All Downloads are FREE. Search and download functionalities are using the official Maven repository.

jakarta.servlet.http.HttpServletRequest Maven / Gradle / Ivy

The newest version!
/*
 * Copyright (c) 1997, 2024 Oracle and/or its affiliates and others.
 * All rights reserved.
 * Copyright 2004 The Apache Software Foundation
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package jakarta.servlet.http;

import jakarta.servlet.RequestDispatcher;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import java.io.IOException;
import java.util.*;

/**
 *
 * Extends the {@link jakarta.servlet.ServletRequest} interface to provide request information for HTTP servlets.
 *
 * 

* The servlet container creates an HttpServletRequest object and passes it as an argument to the servlet's * service methods (doGet, doPost, etc). * * * @author Various */ public interface HttpServletRequest extends ServletRequest { /** * String identifier for Basic authentication. Value "BASIC" */ String BASIC_AUTH = "BASIC"; /** * String identifier for Form authentication. Value "FORM" */ String FORM_AUTH = "FORM"; /** * String identifier for Client Certificate authentication. Value "CLIENT_CERT" */ String CLIENT_CERT_AUTH = "CLIENT_CERT"; /** * String identifier for Digest authentication. Value "DIGEST" */ String DIGEST_AUTH = "DIGEST"; /** * Returns the name of the authentication scheme used to protect the servlet. All servlet containers support basic, form * and client certificate authentication, and may additionally support digest authentication. If the servlet is not * authenticated null is returned. * * @return one of the static members BASIC_AUTH, FORM_AUTH, CLIENT_CERT_AUTH, DIGEST_AUTH (suitable for == comparison) * or the container-specific string indicating the authentication scheme, or null if the request was not * authenticated. */ String getAuthType(); /** * Returns an array containing all of the Cookie objects the client sent with this request. This method * returns null if no cookies were sent. * * @return an array of all the Cookies included with this request, or null if the request has * no cookies */ Cookie[] getCookies(); /** * Returns the value of the specified request header as a long value that represents a Date * object. Use this method with headers that contain dates, such as If-Modified-Since. * *

* The date is returned as the number of milliseconds since January 1, 1970 GMT. The header name is case insensitive. * *

* If the request did not have a header of the specified name, this method returns -1. If there are multiple headers * with the same name, this method returns the value of the first header in the request. If the header can't be * converted to a date, the method throws an IllegalArgumentException. * * @param name a String specifying the name of the header * * @return a long value representing the date specified in the header expressed as the number of * milliseconds since January 1, 1970 GMT, or -1 if the named header was not included with the request * * @exception IllegalArgumentException If the header value can't be converted to a date */ long getDateHeader(String name); /** * Returns the value of the specified request header as a String. If the request did not include a header * of the specified name, this method returns null. If there are multiple headers with the same name, this * method returns the value of the first header in the request. The header name is case insensitive. You can use this * method with any request header. * * @param name a String specifying the header name * * @return a String containing the value of the requested header, or null if the request does * not have a header of that name */ String getHeader(String name); /** * Returns all the values of the specified request header as an Enumeration of String objects. * *

* Some headers, such as Accept-Language can be sent by clients as several headers each with a different * value rather than sending the header as a comma separated list. * *

* If the request did not include any headers of the specified name, this method returns an empty * Enumeration. The header name is case insensitive. You can use this method with any request header. * * @param name a String specifying the header name * * @return an Enumeration containing the values of the requested header. If the request does not have any * headers of that name return an empty enumeration. If the container does not allow access to header information, * return null */ Enumeration getHeaders(String name); /** * Returns an enumeration of all the header names this request contains. If the request has no headers, this method * returns an empty enumeration. * *

* Some servlet containers do not allow servlets to access headers using this method, in which case this method returns * null * * @return an enumeration of all the header names sent with this request; if the request has no headers, an empty * enumeration; if the servlet container does not allow servlets to use this method, null */ Enumeration getHeaderNames(); /** * Returns the value of the specified request header as an int. If the request does not have a header of * the specified name, this method returns -1. If there are multiple headers with the same name, this method returns the * value of the first header in the request. If the header cannot be converted to an integer, this method throws a * NumberFormatException. * *

* The header name is case insensitive. * * @param name a String specifying the name of a request header * * @return an integer expressing the value of the request header or -1 if the request doesn't have a header of this name * * @exception NumberFormatException If the header value can't be converted to an int */ int getIntHeader(String name); /** * Return the HttpServletMapping of the request. *

* The mapping returned depends on the current {@link jakarta.servlet.DispatcherType} as obtained from * {@link #getDispatcherType()}: *

*
{@link jakarta.servlet.DispatcherType#REQUEST}, {@link jakarta.servlet.DispatcherType#ASYNC}, * {@link jakarta.servlet.DispatcherType#ERROR}
*
Return the mapping for the target of the dispatch i.e. the mapping for the current * {@link jakarta.servlet.Servlet}.
* *
{@link jakarta.servlet.DispatcherType#INCLUDE}
*
Return the mapping as prior to the current dispatch. i.e the mapping returned is unchanged by a call to
* {@link RequestDispatcher#include(ServletRequest, jakarta.servlet.ServletResponse)}. * *
{@link jakarta.servlet.DispatcherType#FORWARD}
*
Return the mapping for the target of the dispatch i.e. the mapping for the current * {@link jakarta.servlet.Servlet}, unless the {@link jakarta.servlet.RequestDispatcher} was obtained via * {@link jakarta.servlet.ServletContext#getNamedDispatcher(String)}, in which case return the mapping as prior to the * current dispatch. i.e the mapping returned is changed during a call to * {@link RequestDispatcher#forward(ServletRequest, jakarta.servlet.ServletResponse)} only if the dispatcher is not a * named dispatcher.
*
*

*

* For example: *

    *
  • For a sequence Servlet1 --include--> Servlet2 --include--> Servlet3, a call to this * method in Servlet3 will return the mapping for Servlet1.
  • *
  • For a sequence Servlet1 --async--> Servlet2 --named-forward--> Servlet3, a call to this * method in Servlet3 will return the mapping for Servlet2.
  • *
*

*

* The returned object is immutable. Servlet 4.0 onwards compliant implementations must override this method. *

* * @implSpec The default implementation returns a {@code * HttpServletMapping} that returns the empty string for the match value, pattern and servlet name and {@code null} for * the match type. * * @return An instance of {@code HttpServletMapping} describing the manner in which the current request was invoked. * * @since Servlet 4.0 */ default HttpServletMapping getHttpServletMapping() { return new HttpServletMapping() { @Override public String getMatchValue() { return ""; } @Override public String getPattern() { return ""; } @Override public String getServletName() { return ""; } @Override public MappingMatch getMappingMatch() { return null; } @Override public String toString() { return "MappingImpl{" + "matchValue=" + getMatchValue() + ", pattern=" + getPattern() + ", servletName=" + getServletName() + ", mappingMatch=" + getMappingMatch() + "} HttpServletRequest {" + HttpServletRequest.this + '}'; } }; } /** * Returns the name of the HTTP method with which this request was made, for example, GET, POST, or PUT. * * @return a String specifying the name of the method with which this request was made */ String getMethod(); /** * Returns any extra path information associated with the URL the client sent when it made this request. The extra path * information follows the servlet path but precedes the query string and will start with a "/" character. * *

* This method returns null if there was no extra path information. * * @return a String specifying extra path information that comes after the servlet path but before the * query string in the request URL; or null if the URL does not have any extra path information. The path * will be canonicalized as per Servlet * 6.0, 3.5. This method will not return any encoded characters unless the container is configured specifically to * allow them. * @throws IllegalArgumentException In standard configuration, this method will never throw. However, a container may be * configured to not reject some suspicious sequences identified by Servlet 6.0, * 3.5.2, furthermore the container may be configured to allow such paths to only be accessed via safer methods like * {@link #getRequestURI()} and to throw IllegalArgumentException if this method is called for such suspicious paths. */ String getPathInfo(); /** * Returns any extra path information after the servlet name but before the query string, and translates it to a real * path. * *

* If the URL does not have any extra path information, this method returns null or the servlet container * cannot translate the virtual path to a real path for any reason (such as when the web application is executed from an * archive). * * The web container does not decode this string. * * @return a String specifying the real path, or null if the URL does not have any extra path * information */ String getPathTranslated(); /** * Instantiates a new instance of {@link PushBuilder} for issuing server push responses from the current request. This * method returns null if the current connection does not support server push, or server push has been disabled by the * client via a {@code SETTINGS_ENABLE_PUSH} settings frame value of {@code 0} (zero). * * @implSpec The default implementation returns null. * * @return a {@link PushBuilder} for issuing server push responses from the current request, or {@code null} if push is * not supported. Note that some implementations may opt not to support server push and will therefore always return * {@code null} * * @since Servlet 4.0 * * @deprecated In favor of 103 early hints */ @Deprecated default PushBuilder newPushBuilder() { return null; } /** * Returns the portion of the request URI that indicates the context of the request. The context path always comes first * in a request URI. The path starts with a "/" character but does not end with a "/" character. For servlets in the * default (root) context, this method returns "". The container does not decode this string. * *

* It is possible that a servlet container may match a context by more than one context path. In such cases this method * will return the actual context path used by the request and it may differ from the path returned by the * {@link jakarta.servlet.ServletContext#getContextPath()} method. The context path returned by * {@link jakarta.servlet.ServletContext#getContextPath()} should be considered as the prime or preferred context path * of the application. * * @return a String specifying the portion of the request URI that indicates the context of the request. * * @throws IllegalArgumentException In standard configuration, this method will never throw. However, a container may be * configured to not reject some suspicious sequences identified by Servlet 6.0, * 3.5.2, furthermore the container may be configured to allow such paths to only be accessed via safer methods like * {@link #getRequestURI()} and to throw IllegalArgumentException if this method is called for such suspicious paths. * @see jakarta.servlet.ServletContext#getContextPath() */ String getContextPath(); /** * Returns the query string that is contained in the request URL after the path. This method returns null * if the URL does not have a query string. * * @return a String containing the query string or null if the URL contains no query string. * The value is not decoded by the container. */ String getQueryString(); /** * Returns the login of the user making this request, if the user has been authenticated, or null if the * user has not been authenticated. Whether the user name is sent with each subsequent request depends on the browser * and type of authentication. * * @return a String specifying the login of the user making this request, or null if the user * login is not known */ String getRemoteUser(); /** * Returns a boolean indicating whether the authenticated user is included in the specified logical "role". Roles and * role membership can be defined using deployment descriptors. If the user has not been authenticated, the method * returns false. * *

* The role name "*" should never be used as an argument in calling isUserInRole. Any call to * isUserInRole with "*" must return false. If the role-name of the security-role to be tested is "**", and * the application has NOT declared an application security-role with role-name "**", isUserInRole must * only return true if the user has been authenticated; that is, only when {@link #getRemoteUser} and * {@link #getUserPrincipal} would both return a non-null value. Otherwise, the container must check the user for * membership in the application role. * * @param role a String specifying the name of the role * * @return a boolean indicating whether the user making this request belongs to a given role; * false if the user has not been authenticated */ boolean isUserInRole(String role); /** * Returns a java.security.Principal object containing the name of the current authenticated user. If the * user has not been authenticated, the method returns null. * * @return a java.security.Principal containing the name of the user making this request; null * if the user has not been authenticated */ java.security.Principal getUserPrincipal(); /** * Returns the session ID specified by the client. This may not be the same as the ID of the current valid session for * this request. If the client did not specify a session ID, this method returns null. * * @return a String specifying the session ID, or null if the request did not specify a * session ID * * @see #isRequestedSessionIdValid */ String getRequestedSessionId(); /** * Returns the part of this request's URL from the protocol name up to the query string in the first line of the HTTP * request. The web container does not decode this String. For example: * *

* * * * * * *
First line of HTTP requestReturned Value
POST /some/path.html HTTP/1.1 * * /some/path.html *
GET http://foo.bar/a.html HTTP/1.0 * * /a.html *
HEAD /xyz?a=b HTTP/1.1 * * /xyz *
* * @return a String containing the part of the URL from the protocol name up to the query string */ String getRequestURI(); /** * Reconstructs the URL the client used to make the request. The returned URL contains a protocol, server name, port * number, and server path, but it does not include query string parameters. * *

* If this request has been forwarded using {@link jakarta.servlet.RequestDispatcher#forward}, the server path in the * reconstructed URL must reflect the path used to obtain the RequestDispatcher, and not the server path specified by * the client. * *

* Because this method returns a StringBuffer, not a string, you can modify the URL easily, for example, to * append query parameters. * *

* This method is useful for creating redirect messages and for reporting errors. * * @return a StringBuffer object containing the reconstructed URL */ StringBuffer getRequestURL(); /** * Returns the part of this request's URL that calls the servlet. This path starts with a "/" character and includes the * path to the servlet, but does not include any extra path information or a query string. * *

* This method will return an empty string ("") if the servlet used to process this request was matched using the "/*" * pattern. * * @return a String containing the path of the servlet being called, as specified in the request URL, or an * empty string if the servlet used to process the request is matched using the "/*" pattern. The path will be * canonicalized as per Servlet * 6.0, 3.5. This method will not return any encoded characters unless the container is configured specifically to * allow them. * @throws IllegalArgumentException In standard configuration, this method will never throw. However, a container may be * configured to not reject some suspicious sequences identified by Servlet 6.0, * 3.5.2, furthermore the container may be configured to allow such paths to only be accessed via safer methods like * {@link #getRequestURI()} and to throw IllegalArgumentException if this method is called for such suspicious paths. */ String getServletPath(); /** * Returns the current HttpSession associated with this request or, if there is no current session and * create is true, returns a new session. * *

* If create is false and the request has no valid HttpSession, this method * returns null. * *

* To make sure the session is properly maintained, you must call this method before the response is committed. If the * container is using cookies to maintain session integrity and is asked to create a new session when the response is * committed, an IllegalStateException is thrown. * * @param create true to create a new session for this request if necessary; false to return * null if there's no current session * * @return the HttpSession associated with this request or null if create is * false and the request has no valid session * * @see #getSession() */ HttpSession getSession(boolean create); /** * Returns the current session associated with this request, or if the request does not have a session, creates one. * * @return the HttpSession associated with this request * * @see #getSession(boolean) */ HttpSession getSession(); /** * Change the session id of the current session associated with this request and return the new session id. * * @return the new session id * * @throws IllegalStateException if there is no session associated with the request * * @since Servlet 3.1 */ String changeSessionId(); /** * Checks whether the requested session ID is still valid. * *

* If the client did not specify any session ID, this method returns false. * * @return true if this request has an id for a valid session in the current session context; * false otherwise * * @see #getRequestedSessionId * @see #getSession */ boolean isRequestedSessionIdValid(); /** *

* Checks whether the requested session ID was conveyed to the server as an HTTP cookie. *

* * @return true if the session ID was conveyed to the server an an HTTP cookie; otherwise, * false * * @see #getSession */ boolean isRequestedSessionIdFromCookie(); /** *

* Checks whether the requested session ID was conveyed to the server as part of the request URL. *

* * @return true if the session ID was conveyed to the server as part of a URL; otherwise, * false * * @see #getSession */ boolean isRequestedSessionIdFromURL(); /** * Use the container login mechanism configured for the ServletContext to authenticate the user making this * request. * *

* This method may modify and commit the argument HttpServletResponse. * * @param response The HttpServletResponse associated with this HttpServletRequest * * @return true when non-null values were or have been established as the values returned by * getUserPrincipal, getRemoteUser, and getAuthType. Return false if * authentication is incomplete and the underlying login mechanism has committed, in the response, the message (e.g., * challenge) and HTTP status code to be returned to the user. * * @throws IOException if an input or output error occurred while reading from this request or writing to the given * response * * @throws IllegalStateException if the login mechanism attempted to modify the response and it was already committed * * @throws ServletException if the authentication failed and the caller is responsible for handling the error (i.e., the * underlying login mechanism did NOT establish the message and HTTP status code to be returned to the user) * * @since Servlet 3.0 */ boolean authenticate(HttpServletResponse response) throws IOException, ServletException; /** * Validate the provided username and password in the password validation realm used by the web container login * mechanism configured for the ServletContext. * *

* This method returns without throwing a ServletException when the login mechanism configured for the * ServletContext supports username password validation, and when, at the time of the call to login, the * identity of the caller of the request had not been established (i.e, all of getUserPrincipal, * getRemoteUser, and getAuthType return null), and when validation of the provided * credentials is successful. Otherwise, this method throws a ServletException as described below. * *

* When this method returns without throwing an exception, it must have established non-null values as the values * returned by getUserPrincipal, getRemoteUser, and getAuthType. * * @param username The String value corresponding to the login identifier of the user. * * @param password The password String corresponding to the identified user. * * @exception ServletException if the configured login mechanism does not support username password authentication, or * if a non-null caller identity had already been established (prior to the call to login), or if validation of the * provided username and password fails. * * @since Servlet 3.0 */ void login(String username, String password) throws ServletException; /** * Establish null as the value returned when getUserPrincipal, getRemoteUser, and * getAuthType is called on the request. * * @exception ServletException if logout fails * * @since Servlet 3.0 */ void logout() throws ServletException; /** * Gets all the {@link Part} components of this request, provided that it is of type multipart/form-data. * *

* If this request is of type multipart/form-data, but does not contain any Part components, * the returned Collection will be empty. * *

* Any changes to the returned Collection must not affect this HttpServletRequest. * * @return a (possibly empty) Collection of the Part components of this request * * @throws IOException if an I/O error occurred during the retrieval of the {@link Part} components of this request * * @throws ServletException if this request is not of type multipart/form-data * * @throws IllegalStateException if the request body is larger than maxRequestSize, or any * Part in the request is larger than maxFileSize, or there is no * @MultipartConfig or multipart-config in deployment descriptors * * @see jakarta.servlet.annotation.MultipartConfig#maxFileSize * @see jakarta.servlet.annotation.MultipartConfig#maxRequestSize * * @since Servlet 3.0 */ Collection getParts() throws IOException, ServletException; /** * Gets the {@link Part} with the given name. * * @param name the name of the requested Part * * @return The Part with the given name, or null if this request is of type * multipart/form-data, but does not contain the requested Part * * @throws IOException if an I/O error occurred during the retrieval of the requested Part * @throws ServletException if this request is not of type multipart/form-data * @throws IllegalStateException if the request body is larger than maxRequestSize, or any * Part in the request is larger than maxFileSize, or there is no * @MultipartConfig or multipart-config in deployment descriptors * * @see jakarta.servlet.annotation.MultipartConfig#maxFileSize * @see jakarta.servlet.annotation.MultipartConfig#maxRequestSize * * @since Servlet 3.0 */ Part getPart(String name) throws IOException, ServletException; /** * Creates an instance of HttpUpgradeHandler for a given class and uses it for the http protocol upgrade * processing. * * @param The {@code Class}, which extends {@link HttpUpgradeHandler}, of the {@code handlerClass}. * * @param handlerClass The HttpUpgradeHandler class used for the upgrade. * * @return an instance of the HttpUpgradeHandler * * @exception IOException if an I/O error occurred during the upgrade * @exception ServletException if the given handlerClass fails to be instantiated * * @see jakarta.servlet.http.HttpUpgradeHandler * @see jakarta.servlet.http.WebConnection * * @since Servlet 3.1 */ T upgrade(Class handlerClass) throws IOException, ServletException; /** * Get the request trailer fields. * *

* The returned map is not backed by the {@code HttpServletRequest} object, so changes in the returned map are not * reflected in the {@code HttpServletRequest} object, and vice-versa. *

* *

* {@link #isTrailerFieldsReady()} should be called first to determine if it is safe to call this method without causing * an exception. *

* * @implSpec The default implementation returns an empty map. * * @return A map of trailer fields in which all the keys are in lowercase, regardless of the case they had at the * protocol level. If there are no trailer fields, yet {@link #isTrailerFieldsReady} is returning true, the empty map is * returned. * * @throws IllegalStateException if {@link #isTrailerFieldsReady()} is false * * @since Servlet 4.0 */ default Map getTrailerFields() { return Collections.emptyMap(); } /** * Return a boolean indicating whether trailer fields are ready to read using {@link #getTrailerFields}. * * This methods returns true immediately if it is known that there is no trailer in the request, for instance, the * underlying protocol (such as HTTP 1.0) does not supports the trailer fields, or the request is not in chunked * encoding in HTTP 1.1. And the method also returns true if both of the following conditions are satisfied: *
    *
  1. the application has read all the request data and an EOF indication has been returned from the {@link #getReader} * or {@link #getInputStream}. *
  2. all the trailer fields sent by the client have been received. Note that it is possible that the client has sent * no trailer fields. *
* * @implSpec The default implementation returns {@code true}. * * @return a boolean whether trailer fields are ready to read * * @since Servlet 4.0 */ default boolean isTrailerFieldsReady() { return true; } }




© 2015 - 2024 Weber Informatics LLC | Privacy Policy