/*
* Copyright (c) 1997-2018 Oracle and/or its affiliates. All rights reserved.
* Copyright 2004 The Apache Software Foundation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package javax.servlet.http;
import java.io.IOException;
import java.util.*;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
Extends the ServletRequest
interface to provide request information for HTTP servlets. The servlet container creates an HttpServletRequest
object and passes it as an argument to the servlet's service
methods (doGet
, doPost
, etc).
Author: Various
/**
*
* Extends the {@link javax.servlet.ServletRequest} interface to provide
* request information for HTTP servlets.
*
* <p>The servlet container creates an <code>HttpServletRequest</code>
* object and passes it as an argument to the servlet's service
* methods (<code>doGet</code>, <code>doPost</code>, etc).
*
*
* @author Various
*/
public interface HttpServletRequest extends ServletRequest {
String identifier for Basic authentication. Value "BASIC"
/**
* String identifier for Basic authentication. Value "BASIC"
*/
public static final String BASIC_AUTH = "BASIC";
String identifier for Form authentication. Value "FORM"
/**
* String identifier for Form authentication. Value "FORM"
*/
public static final String FORM_AUTH = "FORM";
String identifier for Client Certificate authentication. Value "CLIENT_CERT"
/**
* String identifier for Client Certificate authentication. Value "CLIENT_CERT"
*/
public static final String CLIENT_CERT_AUTH = "CLIENT_CERT";
String identifier for Digest authentication. Value "DIGEST"
/**
* String identifier for Digest authentication. Value "DIGEST"
*/
public static final String DIGEST_AUTH = "DIGEST";
Returns the name of the authentication scheme used to protect
the servlet. All servlet containers support basic, form and client
certificate authentication, and may additionally support digest
authentication.
If the servlet is not authenticated null
is returned.
Same as the value of the CGI variable AUTH_TYPE.
Returns: one of the static members BASIC_AUTH,
FORM_AUTH, CLIENT_CERT_AUTH, DIGEST_AUTH
(suitable for == comparison) or
the container-specific string indicating
the authentication scheme, or
null
if the request was
not authenticated.
/**
* Returns the name of the authentication scheme used to protect
* the servlet. All servlet containers support basic, form and client
* certificate authentication, and may additionally support digest
* authentication.
* If the servlet is not authenticated <code>null</code> is returned.
*
* <p>Same as the value of the CGI variable AUTH_TYPE.
*
* @return one of the static members BASIC_AUTH,
* FORM_AUTH, CLIENT_CERT_AUTH, DIGEST_AUTH
* (suitable for == comparison) or
* the container-specific string indicating
* the authentication scheme, or
* <code>null</code> if the request was
* not authenticated.
*/
public String getAuthType();
Returns an array containing all of the Cookie
objects the client sent with this request.
This method returns null
if no cookies were sent.
Returns: an array of all the Cookies
included with this request, or null
if the request has no cookies
/**
* Returns an array containing all of the <code>Cookie</code>
* objects the client sent with this request.
* This method returns <code>null</code> if no cookies were sent.
*
* @return an array of all the <code>Cookies</code>
* included with this request, or <code>null</code>
* if the request has no cookies
*/
public Cookie[] getCookies();
Returns the value of the specified request header
as a long
value that represents a
Date
object. Use this method with
headers that contain dates, such as
If-Modified-Since
.
The date is returned as
the number of milliseconds since January 1, 1970 GMT.
The header name is case insensitive.
If the request did not have a header of the
specified name, this method returns -1. If the header
can't be converted to a date, the method throws
an IllegalArgumentException
.
Params: - name – a
String
specifying the
name of the header
Throws: - IllegalArgumentException – If the header value
can't be converted
to a date
Returns: a long
value
representing the date specified
in the header expressed as
the number of milliseconds
since January 1, 1970 GMT,
or -1 if the named header
was not included with the
request
/**
* Returns the value of the specified request header
* as a <code>long</code> value that represents a
* <code>Date</code> object. Use this method with
* headers that contain dates, such as
* <code>If-Modified-Since</code>.
*
* <p>The date is returned as
* the number of milliseconds since January 1, 1970 GMT.
* The header name is case insensitive.
*
* <p>If the request did not have a header of the
* specified name, this method returns -1. If the header
* can't be converted to a date, the method throws
* an <code>IllegalArgumentException</code>.
*
* @param name a <code>String</code> specifying the
* name of the header
*
* @return a <code>long</code> value
* representing the date specified
* in the header expressed as
* the number of milliseconds
* since January 1, 1970 GMT,
* or -1 if the named header
* was not included with the
* request
*
* @exception IllegalArgumentException If the header value
* can't be converted
* to a date
*/
public long getDateHeader(String name);
Returns the value of the specified request header
as a String
. If the request did not include a header
of the specified name, this method returns null
.
If there are multiple headers with the same name, this method
returns the first head in the request.
The header name is case insensitive. You can use
this method with any request header.
Params: - name – a
String
specifying the
header name
Returns: a String
containing the
value of the requested
header, or null
if the request does not
have a header of that name
/**
* Returns the value of the specified request header
* as a <code>String</code>. If the request did not include a header
* of the specified name, this method returns <code>null</code>.
* If there are multiple headers with the same name, this method
* returns the first head in the request.
* The header name is case insensitive. You can use
* this method with any request header.
*
* @param name a <code>String</code> specifying the
* header name
*
* @return a <code>String</code> containing the
* value of the requested
* header, or <code>null</code>
* if the request does not
* have a header of that name
*/
public String getHeader(String name);
Returns all the values of the specified request header
as an Enumeration
of String
objects.
Some headers, such as Accept-Language
can be sent
by clients as several headers each with a different value rather than
sending the header as a comma separated list.
If the request did not include any headers
of the specified name, this method returns an empty
Enumeration
.
The header name is case insensitive. You can use
this method with any request header.
Params: - name – a
String
specifying the
header name
Returns: an Enumeration
containing
the values of the requested header. If
the request does not have any headers of
that name return an empty
enumeration. If
the container does not allow access to
header information, return null
/**
* Returns all the values of the specified request header
* as an <code>Enumeration</code> of <code>String</code> objects.
*
* <p>Some headers, such as <code>Accept-Language</code> can be sent
* by clients as several headers each with a different value rather than
* sending the header as a comma separated list.
*
* <p>If the request did not include any headers
* of the specified name, this method returns an empty
* <code>Enumeration</code>.
* The header name is case insensitive. You can use
* this method with any request header.
*
* @param name a <code>String</code> specifying the
* header name
*
* @return an <code>Enumeration</code> containing
* the values of the requested header. If
* the request does not have any headers of
* that name return an empty
* enumeration. If
* the container does not allow access to
* header information, return null
*/
public Enumeration<String> getHeaders(String name);
Returns an enumeration of all the header names
this request contains. If the request has no
headers, this method returns an empty enumeration.
Some servlet containers do not allow
servlets to access headers using this method, in
which case this method returns null
Returns: an enumeration of all the
header names sent with this
request; if the request has
no headers, an empty enumeration;
if the servlet container does not
allow servlets to use this method,
null
/**
* Returns an enumeration of all the header names
* this request contains. If the request has no
* headers, this method returns an empty enumeration.
*
* <p>Some servlet containers do not allow
* servlets to access headers using this method, in
* which case this method returns <code>null</code>
*
* @return an enumeration of all the
* header names sent with this
* request; if the request has
* no headers, an empty enumeration;
* if the servlet container does not
* allow servlets to use this method,
* <code>null</code>
*/
public Enumeration<String> getHeaderNames();
Returns the value of the specified request header
as an int
. If the request does not have a header
of the specified name, this method returns -1. If the
header cannot be converted to an integer, this method
throws a NumberFormatException
.
The header name is case insensitive.
Params: - name – a
String
specifying the name
of a request header
Throws: - NumberFormatException – If the header value
can't be converted
to an
int
Returns: an integer expressing the value
of the request header or -1
if the request doesn't have a
header of this name
/**
* Returns the value of the specified request header
* as an <code>int</code>. If the request does not have a header
* of the specified name, this method returns -1. If the
* header cannot be converted to an integer, this method
* throws a <code>NumberFormatException</code>.
*
* <p>The header name is case insensitive.
*
* @param name a <code>String</code> specifying the name
* of a request header
*
* @return an integer expressing the value
* of the request header or -1
* if the request doesn't have a
* header of this name
*
* @exception NumberFormatException If the header value
* can't be converted
* to an <code>int</code>
*/
public int getIntHeader(String name);
Return the HttpServletMapping
by which the HttpServlet
for this HttpServletRequest
was invoked. The mappings for any applicable Filter
s are not indicated in the result. If the currently active Servlet
invocation was obtained by a call to ServletRequest.getRequestDispatcher
followed by a call to RequestDispatcher.forward
, the returned
HttpServletMapping
is the one corresponding to the path used to obtain the RequestDispatcher
. If the currently active Servlet
invocation was obtained by a call to ServletRequest.getRequestDispatcher
followed by a call to RequestDispatcher.include
, the returned
HttpServletMapping
is the one corresponding to the path that caused the first Servlet
in the invocation sequence to be invoked. If the currently active Servlet
invocation was obtained by a call to AsyncContext.dispatch
, the returned
HttpServletMapping
is the one corresponding to the path that caused the first Servlet
in the invocation sequence to be invoked. See RequestDispatcher.FORWARD_MAPPING
, RequestDispatcher.INCLUDE_MAPPING
and AsyncContext.ASYNC_MAPPING
for additional request attributes related to HttpServletMapping
. If the currently active Servlet
invocation was obtained by a call to ServletContext.getNamedDispatcher
, the returned HttpServletMapping
is the one corresponding to the path for the mapping last applied to this request.
The returned object is immutable. Servlet 4.0 compliant
implementations must override this method.
Implementation Requirements: The default implementation returns a
HttpServletMapping
that returns the empty string for the match value, pattern and servlet name and null
for the match type. Returns: An instance of HttpServletMapping
describing the manner in which the current request was invoked. Since: 4.0
/**
* <p>Return the {@link HttpServletMapping} by which the {@link
* HttpServlet} for this {@code HttpServletRequest} was invoked.
* The mappings for any applicable {@link javax.servlet.Filter}s are
* not indicated in the result. If the currently active {@link
* javax.servlet.Servlet} invocation was obtained by a call to
* {@link ServletRequest#getRequestDispatcher} followed by a call to
* {@link RequestDispatcher#forward}, the returned {@code
* HttpServletMapping} is the one corresponding to the path used to
* obtain the {@link RequestDispatcher}. If the currently active
* {@code Servlet} invocation was obtained by a call to {@link
* ServletRequest#getRequestDispatcher} followed by a call to {@link
* RequestDispatcher#include}, the returned {@code
* HttpServletMapping} is the one corresponding to the path that
* caused the first {@code Servlet} in the invocation sequence to be
* invoked. If the currently active {@code Servlet} invocation was
* obtained by a call to {@link
* javax.servlet.AsyncContext#dispatch}, the returned {@code
* HttpServletMapping} is the one corresponding to the path that
* caused the first {@code Servlet} in the invocation sequence to be
* invoked. See {@link
* javax.servlet.RequestDispatcher#FORWARD_MAPPING}, {@link
* javax.servlet.RequestDispatcher#INCLUDE_MAPPING} and {@link
* javax.servlet.AsyncContext#ASYNC_MAPPING} for additional request
* attributes related to {@code HttpServletMapping}. If the
* currently active {@code Servlet} invocation was obtained by a
* call to {@link javax.servlet.ServletContext#getNamedDispatcher},
* the returned {@code HttpServletMapping} is the one corresponding
* to the path for the mapping last applied to this request.</p>
*
* <p>The returned object is immutable. Servlet 4.0 compliant
* implementations must override this method.</p>
*
* @implSpec The default implementation returns a {@code
* HttpServletMapping} that returns the empty string for the match
* value, pattern and servlet name and {@code null} for the match
* type.
*
* @return An instance of {@code HttpServletMapping} describing the manner in which
* the current request was invoked.
*
* @since 4.0
*/
default public HttpServletMapping getHttpServletMapping() {
return new HttpServletMapping() {
@Override
public String getMatchValue() {
return "";
}
@Override
public String getPattern() {
return "";
}
@Override
public String getServletName() {
return "";
}
@Override
public MappingMatch getMappingMatch() {
return null;
}
@Override
public String toString() {
return "MappingImpl{" + "matchValue=" + getMatchValue()
+ ", pattern=" + getPattern() + ", servletName="
+ getServletName() + ", mappingMatch=" + getMappingMatch()
+ "} HttpServletRequest {" + HttpServletRequest.this.toString()
+ '}';
}
};
}
Returns the name of the HTTP method with which this
request was made, for example, GET, POST, or PUT.
Same as the value of the CGI variable REQUEST_METHOD.
Returns: a String
specifying the name
of the method with which
this request was made
/**
* Returns the name of the HTTP method with which this
* request was made, for example, GET, POST, or PUT.
* Same as the value of the CGI variable REQUEST_METHOD.
*
* @return a <code>String</code>
* specifying the name
* of the method with which
* this request was made
*/
public String getMethod();
Returns any extra path information associated with
the URL the client sent when it made this request.
The extra path information follows the servlet path
but precedes the query string and will start with
a "/" character.
This method returns null
if there
was no extra path information.
Same as the value of the CGI variable PATH_INFO.
Returns: a String
, decoded by the
web container, specifying
extra path information that comes
after the servlet path but before
the query string in the request URL;
or null
if the URL does not have
any extra path information
/**
* Returns any extra path information associated with
* the URL the client sent when it made this request.
* The extra path information follows the servlet path
* but precedes the query string and will start with
* a "/" character.
*
* <p>This method returns <code>null</code> if there
* was no extra path information.
*
* <p>Same as the value of the CGI variable PATH_INFO.
*
* @return a <code>String</code>, decoded by the
* web container, specifying
* extra path information that comes
* after the servlet path but before
* the query string in the request URL;
* or <code>null</code> if the URL does not have
* any extra path information
*/
public String getPathInfo();
Returns any extra path information after the servlet name
but before the query string, and translates it to a real
path. Same as the value of the CGI variable PATH_TRANSLATED.
If the URL does not have any extra path information,
this method returns null
or the servlet container
cannot translate the virtual path to a real path for any reason
(such as when the web application is executed from an archive).
The web container does not decode this string.
Returns: a String
specifying the
real path, or null
if
the URL does not have any extra path
information
/**
* Returns any extra path information after the servlet name
* but before the query string, and translates it to a real
* path. Same as the value of the CGI variable PATH_TRANSLATED.
*
* <p>If the URL does not have any extra path information,
* this method returns <code>null</code> or the servlet container
* cannot translate the virtual path to a real path for any reason
* (such as when the web application is executed from an archive).
*
* The web container does not decode this string.
*
* @return a <code>String</code> specifying the
* real path, or <code>null</code> if
* the URL does not have any extra path
* information
*/
public String getPathTranslated();
Instantiates a new instance of PushBuilder
for issuing server push responses from the current request. This method returns null if the current connection does not support server push, or server push has been disabled by the client via a SETTINGS_ENABLE_PUSH
settings frame value of 0
(zero). Implementation Requirements:
The default implementation returns null. Returns: a PushBuilder
for issuing server push responses from the current request, or null if push is not supported Since: Servlet 4.0
/**
* Instantiates a new instance of {@link PushBuilder} for issuing server
* push responses from the current request. This method returns null
* if the current connection does not support server push, or server
* push has been disabled by the client via a
* {@code SETTINGS_ENABLE_PUSH} settings frame value of {@code 0} (zero).
*
* @implSpec
* The default implementation returns null.
*
* @return a {@link PushBuilder} for issuing server push responses
* from the current request, or null if push is not supported
*
* @since Servlet 4.0
*/
default public PushBuilder newPushBuilder() {
return null;
}
Returns the portion of the request URI that indicates the context
of the request. The context path always comes first in a request
URI. The path starts with a "/" character but does not end with a "/"
character. For servlets in the default (root) context, this method
returns "". The container does not decode this string.
It is possible that a servlet container may match a context by more than one context path. In such cases this method will return the actual context path used by the request and it may differ from the path returned by the ServletContext.getContextPath()
method. The context path returned by ServletContext.getContextPath()
should be considered as the prime or preferred context path of the application.
See Also: Returns: a String
specifying the
portion of the request URI that indicates the context
of the request
/**
* Returns the portion of the request URI that indicates the context
* of the request. The context path always comes first in a request
* URI. The path starts with a "/" character but does not end with a "/"
* character. For servlets in the default (root) context, this method
* returns "". The container does not decode this string.
*
* <p>It is possible that a servlet container may match a context by
* more than one context path. In such cases this method will return the
* actual context path used by the request and it may differ from the
* path returned by the
* {@link javax.servlet.ServletContext#getContextPath()} method.
* The context path returned by
* {@link javax.servlet.ServletContext#getContextPath()}
* should be considered as the prime or preferred context path of the
* application.
*
* @return a <code>String</code> specifying the
* portion of the request URI that indicates the context
* of the request
*
* @see javax.servlet.ServletContext#getContextPath()
*/
public String getContextPath();
Returns the query string that is contained in the request
URL after the path. This method returns null
if the URL does not have a query string. Same as the value
of the CGI variable QUERY_STRING.
Returns: a String
containing the query
string or null
if the URL
contains no query string. The value is not
decoded by the container.
/**
* Returns the query string that is contained in the request
* URL after the path. This method returns <code>null</code>
* if the URL does not have a query string. Same as the value
* of the CGI variable QUERY_STRING.
*
* @return a <code>String</code> containing the query
* string or <code>null</code> if the URL
* contains no query string. The value is not
* decoded by the container.
*/
public String getQueryString();
Returns the login of the user making this request, if the
user has been authenticated, or null
if the user
has not been authenticated.
Whether the user name is sent with each subsequent request
depends on the browser and type of authentication. Same as the
value of the CGI variable REMOTE_USER.
Returns: a String
specifying the login
of the user making this request, or null
if the user login is not known
/**
* Returns the login of the user making this request, if the
* user has been authenticated, or <code>null</code> if the user
* has not been authenticated.
* Whether the user name is sent with each subsequent request
* depends on the browser and type of authentication. Same as the
* value of the CGI variable REMOTE_USER.
*
* @return a <code>String</code> specifying the login
* of the user making this request, or <code>null</code>
* if the user login is not known
*/
public String getRemoteUser();
Returns a boolean indicating whether the authenticated user is included
in the specified logical "role". Roles and role membership can be
defined using deployment descriptors. If the user has not been
authenticated, the method returns false
.
The role name "*" should never be used as an argument in calling
isUserInRole
. Any call to isUserInRole
with
"*" must return false.
If the role-name of the security-role to be tested is "**", and
the application has NOT declared an application security-role with
role-name "**", isUserInRole
must only return true if the user has been authenticated; that is, only when getRemoteUser
and getUserPrincipal
would both return a non-null value. Otherwise, the container must check the user for membership in the application role.
Params: - role – a
String
specifying the name
of the role
Returns: a boolean
indicating whether
the user making this request belongs to a given role;
false
if the user has not been
authenticated
/**
* Returns a boolean indicating whether the authenticated user is included
* in the specified logical "role". Roles and role membership can be
* defined using deployment descriptors. If the user has not been
* authenticated, the method returns <code>false</code>.
*
* <p>The role name "*" should never be used as an argument in calling
* <code>isUserInRole</code>. Any call to <code>isUserInRole</code> with
* "*" must return false.
* If the role-name of the security-role to be tested is "**", and
* the application has NOT declared an application security-role with
* role-name "**", <code>isUserInRole</code> must only return true if
* the user has been authenticated; that is, only when
* {@link #getRemoteUser} and {@link #getUserPrincipal} would both return
* a non-null value. Otherwise, the container must check
* the user for membership in the application role.
*
* @param role a <code>String</code> specifying the name
* of the role
*
* @return a <code>boolean</code> indicating whether
* the user making this request belongs to a given role;
* <code>false</code> if the user has not been
* authenticated
*/
public boolean isUserInRole(String role);
Returns a java.security.Principal
object containing
the name of the current authenticated user. If the user has not been
authenticated, the method returns null
.
Returns: a java.security.Principal
containing
the name of the user making this request;
null
if the user has not been
authenticated
/**
* Returns a <code>java.security.Principal</code> object containing
* the name of the current authenticated user. If the user has not been
* authenticated, the method returns <code>null</code>.
*
* @return a <code>java.security.Principal</code> containing
* the name of the user making this request;
* <code>null</code> if the user has not been
* authenticated
*/
public java.security.Principal getUserPrincipal();
Returns the session ID specified by the client. This may
not be the same as the ID of the current valid session
for this request.
If the client did not specify a session ID, this method returns
null
.
See Also: Returns: a String
specifying the session
ID, or null
if the request did
not specify a session ID
/**
* Returns the session ID specified by the client. This may
* not be the same as the ID of the current valid session
* for this request.
* If the client did not specify a session ID, this method returns
* <code>null</code>.
*
* @return a <code>String</code> specifying the session
* ID, or <code>null</code> if the request did
* not specify a session ID
*
* @see #isRequestedSessionIdValid
*/
public String getRequestedSessionId();
Returns the part of this request's URL from the protocol
name up to the query string in the first line of the HTTP request.
The web container does not decode this String.
For example:
First line of HTTP request
Returned Value
POST /some/path.html HTTP/1.1 /some/path.html
GET http://foo.bar/a.html HTTP/1.0
/a.html
HEAD /xyz?a=b HTTP/1.1 /xyz
To reconstruct an URL with a scheme and host, use HttpUtils.getRequestURL
.
See Also: Returns: a String
containing
the part of the URL from the
protocol name up to the query string
/**
* Returns the part of this request's URL from the protocol
* name up to the query string in the first line of the HTTP request.
* The web container does not decode this String.
* For example:
*
* <table summary="Examples of Returned Values">
* <tr align=left><th>First line of HTTP request </th>
* <th> Returned Value</th>
* <tr><td>POST /some/path.html HTTP/1.1<td><td>/some/path.html
* <tr><td>GET http://foo.bar/a.html HTTP/1.0
* <td><td>/a.html
* <tr><td>HEAD /xyz?a=b HTTP/1.1<td><td>/xyz
* </table>
*
* <p>To reconstruct an URL with a scheme and host, use
* {@link HttpUtils#getRequestURL}.
*
* @return a <code>String</code> containing
* the part of the URL from the
* protocol name up to the query string
*
* @see HttpUtils#getRequestURL
*/
public String getRequestURI();
Reconstructs the URL the client used to make the request.
The returned URL contains a protocol, server name, port
number, and server path, but it does not include query
string parameters.
If this request has been forwarded using RequestDispatcher.forward
, the server path in the reconstructed URL must reflect the path used to obtain the RequestDispatcher, and not the server path specified by the client.
Because this method returns a StringBuffer
,
not a string, you can modify the URL easily, for example,
to append query parameters.
This method is useful for creating redirect messages
and for reporting errors.
Returns: a StringBuffer
object containing
the reconstructed URL
/**
* Reconstructs the URL the client used to make the request.
* The returned URL contains a protocol, server name, port
* number, and server path, but it does not include query
* string parameters.
*
* <p>If this request has been forwarded using
* {@link javax.servlet.RequestDispatcher#forward}, the server path in the
* reconstructed URL must reflect the path used to obtain the
* RequestDispatcher, and not the server path specified by the client.
*
* <p>Because this method returns a <code>StringBuffer</code>,
* not a string, you can modify the URL easily, for example,
* to append query parameters.
*
* <p>This method is useful for creating redirect messages
* and for reporting errors.
*
* @return a <code>StringBuffer</code> object containing
* the reconstructed URL
*/
public StringBuffer getRequestURL();
Returns the part of this request's URL that calls
the servlet. This path starts with a "/" character
and includes either the servlet name or a path to
the servlet, but does not include any extra path
information or a query string. Same as the value of
the CGI variable SCRIPT_NAME.
This method will return an empty string ("") if the
servlet used to process this request was matched using
the "/*" pattern.
Returns: a String
containing
the name or path of the servlet being
called, as specified in the request URL,
decoded, or an empty string if the servlet
used to process the request is matched
using the "/*" pattern.
/**
* Returns the part of this request's URL that calls
* the servlet. This path starts with a "/" character
* and includes either the servlet name or a path to
* the servlet, but does not include any extra path
* information or a query string. Same as the value of
* the CGI variable SCRIPT_NAME.
*
* <p>This method will return an empty string ("") if the
* servlet used to process this request was matched using
* the "/*" pattern.
*
* @return a <code>String</code> containing
* the name or path of the servlet being
* called, as specified in the request URL,
* decoded, or an empty string if the servlet
* used to process the request is matched
* using the "/*" pattern.
*/
public String getServletPath();
Returns the current HttpSession
associated with this request or, if there is no
current session and create
is true, returns
a new session.
If create
is false
and the request has no valid HttpSession
,
this method returns null
.
To make sure the session is properly maintained,
you must call this method before
the response is committed. If the container is using cookies
to maintain session integrity and is asked to create a new session
when the response is committed, an IllegalStateException is thrown.
Params: - create –
true
to create
a new session for this request if necessary;
false
to return null
if there's no current session
See Also: Returns: the HttpSession
associated
with this request or null
if
create
is false
and the request has no valid session
/**
* Returns the current <code>HttpSession</code>
* associated with this request or, if there is no
* current session and <code>create</code> is true, returns
* a new session.
*
* <p>If <code>create</code> is <code>false</code>
* and the request has no valid <code>HttpSession</code>,
* this method returns <code>null</code>.
*
* <p>To make sure the session is properly maintained,
* you must call this method before
* the response is committed. If the container is using cookies
* to maintain session integrity and is asked to create a new session
* when the response is committed, an IllegalStateException is thrown.
*
* @param create <code>true</code> to create
* a new session for this request if necessary;
* <code>false</code> to return <code>null</code>
* if there's no current session
*
* @return the <code>HttpSession</code> associated
* with this request or <code>null</code> if
* <code>create</code> is <code>false</code>
* and the request has no valid session
*
* @see #getSession()
*/
public HttpSession getSession(boolean create);
Returns the current session associated with this request,
or if the request does not have a session, creates one.
See Also: Returns: the HttpSession
associated
with this request
/**
* Returns the current session associated with this request,
* or if the request does not have a session, creates one.
*
* @return the <code>HttpSession</code> associated
* with this request
*
* @see #getSession(boolean)
*/
public HttpSession getSession();
Change the session id of the current session associated with this
request and return the new session id.
Throws: - IllegalStateException – if there is no session associated
with the request
Returns: the new session id Since: Servlet 3.1
/**
* Change the session id of the current session associated with this
* request and return the new session id.
*
* @return the new session id
*
* @throws IllegalStateException if there is no session associated
* with the request
*
* @since Servlet 3.1
*/
public String changeSessionId();
Checks whether the requested session ID is still valid.
If the client did not specify any session ID, this method returns
false
.
See Also: Returns: true
if this
request has an id for a valid session
in the current session context;
false
otherwise
/**
* Checks whether the requested session ID is still valid.
*
* <p>If the client did not specify any session ID, this method returns
* <code>false</code>.
*
* @return <code>true</code> if this
* request has an id for a valid session
* in the current session context;
* <code>false</code> otherwise
*
* @see #getRequestedSessionId
* @see #getSession
* @see HttpSessionContext
*/
public boolean isRequestedSessionIdValid();
Checks whether the requested session ID was conveyed to the
server as an HTTP cookie.
See Also: Returns: true
if the session ID
was conveyed to the server an an HTTP
cookie; otherwise, false
/**
* <p>Checks whether the requested session ID was conveyed to the
* server as an HTTP cookie.</p>
*
* @return <code>true</code> if the session ID
* was conveyed to the server an an HTTP
* cookie; otherwise, <code>false</code>
*
* @see #getSession
*/
public boolean isRequestedSessionIdFromCookie();
Checks whether the requested session ID was conveyed to the
server as part of the request URL.
See Also: Returns: true
if the session ID was conveyed to the
server as part of a URL; otherwise,
false
/**
* <p>Checks whether the requested session ID was conveyed to the
* server as part of the request URL.</p>
*
* @return <code>true</code> if the session ID was conveyed to the
* server as part of a URL; otherwise,
* <code>false</code>
*
* @see #getSession
*/
public boolean isRequestedSessionIdFromURL();
Deprecated: As of Version 2.1 of the Java Servlet API, use isRequestedSessionIdFromURL
instead. Returns: true
if the session ID was conveyed to the
server as part of a URL; otherwise,
false
/**
* @deprecated As of Version 2.1 of the Java Servlet
* API, use {@link #isRequestedSessionIdFromURL}
* instead.
*
* @return <code>true</code> if the session ID was conveyed to the
* server as part of a URL; otherwise,
* <code>false</code>
*/
@Deprecated
public boolean isRequestedSessionIdFromUrl();
Use the container login mechanism configured for the
ServletContext
to authenticate the user making
this request.
This method may modify and commit the argument
HttpServletResponse
.
Params: - response – The
HttpServletResponse
associated with this HttpServletRequest
Throws: - IOException – if an input or output error occurred while
reading from this request or writing to the given response
- IllegalStateException – if the login mechanism attempted to
modify the response and it was already committed
- ServletException – if the authentication failed and
the caller is responsible for handling the error (i.e., the
underlying login mechanism did NOT establish the message and
HTTP status code to be returned to the user)
Returns: true
when non-null values were or have been
established as the values returned by getUserPrincipal
,
getRemoteUser
, and getAuthType
. Return
false
if authentication is incomplete and the underlying
login mechanism has committed, in the response, the message (e.g.,
challenge) and HTTP status code to be returned to the user.Since: Servlet 3.0
/**
* Use the container login mechanism configured for the
* <code>ServletContext</code> to authenticate the user making
* this request.
*
* <p>This method may modify and commit the argument
* <code>HttpServletResponse</code>.
*
* @param response The <code>HttpServletResponse</code>
* associated with this <code>HttpServletRequest</code>
*
* @return <code>true</code> when non-null values were or have been
* established as the values returned by <code>getUserPrincipal</code>,
* <code>getRemoteUser</code>, and <code>getAuthType</code>. Return
* <code>false</code> if authentication is incomplete and the underlying
* login mechanism has committed, in the response, the message (e.g.,
* challenge) and HTTP status code to be returned to the user.
*
* @throws IOException if an input or output error occurred while
* reading from this request or writing to the given response
*
* @throws IllegalStateException if the login mechanism attempted to
* modify the response and it was already committed
*
* @throws ServletException if the authentication failed and
* the caller is responsible for handling the error (i.e., the
* underlying login mechanism did NOT establish the message and
* HTTP status code to be returned to the user)
*
* @since Servlet 3.0
*/
public boolean authenticate(HttpServletResponse response)
throws IOException,ServletException;
Validate the provided username and password in the password validation
realm used by the web container login mechanism configured for the
ServletContext
.
This method returns without throwing a ServletException
when the login mechanism configured for the ServletContext
supports username password validation, and when, at the time of the
call to login, the identity of the caller of the request had
not been established (i.e, all of getUserPrincipal
,
getRemoteUser
, and getAuthType
return null),
and when validation of the provided credentials is successful.
Otherwise, this method throws a ServletException
as
described below.
When this method returns without throwing an exception, it must
have established non-null values as the values returned by
getUserPrincipal
, getRemoteUser
, and
getAuthType
.
Params: - username – The
String
value corresponding to
the login identifier of the user. - password – The password
String
corresponding
to the identified user.
Throws: - ServletException – if the configured login mechanism
does not support username
password authentication, or if a
non-null caller identity had
already been established (prior
to the call to login), or if
validation of the provided
username and password fails.
Since: Servlet 3.0
/**
* Validate the provided username and password in the password validation
* realm used by the web container login mechanism configured for the
* <code>ServletContext</code>.
*
* <p>This method returns without throwing a <code>ServletException</code>
* when the login mechanism configured for the <code>ServletContext</code>
* supports username password validation, and when, at the time of the
* call to login, the identity of the caller of the request had
* not been established (i.e, all of <code>getUserPrincipal</code>,
* <code>getRemoteUser</code>, and <code>getAuthType</code> return null),
* and when validation of the provided credentials is successful.
* Otherwise, this method throws a <code>ServletException</code> as
* described below.
*
* <p>When this method returns without throwing an exception, it must
* have established non-null values as the values returned by
* <code>getUserPrincipal</code>, <code>getRemoteUser</code>, and
* <code>getAuthType</code>.
*
* @param username The <code>String</code> value corresponding to
* the login identifier of the user.
*
* @param password The password <code>String</code> corresponding
* to the identified user.
*
* @exception ServletException if the configured login mechanism
* does not support username
* password authentication, or if a
* non-null caller identity had
* already been established (prior
* to the call to login), or if
* validation of the provided
* username and password fails.
*
* @since Servlet 3.0
*/
public void login(String username, String password)
throws ServletException;
Establish null
as the value returned when
getUserPrincipal
, getRemoteUser
,
and getAuthType
is called on the request.
Throws: - ServletException – if logout fails
Since: Servlet 3.0
/**
* Establish <code>null</code> as the value returned when
* <code>getUserPrincipal</code>, <code>getRemoteUser</code>,
* and <code>getAuthType</code> is called on the request.
*
* @exception ServletException if logout fails
*
* @since Servlet 3.0
*/
public void logout() throws ServletException;
Gets all the Part
components of this request, provided that it is of type multipart/form-data
.
If this request is of type multipart/form-data
, but
does not contain any Part
components, the returned
Collection
will be empty.
Any changes to the returned Collection
must not
affect this HttpServletRequest
.
Throws: - IOException – if an I/O error occurred during the retrieval of the
Part
components of this request - ServletException – if this request is not of type
multipart/form-data
- IllegalStateException – if the request body is larger than
maxRequestSize
, or any Part
in the
request is larger than maxFileSize
, or there is no
@MultipartConfig
or multipart-config
in
deployment descriptors
See Also: Returns: a (possibly empty) Collection
of the
Part
components of this request Since: Servlet 3.0
/**
* Gets all the {@link Part} components of this request, provided
* that it is of type <code>multipart/form-data</code>.
*
* <p>If this request is of type <code>multipart/form-data</code>, but
* does not contain any <code>Part</code> components, the returned
* <code>Collection</code> will be empty.
*
* <p>Any changes to the returned <code>Collection</code> must not
* affect this <code>HttpServletRequest</code>.
*
* @return a (possibly empty) <code>Collection</code> of the
* <code>Part</code> components of this request
*
* @throws IOException if an I/O error occurred during the retrieval
* of the {@link Part} components of this request
*
* @throws ServletException if this request is not of type
* <code>multipart/form-data</code>
*
* @throws IllegalStateException if the request body is larger than
* <code>maxRequestSize</code>, or any <code>Part</code> in the
* request is larger than <code>maxFileSize</code>, or there is no
* <code>@MultipartConfig</code> or <code>multipart-config</code> in
* deployment descriptors
*
* @see javax.servlet.annotation.MultipartConfig#maxFileSize
* @see javax.servlet.annotation.MultipartConfig#maxRequestSize
*
* @since Servlet 3.0
*/
public Collection<Part> getParts() throws IOException, ServletException;
Gets the Part
with the given name. Params: - name – the name of the requested
Part
Throws: - IOException – if an I/O error occurred during the retrieval
of the requested
Part
- ServletException – if this request is not of type
multipart/form-data
- IllegalStateException – if the request body is larger than
maxRequestSize
, or any Part
in the
request is larger than maxFileSize
, or there is no
@MultipartConfig
or multipart-config
in
deployment descriptors
See Also: Returns: The Part
with the given name, or
null
if this request is of type
multipart/form-data
, but does not
contain the requested Part
Since: Servlet 3.0
/**
* Gets the {@link Part} with the given name.
*
* @param name the name of the requested <code>Part</code>
*
* @return The <code>Part</code> with the given name, or
* <code>null</code> if this request is of type
* <code>multipart/form-data</code>, but does not
* contain the requested <code>Part</code>
*
* @throws IOException if an I/O error occurred during the retrieval
* of the requested <code>Part</code>
* @throws ServletException if this request is not of type
* <code>multipart/form-data</code>
* @throws IllegalStateException if the request body is larger than
* <code>maxRequestSize</code>, or any <code>Part</code> in the
* request is larger than <code>maxFileSize</code>, or there is no
* <code>@MultipartConfig</code> or <code>multipart-config</code> in
* deployment descriptors
*
* @see javax.servlet.annotation.MultipartConfig#maxFileSize
* @see javax.servlet.annotation.MultipartConfig#maxRequestSize
*
* @since Servlet 3.0
*/
public Part getPart(String name) throws IOException, ServletException;
Creates an instance of HttpUpgradeHandler
for a given
class and uses it for the http protocol upgrade processing.
Params: - handlerClass – The
HttpUpgradeHandler
class used for the upgrade.
Type parameters: - <T> – The
Class
, which extends HttpUpgradeHandler
, of the handlerClass
.
Throws: - IOException – if an I/O error occurred during the upgrade
- ServletException – if the given
handlerClass
fails to
be instantiated
See Also: Returns: an instance of the HttpUpgradeHandler
Since: Servlet 3.1
/**
* Creates an instance of <code>HttpUpgradeHandler</code> for a given
* class and uses it for the http protocol upgrade processing.
*
* @param <T> The {@code Class}, which extends {@link
* HttpUpgradeHandler}, of the {@code handlerClass}.
* @param handlerClass The <code>HttpUpgradeHandler</code> class used for the upgrade.
*
* @return an instance of the <code>HttpUpgradeHandler</code>
*
* @exception IOException if an I/O error occurred during the upgrade
* @exception ServletException if the given <code>handlerClass</code> fails to
* be instantiated
*
* @see javax.servlet.http.HttpUpgradeHandler
* @see javax.servlet.http.WebConnection
*
* @since Servlet 3.1
*/
public <T extends HttpUpgradeHandler> T upgrade(Class<T> handlerClass)
throws IOException, ServletException;
Get the request trailer fields.
The returned map is not backed by the HttpServletRequest
object, so changes in the returned map are not reflected in the HttpServletRequest
object, and vice-versa.
isTrailerFieldsReady()
should be called first to determine if it is safe to call this method without causing an exception.
Throws: - IllegalStateException – if
isTrailerFieldsReady()
is false
Implementation Requirements:
The default implementation returns an empty map. Returns: A map of trailer fields in which all the keys are in lowercase, regardless of the case they had at the protocol level. If there are no trailer fields, yet isTrailerFieldsReady
is returning true, the empty map is returned. Since: Servlet 4.0
/**
* Get the request trailer fields.
*
* <p>The returned map is not backed by the {@code HttpServletRequest} object,
* so changes in the returned map are not reflected in the
* {@code HttpServletRequest} object, and vice-versa.</p>
*
* <p>{@link #isTrailerFieldsReady()} should be called first to determine
* if it is safe to call this method without causing an exception.</p>
*
* @implSpec
* The default implementation returns an empty map.
*
* @return A map of trailer fields in which all the keys are in lowercase,
* regardless of the case they had at the protocol level. If there are no
* trailer fields, yet {@link #isTrailerFieldsReady} is returning true,
* the empty map is returned.
*
* @throws IllegalStateException if {@link #isTrailerFieldsReady()} is false
*
* @since Servlet 4.0
*/
default public Map<String, String> getTrailerFields() {
return Collections.emptyMap();
}
Return a boolean indicating whether trailer fields are ready to read using getTrailerFields
. This methods returns true immediately if it is known that there is no trailer in the request, for instance, the underlying protocol (such as HTTP 1.0) does not supports the trailer fields, or the request is not in chunked encoding in HTTP 1.1. And the method also returns true if both of the following conditions are satisfied:
- the application has read all the request data and an EOF indication has been returned from the
ServletRequest.getReader
or ServletRequest.getInputStream
. - all the trailer fields sent by the client have been received.
Note that it is possible that the client has sent no trailer fields.
Implementation Requirements:
The default implementation returns false. Returns: a boolean whether trailer fields are ready to read Since: Servlet 4.0
/**
* Return a boolean indicating whether trailer fields are ready to read
* using {@link #getTrailerFields}.
*
* This methods returns true immediately if it is known that there is no
* trailer in the request, for instance, the underlying protocol (such
* as HTTP 1.0) does not supports the trailer fields, or the request is
* not in chunked encoding in HTTP 1.1.
* And the method also returns true if both of the following conditions
* are satisfied:
* <ol type="a">
* <li> the application has read all the request data and an EOF
* indication has been returned from the {@link #getReader}
* or {@link #getInputStream}.
* <li> all the trailer fields sent by the client have been received.
* Note that it is possible that the client has sent no trailer fields.
* </ol>
*
* @implSpec
* The default implementation returns false.
*
* @return a boolean whether trailer fields are ready to read
*
* @since Servlet 4.0
*/
default public boolean isTrailerFieldsReady() {
return true;
}
}