jakarta.servlet.http.HttpServletRequest Maven / Gradle / Ivy
/*
* Copyright (c) 1997, 2024 Oracle and/or its affiliates and others.
* All rights reserved.
* Copyright 2004 The Apache Software Foundation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package jakarta.servlet.http;
import jakarta.servlet.RequestDispatcher;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import java.io.IOException;
import java.util.*;
/**
*
* Extends the {@link jakarta.servlet.ServletRequest} interface to provide request information for HTTP servlets.
*
*
* The servlet container creates an HttpServletRequest
object and passes it as an argument to the servlet's
* service methods (doGet
, doPost
, etc).
*
*
* @author Various
*/
public interface HttpServletRequest extends ServletRequest {
/**
* String identifier for Basic authentication. Value "BASIC"
*/
String BASIC_AUTH = "BASIC";
/**
* String identifier for Form authentication. Value "FORM"
*/
String FORM_AUTH = "FORM";
/**
* String identifier for Client Certificate authentication. Value "CLIENT_CERT"
*/
String CLIENT_CERT_AUTH = "CLIENT_CERT";
/**
* String identifier for Digest authentication. Value "DIGEST"
*/
String DIGEST_AUTH = "DIGEST";
/**
* Returns the name of the authentication scheme used to protect the servlet. All servlet containers support basic, form
* and client certificate authentication, and may additionally support digest authentication. If the servlet is not
* authenticated null
is returned.
*
* @return one of the static members BASIC_AUTH, FORM_AUTH, CLIENT_CERT_AUTH, DIGEST_AUTH (suitable for == comparison)
* or the container-specific string indicating the authentication scheme, or null
if the request was not
* authenticated.
*/
String getAuthType();
/**
* Returns an array containing all of the Cookie
objects the client sent with this request. This method
* returns null
if no cookies were sent.
*
* @return an array of all the Cookies
included with this request, or null
if the request has
* no cookies
*/
Cookie[] getCookies();
/**
* Returns the value of the specified request header as a long
value that represents a Date
* object. Use this method with headers that contain dates, such as If-Modified-Since
.
*
*
* The date is returned as the number of milliseconds since January 1, 1970 GMT. The header name is case insensitive.
*
*
* If the request did not have a header of the specified name, this method returns -1. If there are multiple headers
* with the same name, this method returns the value of the first header in the request. If the header can't be
* converted to a date, the method throws an IllegalArgumentException
.
*
* @param name a String
specifying the name of the header
*
* @return a long
value representing the date specified in the header expressed as the number of
* milliseconds since January 1, 1970 GMT, or -1 if the named header was not included with the request
*
* @exception IllegalArgumentException If the header value can't be converted to a date
*/
long getDateHeader(String name);
/**
* Returns the value of the specified request header as a String
. If the request did not include a header
* of the specified name, this method returns null
. If there are multiple headers with the same name, this
* method returns the value of the first header in the request. The header name is case insensitive. You can use this
* method with any request header.
*
* @param name a String
specifying the header name
*
* @return a String
containing the value of the requested header, or null
if the request does
* not have a header of that name
*/
String getHeader(String name);
/**
* Returns all the values of the specified request header as an Enumeration
of String
objects.
*
*
* Some headers, such as Accept-Language
can be sent by clients as several headers each with a different
* value rather than sending the header as a comma separated list.
*
*
* If the request did not include any headers of the specified name, this method returns an empty
* Enumeration
. The header name is case insensitive. You can use this method with any request header.
*
* @param name a String
specifying the header name
*
* @return an Enumeration
containing the values of the requested header. If the request does not have any
* headers of that name return an empty enumeration. If the container does not allow access to header information,
* return null
*/
Enumeration getHeaders(String name);
/**
* Returns an enumeration of all the header names this request contains. If the request has no headers, this method
* returns an empty enumeration.
*
*
* Some servlet containers do not allow servlets to access headers using this method, in which case this method returns
* null
*
* @return an enumeration of all the header names sent with this request; if the request has no headers, an empty
* enumeration; if the servlet container does not allow servlets to use this method, null
*/
Enumeration getHeaderNames();
/**
* Returns the value of the specified request header as an int
. If the request does not have a header of
* the specified name, this method returns -1. If there are multiple headers with the same name, this method returns the
* value of the first header in the request. If the header cannot be converted to an integer, this method throws a
* NumberFormatException
.
*
*
* The header name is case insensitive.
*
* @param name a String
specifying the name of a request header
*
* @return an integer expressing the value of the request header or -1 if the request doesn't have a header of this name
*
* @exception NumberFormatException If the header value can't be converted to an int
*/
int getIntHeader(String name);
/**
* Return the HttpServletMapping of the request.
*
* The mapping returned depends on the current {@link jakarta.servlet.DispatcherType} as obtained from
* {@link #getDispatcherType()}:
*
* - {@link jakarta.servlet.DispatcherType#REQUEST}, {@link jakarta.servlet.DispatcherType#ASYNC},
* {@link jakarta.servlet.DispatcherType#ERROR}
* - Return the mapping for the target of the dispatch i.e. the mapping for the current
* {@link jakarta.servlet.Servlet}.
*
* - {@link jakarta.servlet.DispatcherType#INCLUDE}
* - Return the mapping as prior to the current dispatch. i.e the mapping returned is unchanged by a call to
* {@link RequestDispatcher#include(ServletRequest, jakarta.servlet.ServletResponse)}.
*
* - {@link jakarta.servlet.DispatcherType#FORWARD}
* - Return the mapping for the target of the dispatch i.e. the mapping for the current
* {@link jakarta.servlet.Servlet}, unless the {@link jakarta.servlet.RequestDispatcher} was obtained via
* {@link jakarta.servlet.ServletContext#getNamedDispatcher(String)}, in which case return the mapping as prior to the
* current dispatch. i.e the mapping returned is changed during a call to
* {@link RequestDispatcher#forward(ServletRequest, jakarta.servlet.ServletResponse)} only if the dispatcher is not a
* named dispatcher.
*
*
*
* For example:
*
* - For a sequence Servlet1 --include--> Servlet2 --include--> Servlet3, a call to this
* method in Servlet3 will return the mapping for Servlet1.
* - For a sequence Servlet1 --async--> Servlet2 --named-forward--> Servlet3, a call to this
* method in Servlet3 will return the mapping for Servlet2.
*
*
*
* The returned object is immutable. Servlet 4.0 onwards compliant implementations must override this method.
*
*
* @implSpec The default implementation returns a {@code
* HttpServletMapping} that returns the empty string for the match value, pattern and servlet name and {@code null} for
* the match type.
*
* @return An instance of {@code HttpServletMapping} describing the manner in which the current request was invoked.
*
* @since Servlet 4.0
*/
default HttpServletMapping getHttpServletMapping() {
return new HttpServletMapping() {
@Override
public String getMatchValue() {
return "";
}
@Override
public String getPattern() {
return "";
}
@Override
public String getServletName() {
return "";
}
@Override
public MappingMatch getMappingMatch() {
return null;
}
@Override
public String toString() {
return "MappingImpl{" + "matchValue=" + getMatchValue() + ", pattern=" + getPattern() + ", servletName="
+ getServletName() + ", mappingMatch=" + getMappingMatch() + "} HttpServletRequest {"
+ HttpServletRequest.this + '}';
}
};
}
/**
* Returns the name of the HTTP method with which this request was made, for example, GET, POST, or PUT.
*
* @return a String
specifying the name of the method with which this request was made
*/
String getMethod();
/**
* Returns any extra path information associated with the URL the client sent when it made this request. The extra path
* information follows the servlet path but precedes the query string and will start with a "/" character.
*
*
* This method returns null
if there was no extra path information.
*
* @return a String
specifying extra path information that comes after the servlet path but before the
* query string in the request URL; or null
if the URL does not have any extra path information. The path
* will be canonicalized as per Servlet
* 6.0, 3.5. This method will not return any encoded characters unless the container is configured specifically to
* allow them.
* @throws IllegalArgumentException In standard configuration, this method will never throw. However, a container may be
* configured to not reject some suspicious sequences identified by Servlet 6.0,
* 3.5.2, furthermore the container may be configured to allow such paths to only be accessed via safer methods like
* {@link #getRequestURI()} and to throw IllegalArgumentException if this method is called for such suspicious paths.
*/
String getPathInfo();
/**
* Returns any extra path information after the servlet name but before the query string, and translates it to a real
* path.
*
*
* If the URL does not have any extra path information, this method returns null
or the servlet container
* cannot translate the virtual path to a real path for any reason (such as when the web application is executed from an
* archive).
*
* The web container does not decode this string.
*
* @return a String
specifying the real path, or null
if the URL does not have any extra path
* information
*/
String getPathTranslated();
/**
* Instantiates a new instance of {@link PushBuilder} for issuing server push responses from the current request. This
* method returns null if the current connection does not support server push, or server push has been disabled by the
* client via a {@code SETTINGS_ENABLE_PUSH} settings frame value of {@code 0} (zero).
*
* @implSpec The default implementation returns null.
*
* @return a {@link PushBuilder} for issuing server push responses from the current request, or {@code null} if push is
* not supported. Note that some implementations may opt not to support server push and will therefore always return
* {@code null}
*
* @since Servlet 4.0
*
* @deprecated In favor of 103 early hints
*/
@Deprecated
default PushBuilder newPushBuilder() {
return null;
}
/**
* Returns the portion of the request URI that indicates the context of the request. The context path always comes first
* in a request URI. The path starts with a "/" character but does not end with a "/" character. For servlets in the
* default (root) context, this method returns "". The container does not decode this string.
*
*
* It is possible that a servlet container may match a context by more than one context path. In such cases this method
* will return the actual context path used by the request and it may differ from the path returned by the
* {@link jakarta.servlet.ServletContext#getContextPath()} method. The context path returned by
* {@link jakarta.servlet.ServletContext#getContextPath()} should be considered as the prime or preferred context path
* of the application.
*
* @return a String
specifying the portion of the request URI that indicates the context of the request.
*
* @throws IllegalArgumentException In standard configuration, this method will never throw. However, a container may be
* configured to not reject some suspicious sequences identified by Servlet 6.0,
* 3.5.2, furthermore the container may be configured to allow such paths to only be accessed via safer methods like
* {@link #getRequestURI()} and to throw IllegalArgumentException if this method is called for such suspicious paths.
* @see jakarta.servlet.ServletContext#getContextPath()
*/
String getContextPath();
/**
* Returns the query string that is contained in the request URL after the path. This method returns null
* if the URL does not have a query string.
*
* @return a String
containing the query string or null
if the URL contains no query string.
* The value is not decoded by the container.
*/
String getQueryString();
/**
* Returns the login of the user making this request, if the user has been authenticated, or null
if the
* user has not been authenticated. Whether the user name is sent with each subsequent request depends on the browser
* and type of authentication.
*
* @return a String
specifying the login of the user making this request, or null
if the user
* login is not known
*/
String getRemoteUser();
/**
* Returns a boolean indicating whether the authenticated user is included in the specified logical "role". Roles and
* role membership can be defined using deployment descriptors. If the user has not been authenticated, the method
* returns false
.
*
*
* The role name "*" should never be used as an argument in calling isUserInRole
. Any call to
* isUserInRole
with "*" must return false. If the role-name of the security-role to be tested is "**", and
* the application has NOT declared an application security-role with role-name "**", isUserInRole
must
* only return true if the user has been authenticated; that is, only when {@link #getRemoteUser} and
* {@link #getUserPrincipal} would both return a non-null value. Otherwise, the container must check the user for
* membership in the application role.
*
* @param role a String
specifying the name of the role
*
* @return a boolean
indicating whether the user making this request belongs to a given role;
* false
if the user has not been authenticated
*/
boolean isUserInRole(String role);
/**
* Returns a java.security.Principal
object containing the name of the current authenticated user. If the
* user has not been authenticated, the method returns null
.
*
* @return a java.security.Principal
containing the name of the user making this request; null
* if the user has not been authenticated
*/
java.security.Principal getUserPrincipal();
/**
* Returns the session ID specified by the client. This may not be the same as the ID of the current valid session for
* this request. If the client did not specify a session ID, this method returns null
.
*
* @return a String
specifying the session ID, or null
if the request did not specify a
* session ID
*
* @see #isRequestedSessionIdValid
*/
String getRequestedSessionId();
/**
* Returns the part of this request's URL from the protocol name up to the query string in the first line of the HTTP
* request. The web container does not decode this String. For example:
*
*
*
* First line of HTTP request
* Returned Value
*
* POST /some/path.html HTTP/1.1
*
* /some/path.html
*
* GET http://foo.bar/a.html HTTP/1.0
*
* /a.html
*
* HEAD /xyz?a=b HTTP/1.1
*
* /xyz
*
*
* @return a String
containing the part of the URL from the protocol name up to the query string
*/
String getRequestURI();
/**
* Reconstructs the URL the client used to make the request. The returned URL contains a protocol, server name, port
* number, and server path, but it does not include query string parameters.
*
*
* If this request has been forwarded using {@link jakarta.servlet.RequestDispatcher#forward}, the server path in the
* reconstructed URL must reflect the path used to obtain the RequestDispatcher, and not the server path specified by
* the client.
*
*
* Because this method returns a StringBuffer
, not a string, you can modify the URL easily, for example, to
* append query parameters.
*
*
* This method is useful for creating redirect messages and for reporting errors.
*
* @return a StringBuffer
object containing the reconstructed URL
*/
StringBuffer getRequestURL();
/**
* Returns the part of this request's URL that calls the servlet. This path starts with a "/" character and includes the
* path to the servlet, but does not include any extra path information or a query string.
*
*
* This method will return an empty string ("") if the servlet used to process this request was matched using the "/*"
* pattern.
*
* @return a String
containing the path of the servlet being called, as specified in the request URL, or an
* empty string if the servlet used to process the request is matched using the "/*" pattern. The path will be
* canonicalized as per Servlet
* 6.0, 3.5. This method will not return any encoded characters unless the container is configured specifically to
* allow them.
* @throws IllegalArgumentException In standard configuration, this method will never throw. However, a container may be
* configured to not reject some suspicious sequences identified by Servlet 6.0,
* 3.5.2, furthermore the container may be configured to allow such paths to only be accessed via safer methods like
* {@link #getRequestURI()} and to throw IllegalArgumentException if this method is called for such suspicious paths.
*/
String getServletPath();
/**
* Returns the current HttpSession
associated with this request or, if there is no current session and
* create
is true, returns a new session.
*
*
* If create
is false
and the request has no valid HttpSession
, this method
* returns null
.
*
*
* To make sure the session is properly maintained, you must call this method before the response is committed. If the
* container is using cookies to maintain session integrity and is asked to create a new session when the response is
* committed, an IllegalStateException is thrown.
*
* @param create true
to create a new session for this request if necessary; false
to return
* null
if there's no current session
*
* @return the HttpSession
associated with this request or null
if create
is
* false
and the request has no valid session
*
* @see #getSession()
*/
HttpSession getSession(boolean create);
/**
* Returns the current session associated with this request, or if the request does not have a session, creates one.
*
* @return the HttpSession
associated with this request
*
* @see #getSession(boolean)
*/
HttpSession getSession();
/**
* Change the session id of the current session associated with this request and return the new session id.
*
* @return the new session id
*
* @throws IllegalStateException if there is no session associated with the request
*
* @since Servlet 3.1
*/
String changeSessionId();
/**
* Checks whether the requested session ID is still valid.
*
*
* If the client did not specify any session ID, this method returns false
.
*
* @return true
if this request has an id for a valid session in the current session context;
* false
otherwise
*
* @see #getRequestedSessionId
* @see #getSession
*/
boolean isRequestedSessionIdValid();
/**
*
* Checks whether the requested session ID was conveyed to the server as an HTTP cookie.
*
*
* @return true
if the session ID was conveyed to the server an an HTTP cookie; otherwise,
* false
*
* @see #getSession
*/
boolean isRequestedSessionIdFromCookie();
/**
*
* Checks whether the requested session ID was conveyed to the server as part of the request URL.
*
*
* @return true
if the session ID was conveyed to the server as part of a URL; otherwise,
* false
*
* @see #getSession
*/
boolean isRequestedSessionIdFromURL();
/**
* Use the container login mechanism configured for the ServletContext
to authenticate the user making this
* request.
*
*
* This method may modify and commit the argument HttpServletResponse
.
*
* @param response The HttpServletResponse
associated with this HttpServletRequest
*
* @return true
when non-null values were or have been established as the values returned by
* getUserPrincipal
, getRemoteUser
, and getAuthType
. Return false
if
* authentication is incomplete and the underlying login mechanism has committed, in the response, the message (e.g.,
* challenge) and HTTP status code to be returned to the user.
*
* @throws IOException if an input or output error occurred while reading from this request or writing to the given
* response
*
* @throws IllegalStateException if the login mechanism attempted to modify the response and it was already committed
*
* @throws ServletException if the authentication failed and the caller is responsible for handling the error (i.e., the
* underlying login mechanism did NOT establish the message and HTTP status code to be returned to the user)
*
* @since Servlet 3.0
*/
boolean authenticate(HttpServletResponse response) throws IOException, ServletException;
/**
* Validate the provided username and password in the password validation realm used by the web container login
* mechanism configured for the ServletContext
.
*
*
* This method returns without throwing a ServletException
when the login mechanism configured for the
* ServletContext
supports username password validation, and when, at the time of the call to login, the
* identity of the caller of the request had not been established (i.e, all of getUserPrincipal
,
* getRemoteUser
, and getAuthType
return null), and when validation of the provided
* credentials is successful. Otherwise, this method throws a ServletException
as described below.
*
*
* When this method returns without throwing an exception, it must have established non-null values as the values
* returned by getUserPrincipal
, getRemoteUser
, and getAuthType
.
*
* @param username The String
value corresponding to the login identifier of the user.
*
* @param password The password String
corresponding to the identified user.
*
* @exception ServletException if the configured login mechanism does not support username password authentication, or
* if a non-null caller identity had already been established (prior to the call to login), or if validation of the
* provided username and password fails.
*
* @since Servlet 3.0
*/
void login(String username, String password) throws ServletException;
/**
* Establish null
as the value returned when getUserPrincipal
, getRemoteUser
, and
* getAuthType
is called on the request.
*
* @exception ServletException if logout fails
*
* @since Servlet 3.0
*/
void logout() throws ServletException;
/**
* Gets all the {@link Part} components of this request, provided that it is of type multipart/form-data
.
*
*
* If this request is of type multipart/form-data
, but does not contain any Part
components,
* the returned Collection
will be empty.
*
*
* Any changes to the returned Collection
must not affect this HttpServletRequest
.
*
* @return a (possibly empty) Collection
of the Part
components of this request
*
* @throws IOException if an I/O error occurred during the retrieval of the {@link Part} components of this request
*
* @throws ServletException if this request is not of type multipart/form-data
*
* @throws IllegalStateException if the request body is larger than maxRequestSize
, or any
* Part
in the request is larger than maxFileSize
, or there is no
* @MultipartConfig
or multipart-config
in deployment descriptors
*
* @see jakarta.servlet.annotation.MultipartConfig#maxFileSize
* @see jakarta.servlet.annotation.MultipartConfig#maxRequestSize
*
* @since Servlet 3.0
*/
Collection getParts() throws IOException, ServletException;
/**
* Gets the {@link Part} with the given name.
*
* @param name the name of the requested Part
*
* @return The Part
with the given name, or null
if this request is of type
* multipart/form-data
, but does not contain the requested Part
*
* @throws IOException if an I/O error occurred during the retrieval of the requested Part
* @throws ServletException if this request is not of type multipart/form-data
* @throws IllegalStateException if the request body is larger than maxRequestSize
, or any
* Part
in the request is larger than maxFileSize
, or there is no
* @MultipartConfig
or multipart-config
in deployment descriptors
*
* @see jakarta.servlet.annotation.MultipartConfig#maxFileSize
* @see jakarta.servlet.annotation.MultipartConfig#maxRequestSize
*
* @since Servlet 3.0
*/
Part getPart(String name) throws IOException, ServletException;
/**
* Creates an instance of HttpUpgradeHandler
for a given class and uses it for the http protocol upgrade
* processing.
*
* @param The {@code Class}, which extends {@link HttpUpgradeHandler}, of the {@code handlerClass}.
*
* @param handlerClass The HttpUpgradeHandler
class used for the upgrade.
*
* @return an instance of the HttpUpgradeHandler
*
* @exception IOException if an I/O error occurred during the upgrade
* @exception ServletException if the given handlerClass
fails to be instantiated
*
* @see jakarta.servlet.http.HttpUpgradeHandler
* @see jakarta.servlet.http.WebConnection
*
* @since Servlet 3.1
*/
T upgrade(Class handlerClass) throws IOException, ServletException;
/**
* Get the request trailer fields.
*
*
* The returned map is not backed by the {@code HttpServletRequest} object, so changes in the returned map are not
* reflected in the {@code HttpServletRequest} object, and vice-versa.
*
*
*
* {@link #isTrailerFieldsReady()} should be called first to determine if it is safe to call this method without causing
* an exception.
*
*
* @implSpec The default implementation returns an empty map.
*
* @return A map of trailer fields in which all the keys are in lowercase, regardless of the case they had at the
* protocol level. If there are no trailer fields, yet {@link #isTrailerFieldsReady} is returning true, the empty map is
* returned.
*
* @throws IllegalStateException if {@link #isTrailerFieldsReady()} is false
*
* @since Servlet 4.0
*/
default Map getTrailerFields() {
return Collections.emptyMap();
}
/**
* Return a boolean indicating whether trailer fields are ready to read using {@link #getTrailerFields}.
*
* This methods returns true immediately if it is known that there is no trailer in the request, for instance, the
* underlying protocol (such as HTTP 1.0) does not supports the trailer fields, or the request is not in chunked
* encoding in HTTP 1.1. And the method also returns true if both of the following conditions are satisfied:
*
* - the application has read all the request data and an EOF indication has been returned from the {@link #getReader}
* or {@link #getInputStream}.
*
- all the trailer fields sent by the client have been received. Note that it is possible that the client has sent
* no trailer fields.
*
*
* @implSpec The default implementation returns {@code true}.
*
* @return a boolean whether trailer fields are ready to read
*
* @since Servlet 4.0
*/
default boolean isTrailerFieldsReady() {
return true;
}
}