public interface HttpServletRequest extends ServletRequest
ServletRequest
interface to provide request information for HTTP servlets.
The servlet container creates an HttpServletRequest
object and passes it as an argument to the servlet's
service methods (doGet
, doPost
, etc).
Modifier and Type | Field and Description |
---|---|
static java.lang.String |
BASIC_AUTH
String identifier for Basic authentication.
|
static java.lang.String |
CLIENT_CERT_AUTH
String identifier for Client Certificate authentication.
|
static java.lang.String |
DIGEST_AUTH
String identifier for Digest authentication.
|
static java.lang.String |
FORM_AUTH
String identifier for Form authentication.
|
Modifier and Type | Method and Description |
---|---|
boolean |
authenticate(HttpServletResponse response)
Use the container login mechanism configured for the
ServletContext to authenticate the user making this
request. |
java.lang.String |
changeSessionId()
Change the session id of the current session associated with this request and return the new session id.
|
java.lang.String |
getAuthType()
Returns the name of the authentication scheme used to protect the servlet.
|
java.lang.String |
getContextPath()
Returns the portion of the request URI that indicates the context of the request.
|
Cookie[] |
getCookies()
Returns an array containing all of the
Cookie objects the client sent with this request. |
long |
getDateHeader(java.lang.String name)
Returns the value of the specified request header as a
long value that represents a Date
object. |
java.lang.String |
getHeader(java.lang.String name)
Returns the value of the specified request header as a
String . |
java.util.Enumeration<java.lang.String> |
getHeaderNames()
Returns an enumeration of all the header names this request contains.
|
java.util.Enumeration<java.lang.String> |
getHeaders(java.lang.String name)
Returns all the values of the specified request header as an
Enumeration of String objects. |
default HttpServletMapping |
getHttpServletMapping()
Return the HttpServletMapping of the request.
|
int |
getIntHeader(java.lang.String name)
Returns the value of the specified request header as an
int . |
java.lang.String |
getMethod()
Returns the name of the HTTP method with which this request was made, for example, GET, POST, or PUT.
|
Part |
getPart(java.lang.String name)
Gets the
Part with the given name. |
java.util.Collection<Part> |
getParts()
Gets all the
Part components of this request, provided that it is of type multipart/form-data . |
java.lang.String |
getPathInfo()
Returns any extra path information associated with the URL the client sent when it made this request.
|
java.lang.String |
getPathTranslated()
Returns any extra path information after the servlet name but before the query string, and translates it to a real
path.
|
java.lang.String |
getQueryString()
Returns the query string that is contained in the request URL after the path.
|
java.lang.String |
getRemoteUser()
Returns the login of the user making this request, if the user has been authenticated, or
null if the
user has not been authenticated. |
java.lang.String |
getRequestedSessionId()
Returns the session ID specified by the client.
|
java.lang.String |
getRequestURI()
Returns the part of this request's URL from the protocol name up to the query string in the first line of the HTTP
request.
|
java.lang.StringBuffer |
getRequestURL()
Reconstructs the URL the client used to make the request.
|
java.lang.String |
getServletPath()
Returns the part of this request's URL that calls the servlet.
|
HttpSession |
getSession()
Returns the current session associated with this request, or if the request does not have a session, creates one.
|
HttpSession |
getSession(boolean create)
Returns the current
HttpSession associated with this request or, if there is no current session and
create is true, returns a new session. |
default java.util.Map<java.lang.String,java.lang.String> |
getTrailerFields()
Get the request trailer fields.
|
java.security.Principal |
getUserPrincipal()
Returns a
java.security.Principal object containing the name of the current authenticated user. |
boolean |
isRequestedSessionIdFromCookie()
Checks whether the requested session ID was conveyed to the server as an HTTP cookie.
|
boolean |
isRequestedSessionIdFromURL()
Checks whether the requested session ID was conveyed to the server as part of the request URL.
|
boolean |
isRequestedSessionIdValid()
Checks whether the requested session ID is still valid.
|
default boolean |
isTrailerFieldsReady()
Return a boolean indicating whether trailer fields are ready to read using
getTrailerFields() . |
boolean |
isUserInRole(java.lang.String role)
Returns a boolean indicating whether the authenticated user is included in the specified logical "role".
|
void |
login(java.lang.String username,
java.lang.String password)
Validate the provided username and password in the password validation realm used by the web container login
mechanism configured for the
ServletContext . |
void |
logout()
Establish
null as the value returned when getUserPrincipal , getRemoteUser , and
getAuthType is called on the request. |
default PushBuilder |
newPushBuilder()
Instantiates a new instance of
PushBuilder for issuing server push responses from the current request. |
<T extends HttpUpgradeHandler> |
upgrade(java.lang.Class<T> handlerClass)
Creates an instance of
HttpUpgradeHandler for a given class and uses it for the http protocol upgrade
processing. |
getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentLengthLong, getContentType, getDispatcherType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameter, getParameterMap, getParameterNames, getParameterValues, getProtocol, getProtocolRequestId, getReader, getRemoteAddr, getRemoteHost, getRemotePort, getRequestDispatcher, getRequestId, getScheme, getServerName, getServerPort, getServletConnection, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, removeAttribute, setAttribute, setCharacterEncoding, startAsync, startAsync
static final java.lang.String BASIC_AUTH
static final java.lang.String FORM_AUTH
static final java.lang.String CLIENT_CERT_AUTH
static final java.lang.String DIGEST_AUTH
java.lang.String getAuthType()
null
is returned.null
if the request was not
authenticated.Cookie[] getCookies()
Cookie
objects the client sent with this request. This method
returns null
if no cookies were sent.Cookies
included with this request, or null
if the request has
no cookieslong getDateHeader(java.lang.String name)
long
value that represents a Date
object. Use this method with headers that contain dates, such as If-Modified-Since
.
The date is returned as the number of milliseconds since January 1, 1970 GMT. The header name is case insensitive.
If the request did not have a header of the specified name, this method returns -1. If the header can't be converted
to a date, the method throws an IllegalArgumentException
.
name
- a String
specifying the name of the headerlong
value representing the date specified in the header expressed as the number of
milliseconds since January 1, 1970 GMT, or -1 if the named header was not included with the requestjava.lang.IllegalArgumentException
- If the header value can't be converted to a datejava.lang.String getHeader(java.lang.String name)
String
. If the request did not include a header
of the specified name, this method returns null
. If there are multiple headers with the same name, this
method returns the first head in the request. The header name is case insensitive. You can use this method with any
request header.name
- a String
specifying the header nameString
containing the value of the requested header, or null
if the request does
not have a header of that namejava.util.Enumeration<java.lang.String> getHeaders(java.lang.String name)
Enumeration
of String
objects.
Some headers, such as Accept-Language
can be sent by clients as several headers each with a different
value rather than sending the header as a comma separated list.
If the request did not include any headers of the specified name, this method returns an empty
Enumeration
. The header name is case insensitive. You can use this method with any request header.
name
- a String
specifying the header nameEnumeration
containing the values of the requested header. If the request does not have any
headers of that name return an empty enumeration. If the container does not allow access to header information,
return nulljava.util.Enumeration<java.lang.String> getHeaderNames()
Some servlet containers do not allow servlets to access headers using this method, in which case this method returns
null
null
int getIntHeader(java.lang.String name)
int
. If the request does not have a header of
the specified name, this method returns -1. If the header cannot be converted to an integer, this method throws a
NumberFormatException
.
The header name is case insensitive.
name
- a String
specifying the name of a request headerjava.lang.NumberFormatException
- If the header value can't be converted to an int
default HttpServletMapping getHttpServletMapping()
The mapping returned depends on the current DispatcherType
as obtained from
ServletRequest.getDispatcherType()
:
DispatcherType.REQUEST
, DispatcherType.ASYNC
,
DispatcherType.ERROR
Servlet
.DispatcherType.INCLUDE
RequestDispatcher.include(ServletRequest, jakarta.servlet.ServletResponse)
.
DispatcherType.FORWARD
Servlet
, unless the RequestDispatcher
was obtained via
ServletContext.getNamedDispatcher(String)
, in which case return the mapping as prior to the
current dispatch. i.e the mapping returned is changed during a call to
RequestDispatcher.forward(ServletRequest, jakarta.servlet.ServletResponse)
only if the dispatcher is not a
named dispatcher.For example:
The returned object is immutable. Servlet 4.0 compliant implementations must override this method.
HttpServletMapping
describing the manner in which the current request was invoked.java.lang.String getMethod()
String
specifying the name of the method with which this request was madejava.lang.String getPathInfo()
This method returns null
if there was no extra path information.
String
specifying extra path information that comes after the servlet path but before the
query string in the request URL; or null
if the URL does not have any extra path information. The path
will be canonicalized as per section 3.5 of the specification. This method will not return any encoded characters
unless the container is configured specifically to allow them.java.lang.IllegalArgumentException
- In standard configuration, this method will never throw. However, a container may be
configured to not reject some suspicious sequences identified by 3.5.2, furthermore the container may be configured
to allow such paths to only be accessed via safer methods like getRequestURI()
and to throw
IllegalArgumentException if this method is called for such suspicious paths.java.lang.String getPathTranslated()
If the URL does not have any extra path information, this method returns null
or the servlet container
cannot translate the virtual path to a real path for any reason (such as when the web application is executed from an
archive).
The web container does not decode this string.
String
specifying the real path, or null
if the URL does not have any extra path
informationdefault PushBuilder newPushBuilder()
PushBuilder
for issuing server push responses from the current request. This
method returns null if the current connection does not support server push, or server push has been disabled by the
client via a SETTINGS_ENABLE_PUSH
settings frame value of 0
(zero).PushBuilder
for issuing server push responses from the current request, or null if push is not
supportedjava.lang.String getContextPath()
It is possible that a servlet container may match a context by more than one context path. In such cases this method
will return the actual context path used by the request and it may differ from the path returned by the
ServletContext.getContextPath()
method. The context path returned by
ServletContext.getContextPath()
should be considered as the prime or preferred context path
of the application.
String
specifying the portion of the request URI that indicates the context of the request.
The path will be canonicalized as per section 3.5 of the specification. This method will not return any encoded
characters unless the container is configured specifically to allow them.java.lang.IllegalArgumentException
- In standard configuration, this method will never throw. However, a container may be
configured to not reject some suspicious sequences identified by 3.5.2, furthermore the container may be configured
to allow such paths to only be accessed via safer methods like getRequestURI()
and to throw
IllegalArgumentException if this method is called for such suspicious paths.ServletContext.getContextPath()
java.lang.String getQueryString()
null
if the URL does not have a query string.String
containing the query string or null
if the URL contains no query string.
The value is not decoded by the container.java.lang.String getRemoteUser()
null
if the
user has not been authenticated. Whether the user name is sent with each subsequent request depends on the browser
and type of authentication.String
specifying the login of the user making this request, or null
if the user
login is not knownboolean isUserInRole(java.lang.String role)
false
.
The role name "*" should never be used as an argument in calling isUserInRole
. Any call to
isUserInRole
with "*" must return false. If the role-name of the security-role to be tested is "**", and
the application has NOT declared an application security-role with role-name "**", isUserInRole
must
only return true if the user has been authenticated; that is, only when getRemoteUser()
and
getUserPrincipal()
would both return a non-null value. Otherwise, the container must check the user for
membership in the application role.
role
- a String
specifying the name of the roleboolean
indicating whether the user making this request belongs to a given role;
false
if the user has not been authenticatedjava.security.Principal getUserPrincipal()
java.security.Principal
object containing the name of the current authenticated user. If the
user has not been authenticated, the method returns null
.java.security.Principal
containing the name of the user making this request; null
if the user has not been authenticatedjava.lang.String getRequestedSessionId()
null
.String
specifying the session ID, or null
if the request did not specify a
session IDisRequestedSessionIdValid()
java.lang.String getRequestURI()
First line of HTTP request | Returned Value | |
---|---|---|
POST /some/path.html HTTP/1.1 | /some/path.html | |
GET http://foo.bar/a.html HTTP/1.0 | /a.html | |
HEAD /xyz?a=b HTTP/1.1 | /xyz |
String
containing the part of the URL from the protocol name up to the query stringjava.lang.StringBuffer getRequestURL()
If this request has been forwarded using RequestDispatcher.forward(jakarta.servlet.ServletRequest, jakarta.servlet.ServletResponse)
, the server path in the
reconstructed URL must reflect the path used to obtain the RequestDispatcher, and not the server path specified by
the client.
Because this method returns a StringBuffer
, not a string, you can modify the URL easily, for example, to
append query parameters.
This method is useful for creating redirect messages and for reporting errors.
StringBuffer
object containing the reconstructed URLjava.lang.String getServletPath()
This method will return an empty string ("") if the servlet used to process this request was matched using the "/*" pattern.
String
containing the path of the servlet being called, as specified in the request URL, or an
empty string if the servlet used to process the request is matched using the "/*" pattern. The path will be
canonicalized as per section 3.5 of the specification. This method will not return any encoded characters unless the
container is configured specifically to allow them.java.lang.IllegalArgumentException
- In standard configuration, this method will never throw. However, a container may be
configured to not reject some suspicious sequences identified by 3.5.2, furthermore the container may be configured
to allow such paths to only be accessed via safer methods like getRequestURI()
and to throw
IllegalArgumentException if this method is called for such suspicious paths.HttpSession getSession(boolean create)
HttpSession
associated with this request or, if there is no current session and
create
is true, returns a new session.
If create
is false
and the request has no valid HttpSession
, this method
returns null
.
To make sure the session is properly maintained, you must call this method before the response is committed. If the container is using cookies to maintain session integrity and is asked to create a new session when the response is committed, an IllegalStateException is thrown.
create
- true
to create a new session for this request if necessary; false
to return
null
if there's no current sessionHttpSession
associated with this request or null
if create
is
false
and the request has no valid sessiongetSession()
HttpSession getSession()
HttpSession
associated with this requestgetSession(boolean)
java.lang.String changeSessionId()
java.lang.IllegalStateException
- if there is no session associated with the requestboolean isRequestedSessionIdValid()
If the client did not specify any session ID, this method returns false
.
true
if this request has an id for a valid session in the current session context;
false
otherwisegetRequestedSessionId()
,
getSession(boolean)
boolean isRequestedSessionIdFromCookie()
Checks whether the requested session ID was conveyed to the server as an HTTP cookie.
true
if the session ID was conveyed to the server an an HTTP cookie; otherwise,
false
getSession(boolean)
boolean isRequestedSessionIdFromURL()
Checks whether the requested session ID was conveyed to the server as part of the request URL.
true
if the session ID was conveyed to the server as part of a URL; otherwise,
false
getSession(boolean)
boolean authenticate(HttpServletResponse response) throws java.io.IOException, ServletException
ServletContext
to authenticate the user making this
request.
This method may modify and commit the argument HttpServletResponse
.
response
- The HttpServletResponse
associated with this HttpServletRequest
true
when non-null values were or have been established as the values returned by
getUserPrincipal
, getRemoteUser
, and getAuthType
. Return false
if
authentication is incomplete and the underlying login mechanism has committed, in the response, the message (e.g.,
challenge) and HTTP status code to be returned to the user.java.io.IOException
- if an input or output error occurred while reading from this request or writing to the given
responsejava.lang.IllegalStateException
- if the login mechanism attempted to modify the response and it was already committedServletException
- if the authentication failed and the caller is responsible for handling the error (i.e., the
underlying login mechanism did NOT establish the message and HTTP status code to be returned to the user)void login(java.lang.String username, java.lang.String password) throws ServletException
ServletContext
.
This method returns without throwing a ServletException
when the login mechanism configured for the
ServletContext
supports username password validation, and when, at the time of the call to login, the
identity of the caller of the request had not been established (i.e, all of getUserPrincipal
,
getRemoteUser
, and getAuthType
return null), and when validation of the provided
credentials is successful. Otherwise, this method throws a ServletException
as described below.
When this method returns without throwing an exception, it must have established non-null values as the values
returned by getUserPrincipal
, getRemoteUser
, and getAuthType
.
username
- The String
value corresponding to the login identifier of the user.password
- The password String
corresponding to the identified user.ServletException
- if the configured login mechanism does not support username password authentication, or
if a non-null caller identity had already been established (prior to the call to login), or if validation of the
provided username and password fails.void logout() throws ServletException
null
as the value returned when getUserPrincipal
, getRemoteUser
, and
getAuthType
is called on the request.ServletException
- if logout failsjava.util.Collection<Part> getParts() throws java.io.IOException, ServletException
Part
components of this request, provided that it is of type multipart/form-data
.
If this request is of type multipart/form-data
, but does not contain any Part
components,
the returned Collection
will be empty.
Any changes to the returned Collection
must not affect this HttpServletRequest
.
Collection
of the Part
components of this requestjava.io.IOException
- if an I/O error occurred during the retrieval of the Part
components of this requestServletException
- if this request is not of type multipart/form-data
java.lang.IllegalStateException
- if the request body is larger than maxRequestSize
, or any
Part
in the request is larger than maxFileSize
, or there is no
@MultipartConfig
or multipart-config
in deployment descriptorsMultipartConfig.maxFileSize()
,
MultipartConfig.maxRequestSize()
Part getPart(java.lang.String name) throws java.io.IOException, ServletException
Part
with the given name.name
- the name of the requested Part
Part
with the given name, or null
if this request is of type
multipart/form-data
, but does not contain the requested Part
java.io.IOException
- if an I/O error occurred during the retrieval of the requested Part
ServletException
- if this request is not of type multipart/form-data
java.lang.IllegalStateException
- if the request body is larger than maxRequestSize
, or any
Part
in the request is larger than maxFileSize
, or there is no
@MultipartConfig
or multipart-config
in deployment descriptorsMultipartConfig.maxFileSize()
,
MultipartConfig.maxRequestSize()
<T extends HttpUpgradeHandler> T upgrade(java.lang.Class<T> handlerClass) throws java.io.IOException, ServletException
HttpUpgradeHandler
for a given class and uses it for the http protocol upgrade
processing.T
- The Class
, which extends HttpUpgradeHandler
, of the handlerClass
.handlerClass
- The HttpUpgradeHandler
class used for the upgrade.HttpUpgradeHandler
java.io.IOException
- if an I/O error occurred during the upgradeServletException
- if the given handlerClass
fails to be instantiatedHttpUpgradeHandler
,
WebConnection
default java.util.Map<java.lang.String,java.lang.String> getTrailerFields()
The returned map is not backed by the HttpServletRequest
object, so changes in the returned map are not
reflected in the HttpServletRequest
object, and vice-versa.
isTrailerFieldsReady()
should be called first to determine if it is safe to call this method without causing
an exception.
isTrailerFieldsReady()
is returning true, the empty map is
returned.java.lang.IllegalStateException
- if isTrailerFieldsReady()
is falsedefault boolean isTrailerFieldsReady()
getTrailerFields()
.
This methods returns true immediately if it is known that there is no trailer in the request, for instance, the
underlying protocol (such as HTTP 1.0) does not supports the trailer fields, or the request is not in chunked
encoding in HTTP 1.1. And the method also returns true if both of the following conditions are satisfied:
ServletRequest.getReader()
or ServletRequest.getInputStream()
.