated
with this requestgetSession(boolean)
String changeSessionId()
IllegalStateException
- if there is no session associated
with the requestboolean isRequestedSessionIdValid()
If the client did not specify any session ID, this method returns
false
.
true
if this
request has an id for a valid session
in the current session context;
false
otherwisegetRequestedSessionId()
,
getSession(boolean)
,
HttpSessionContext
boolean isRequestedSessionIdFromCookie()
Checks whether the requested session ID was conveyed to the server as an HTTP cookie.
true
if the session ID
was conveyed to the server an an HTTP
cookie; otherwise, false
getSession(boolean)
boolean isRequestedSessionIdFromURL()
Checks whether the requested session ID was conveyed to the server as part of the request URL.
true
if the session ID was conveyed to the
server as part of a URL; otherwise,
false
getSession(boolean)
@Deprecated boolean isRequestedSessionIdFromUrl()
isRequestedSessionIdFromURL()
instead.true
if the session ID was conveyed to the
server as part of a URL; otherwise,
false
boolean authenticate(HttpServletResponse response) throws IOException, ServletException
ServletContext
to authenticate the user making
this request.
This method may modify and commit the argument
HttpServletResponse
.
response
- The HttpServletResponse
associated with this HttpServletRequest
true
when non-null values were or have been
established as the values returned by getUserPrincipal
,
getRemoteUser
, and getAuthType
. Return
false
if authentication is incomplete and the underlying
login mechanism has committed, in the response, the message (e.g.,
challenge) and HTTP status code to be returned to the user.IOException
- if an input or output error occurred while
reading from this request or writing to the given responseIllegalStateException
- if the login mechanism attempted to
modify the response and it was already committedServletException
- if the authentication failed and
the caller is responsible for handling the error (i.e., the
underlying login mechanism did NOT establish the message and
HTTP status code to be returned to the user)void login(String username, String password) throws ServletException
ServletContext
.
This method returns without throwing a ServletException
when the login mechanism configured for the ServletContext
supports username password validation, and when, at the time of the
call to login, the identity of the caller of the request had
not been established (i.e, all of getUserPrincipal
,
getRemoteUser
, and getAuthType
return null),
and when validation of the provided credentials is successful.
Otherwise, this method throws a ServletException
as
described below.
When this method returns without throwing an exception, it must
have established non-null values as the values returned by
getUserPrincipal
, getRemoteUser
, and
getAuthType
.
username
- The String
value corresponding to
the login identifier of the user.password
- The password String
corresponding
to the identified user.ServletException
- if the configured login mechanism
does not support username
password authentication, or if a
non-null caller identity had
already been established (prior
to the call to login), or if
validation of the provided
username and password fails.void logout() throws ServletException
null
as the value returned when
getUserPrincipal
, getRemoteUser
,
and getAuthType
is called on the request.ServletException
- if logout failsCollection<Part> getParts() throws IOException, ServletException
Part
components of this request, provided
that it is of type multipart/form-data
.
If this request is of type multipart/form-data
, but
does not contain any Part
components, the returned
Collection
will be empty.
Any changes to the returned Collection
must not
affect this HttpServletRequest
.
Collection
of the
Part
components of this requestIOException
- if an I/O error occurred during the retrieval
of the Part
components of this requestServletException
- if this request is not of type
multipart/form-data
IllegalStateException
- if the request body is larger than
maxRequestSize
, or any Part
in the
request is larger than maxFileSize
, or there is no
@MultipartConfig
or multipart-config
in
deployment descriptorsMultipartConfig.maxFileSize()
,
MultipartConfig.maxRequestSize()
Part getPart(String name) throws IOException, ServletException
Part
with the given name.name
- the name of the requested Part
Part
with the given name, or
null
if this request is of type
multipart/form-data
, but does not
contain the requested Part
IOException
- if an I/O error occurred during the retrieval
of the requested Part
ServletException
- if this request is not of type
multipart/form-data
IllegalStateException
- if the request body is larger than
maxRequestSize
, or any Part
in the
request is larger than maxFileSize
, or there is no
@MultipartConfig
or multipart-config
in
deployment descriptorsMultipartConfig.maxFileSize()
,
MultipartConfig.maxRequestSize()
<T extends HttpUpgradeHandler> T upgrade(Class<T> handlerClass) throws IOException, ServletException
HttpUpgradeHandler
for a given
class and uses it for the http protocol upgrade processing.T
- The Class
, which extends HttpUpgradeHandler
, of the handlerClass
.handlerClass
- The HttpUpgradeHandler
class used for the upgrade.HttpUpgradeHandler
IOException
- if an I/O error occurred during the upgradeServletException
- if the given handlerClass
fails to
be instantiatedHttpUpgradeHandler
,
WebConnection
default Map<String,String> getTrailerFields()
The returned map is not backed by the HttpServletRequest
object,
so changes in the returned map are not reflected in the
HttpServletRequest
object, and vice-versa.
isTrailerFieldsReady()
should be called first to determine
if it is safe to call this method without causing an exception.
isTrailerFieldsReady()
is returning true,
the empty map is returned.IllegalStateException
- if isTrailerFieldsReady()
is falsedefault boolean isTrailerFieldsReady()
getTrailerFields()
.
This methods returns true immediately if it is known that there is no
trailer in the request, for instance, the underlying protocol (such
as HTTP 1.0) does not supports the trailer fields, or the request is
not in chunked encoding in HTTP 1.1.
And the method also returns true if both of the following conditions
are satisfied:
ServletRequest.getReader()
or ServletRequest.getInputStream()
.
Copyright © 1996-2017, Oracle and/or its affiliates. All Rights Reserved. Use is subject to license terms.