- java.lang.Object
-
- jakarta.servlet.GenericServlet
-
- jakarta.servlet.http.HttpServlet
-
- All Implemented Interfaces:
Servlet
,ServletConfig
,Serializable
public abstract class HttpServlet extends GenericServlet
Provides an abstract class to be subclassed to create an HTTP servlet suitable for a Web site. A subclass ofHttpServlet
must override at least one method, usually one of these:doGet
, if the servlet supports HTTP GET requestsdoPost
, for HTTP POST requestsdoPut
, for HTTP PUT requestsdoDelete
, for HTTP DELETE requestsinit
anddestroy
, to manage resources that are held for the life of the servletgetServletInfo
, which the servlet uses to provide information about itself
There's almost no reason to override the
service
method.service
handles standard HTTP requests by dispatching them to the handler methods for each HTTP request type (thedo
XXX methods listed above).Likewise, there's almost no reason to override the
doOptions
anddoTrace
methods.Servlets typically run on multithreaded servers, so be aware that a servlet must handle concurrent requests and be careful to synchronize access to shared resources. Shared resources include in-memory data such as instance or class variables and external objects such as files, database connections, and network connections. See the Java Tutorial on Multithreaded Programming for more information on handling multiple threads in a Java program.
- Author:
- Various
- See Also:
- Serialized Form
-
-
Field Summary
Fields Modifier and Type Field Description static String
LEGACY_DO_HEAD
Deprecated, for removal: This API element is subject to removal in a future version.may be removed in future releases
-
Constructor Summary
Constructors Constructor Description HttpServlet()
Does nothing, because this is an abstract class.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected void
doDelete(HttpServletRequest req, HttpServletResponse resp)
Called by the server (via theservice
method) to allow a servlet to handle a DELETE request.protected void
doGet(HttpServletRequest req, HttpServletResponse resp)
Called by the server (via theservice
method) to allow a servlet to handle a GET request.protected void
doHead(HttpServletRequest req, HttpServletResponse resp)
Receives an HTTP HEAD request from the protectedservice
method and handles the request.protected void
doOptions(HttpServletRequest req, HttpServletResponse resp)
Called by the server (via theservice
method) to allow a servlet to handle a OPTIONS request.protected void
doPatch(HttpServletRequest req, HttpServletResponse resp)
Called by the server (via theservice
method) to allow a servlet to handle a PATCH request.protected void
doPost(HttpServletRequest req, HttpServletResponse resp)
Called by the server (via theservice
method) to allow a servlet to handle a POST request.protected void
doPut(HttpServletRequest req, HttpServletResponse resp)
Called by the server (via theservice
method) to allow a servlet to handle a PUT request.protected void
doTrace(HttpServletRequest req, HttpServletResponse resp)
Called by the server (via theservice
method) to allow a servlet to handle a TRACE request.protected long
getLastModified(HttpServletRequest req)
Returns the time theHttpServletRequest
object was last modified, in milliseconds since midnight January 1, 1970 GMT.void
init(ServletConfig config)
Called by the servlet container to indicate to a servlet that the servlet is being placed into service.protected boolean
isSensitiveHeader(String headerName)
Is the provided HTTP request header considered sensitive and therefore should be excluded from the response to aTRACE
request?protected void
service(HttpServletRequest req, HttpServletResponse resp)
Receives standard HTTP requests from the publicservice
method and dispatches them to thedo
XXX methods defined in this class.void
service(ServletRequest req, ServletResponse res)
Dispatches client requests to the protectedservice
method.-
Methods inherited from class jakarta.servlet.GenericServlet
destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, getServletName, init, log, log
-
-
-
-
Field Detail
-
LEGACY_DO_HEAD
@Deprecated(forRemoval=true, since="Servlet 6.0") public static final String LEGACY_DO_HEAD
Deprecated, for removal: This API element is subject to removal in a future version.may be removed in future releasesThe parameter obtainedServletConfig.getInitParameter(String)
to determine if legacy processing ofdoHead(HttpServletRequest, HttpServletResponse)
is provided.- Since:
- Servlet 6.0
- See Also:
- Constant Field Values
-
-
Method Detail
-
init
public void init(ServletConfig config) throws ServletException
Description copied from class:GenericServlet
Called by the servlet container to indicate to a servlet that the servlet is being placed into service. SeeServlet.init(jakarta.servlet.ServletConfig)
.This implementation stores the
ServletConfig
object it receives from the servlet container for later use. When overriding this form of the method, callsuper.init(config)
.- Specified by:
init
in interfaceServlet
- Overrides:
init
in classGenericServlet
- Parameters:
config
- theServletConfig
object that contains configuration information for this servlet- Throws:
ServletException
- if an exception occurs that interrupts the servlet's normal operation- See Also:
UnavailableException
-
doGet
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException
Called by the server (via theservice
method) to allow a servlet to handle a GET request.Overriding this method to support a GET request also automatically supports an HTTP HEAD request. A HEAD request is a GET request that returns no body in the response, only the request header fields.
When overriding this method, read the request data, write the response headers, get the response's writer or output stream object, and finally, write the response data. It's best to include content type and encoding. When using a
PrintWriter
object to return the response, set the content type before accessing thePrintWriter
object.The servlet container must write the headers before committing the response, because in HTTP the headers must be sent before the response body.
Where possible, set the Content-Length header (with the
ServletResponse.setContentLength(int)
method), to allow the servlet container to use a persistent connection to return its response to the client, improving performance. The content length is automatically set if the entire response fits inside the response buffer.When using HTTP 1.1 chunked encoding (which means that the response has a Transfer-Encoding header), do not set the Content-Length header.
The GET method should be safe, that is, without any side effects for which users are held responsible. For example, most form queries have no side effects. If a client request is intended to change stored data, the request should use some other HTTP method.
The GET method should also be idempotent, meaning that it can be safely repeated. Sometimes making a method safe also makes it idempotent. For example, repeating queries is both safe and idempotent, but buying a product online or modifying data is neither safe nor idempotent.
If the request is incorrectly formatted,
doGet
returns an HTTP "Bad Request" message.- Parameters:
req
- anHttpServletRequest
object that contains the request the client has made of the servletresp
- anHttpServletResponse
object that contains the response the servlet sends to the client- Throws:
IOException
- if an input or output error is detected when the servlet handles the GET requestServletException
- if the request for the GET could not be handled- See Also:
ServletResponse.setContentType(java.lang.String)
-
getLastModified
protected long getLastModified(HttpServletRequest req)
Returns the time theHttpServletRequest
object was last modified, in milliseconds since midnight January 1, 1970 GMT. If the time is unknown, this method returns a negative number (the default).Servlets that support HTTP GET requests and can quickly determine their last modification time should override this method. This makes browser and proxy caches work more effectively, reducing the load on server and network resources.
- Parameters:
req
- theHttpServletRequest
object that is sent to the servlet- Returns:
- a
long
integer specifying the time theHttpServletRequest
object was last modified, in milliseconds since midnight, January 1, 1970 GMT, or -1 if the time is not known
-
doHead
protected void doHead(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException
Receives an HTTP HEAD request from the protected
service
method and handles the request. The client sends a HEAD request when it wants to see only the headers of a response, such as Content-Type or Content-Length. The HTTP HEAD method counts the output bytes in the response to set the Content-Length header accurately.If you override this method, you can avoid computing the response body and just set the response headers directly to improve performance. Make sure that the
doHead
method you write is both safe and idempotent (that is, protects itself from being called multiple times for one HTTP HEAD request).The default implementation calls
doGet(HttpServletRequest, HttpServletResponse)
. If theServletConfig
init parameterLEGACY_DO_HEAD
is set to "TRUE", then the response instance is wrapped so that the response body is discarded.If the HTTP HEAD request is incorrectly formatted,
doHead
returns an HTTP "Bad Request" message.- Parameters:
req
- the request object that is passed to the servletresp
- the response object that the servlet uses to return the headers to the clien- Throws:
IOException
- if an input or output error occursServletException
- if the request for the HEAD could not be handled
-
doPatch
protected void doPatch(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException
Called by the server (via theservice
method) to allow a servlet to handle a PATCH request. The HTTP PATCH request method applies partial modifications to a resource.When overriding this method, read the request data, write the response headers, get the response's writer or output stream object, and finally, write the response data. It's best to include content type and encoding. When using a
PrintWriter
object to return the response, set the content type before accessing thePrintWriter
object.The servlet container must write the headers before committing the response, because in HTTP the headers must be sent before the response body.
Where possible, set the Content-Length header (with the
ServletResponse.setContentLength(int)
method), to allow the servlet container to use a persistent connection to return its response to the client, improving performance. The content length is automatically set if the entire response fits inside the response buffer.When using HTTP 1.1 chunked encoding (which means that the response has a Transfer-Encoding header), do not set the Content-Length header.
This method does not need to be either safe or idempotent. Operations requested through PATCH can have side effects for which the user can be held accountable, for example, updating stored data or buying items online.
If the HTTP PATCH request is incorrectly formatted,
doPatch
returns an HTTP "Bad Request" message.- Parameters:
req
- anHttpServletRequest
object that contains the request the client has made of the servletresp
- anHttpServletResponse
object that contains the response the servlet sends to the client- Throws:
IOException
- if an input or output error is detected when the servlet handles the requestServletException
- if the request for the POST could not be handled- Since:
- Servlet 6.1
- See Also:
ServletOutputStream
,ServletResponse.setContentType(java.lang.String)
-
doPost
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException
Called by the server (via theservice
method) to allow a servlet to handle a POST request. The HTTP POST method allows the client to send data of unlimited length to the Web server a single time and is useful when posting information such as credit card numbers.When overriding this method, read the request data, write the response headers, get the response's writer or output stream object, and finally, write the response data. It's best to include content type and encoding. When using a
PrintWriter
object to return the response, set the content type before accessing thePrintWriter
object.The servlet container must write the headers before committing the response, because in HTTP the headers must be sent before the response body.
Where possible, set the Content-Length header (with the
ServletResponse.setContentLength(int)
method), to allow the servlet container to use a persistent connection to return its response to the client, improving performance. The content length is automatically set if the entire response fits inside the response buffer.When using HTTP 1.1 chunked encoding (which means that the response has a Transfer-Encoding header), do not set the Content-Length header.
This method does not need to be either safe or idempotent. Operations requested through POST can have side effects for which the user can be held accountable, for example, updating stored data or buying items online.
If the HTTP POST request is incorrectly formatted,
doPost
returns an HTTP "Bad Request" message.- Parameters:
req
- anHttpServletRequest
object that contains the request the client has made of the servletresp
- anHttpServletResponse
object that contains the response the servlet sends to the client- Throws:
IOException
- if an input or output error is detected when the servlet handles the requestServletException
- if the request for the POST could not be handled- See Also:
ServletOutputStream
,ServletResponse.setContentType(java.lang.String)
-
doPut
protected void doPut(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException
Called by the server (via theservice
method) to allow a servlet to handle a PUT request. The PUT operation allows a client to place a file on the server and is similar to sending a file by FTP.When overriding this method, leave intact any content headers sent with the request (including Content-Length, Content-Type, Content-Transfer-Encoding, Content-Encoding, Content-Base, Content-Language, Content-Location, Content-MD5, and Content-Range). If your method cannot handle a content header, it must issue an error message (HTTP 501 - Not Implemented) and discard the request. For more information on HTTP 1.1 and the PUT method, see RFC 7231 .
This method does not need to be either safe or idempotent. Operations that
doPut
performs can have side effects for which the user can be held accountable. When using this method, it may be useful to save a copy of the affected URL in temporary storage.If the HTTP PUT request is incorrectly formatted,
doPut
returns an HTTP "Bad Request" message.- Parameters:
req
- theHttpServletRequest
object that contains the request the client made of the servletresp
- theHttpServletResponse
object that contains the response the servlet returns to the client- Throws:
IOException
- if an input or output error occurs while the servlet is handling the PUT requestServletException
- if the request for the PUT cannot be handled
-
doDelete
protected void doDelete(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException
Called by the server (via theservice
method) to allow a servlet to handle a DELETE request. The DELETE operation allows a client to remove a document or Web page from the server.This method does not need to be either safe or idempotent. Operations requested through DELETE can have side effects for which users can be held accountable. When using this method, it may be useful to save a copy of the affected URL in temporary storage.
If the HTTP DELETE request is incorrectly formatted,
doDelete
returns an HTTP "Bad Request" message.- Parameters:
req
- theHttpServletRequest
object that contains the request the client made of the servletresp
- theHttpServletResponse
object that contains the response the servlet returns to the client- Throws:
IOException
- if an input or output error occurs while the servlet is handling the DELETE requestServletException
- if the request for the DELETE cannot be handled
-
doOptions
protected void doOptions(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException
Called by the server (via theservice
method) to allow a servlet to handle a OPTIONS request. The OPTIONS request determines which HTTP methods the server supports and returns an appropriate header. For example, if a servlet overridesdoGet
, this method returns the following header:Allow: GET, HEAD, TRACE, OPTIONS
There's no need to override this method unless the servlet implements new HTTP methods, beyond those implemented by HTTP 1.1.
- Parameters:
req
- theHttpServletRequest
object that contains the request the client made of the servletresp
- theHttpServletResponse
object that contains the response the servlet returns to the client- Throws:
IOException
- if an input or output error occurs while the servlet is handling the OPTIONS requestServletException
- if the request for the OPTIONS cannot be handled
-
doTrace
protected void doTrace(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException
Called by the server (via theservice
method) to allow a servlet to handle a TRACE request. A TRACE returns the headers sent with the TRACE request to the client, so that they can be used in debugging. There's no need to override this method.- Parameters:
req
- theHttpServletRequest
object that contains the request the client made of the servletresp
- theHttpServletResponse
object that contains the response the servlet returns to the client- Throws:
IOException
- if an input or output error occurs while the servlet is handling the TRACE requestServletException
- if the request for the TRACE cannot be handled
-
isSensitiveHeader
protected boolean isSensitiveHeader(String headerName)
Is the provided HTTP request header considered sensitive and therefore should be excluded from the response to aTRACE
request?By default, headers with names that start with any of the following are considered sensitive:
- authorization
- cookie
- x-forwarded
- forwarded
- proxy-authorization
Note that HTTP header names are case insensitive.
- Parameters:
headerName
- the name of the HTTP request header to test- Returns:
- (@code true} if the HTTP request header is considered sensitive and should be excluded from the response to a
TRACE
request, otherwisefalse
- Since:
- Servlet 6.1
-
service
protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException
Receives standard HTTP requests from the publicservice
method and dispatches them to thedo
XXX methods defined in this class. This method is an HTTP-specific version of theServlet.service(jakarta.servlet.ServletRequest, jakarta.servlet.ServletResponse)
method. There's no need to override this method.- Parameters:
req
- theHttpServletRequest
object that contains the request the client made of the servletresp
- theHttpServletResponse
object that contains the response the servlet returns to the client- Throws:
IOException
- if an input or output error occurs while the servlet is handling the HTTP requestServletException
- if the HTTP request cannot be handled- See Also:
Servlet.service(jakarta.servlet.ServletRequest, jakarta.servlet.ServletResponse)
-
service
public void service(ServletRequest req, ServletResponse res) throws ServletException, IOException
Dispatches client requests to the protectedservice
method. There's no need to override this method.- Specified by:
service
in interfaceServlet
- Specified by:
service
in classGenericServlet
- Parameters:
req
- theHttpServletRequest
object that contains the request the client made of the servletres
- theHttpServletResponse
object that contains the response the servlet returns to the client- Throws:
IOException
- if an input or output error occurs while the servlet is handling the HTTP requestServletException
- if the HTTP request cannot be handled or if either parameter is not an instance of its respectiveHttpServletRequest
orHttpServletResponse
counterparts.- See Also:
Servlet.service(jakarta.servlet.ServletRequest, jakarta.servlet.ServletResponse)
-
-