1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
|
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package javax.servlet.http;
import java.io.IOException;
import java.util.Collection;
import java.util.Enumeration;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
/**
* Extends the {@link javax.servlet.ServletRequest} interface to provide request
* information for HTTP servlets.
* <p>
* The servlet container creates an <code>HttpServletRequest</code> object and
* passes it as an argument to the servlet's service methods
* (<code>doGet</code>, <code>doPost</code>, etc).
*/
public interface HttpServletRequest extends ServletRequest {
/**
* String identifier for Basic authentication. Value "BASIC"
*/
public static final String BASIC_AUTH = "BASIC";
/**
* String identifier for Form authentication. Value "FORM"
*/
public static final String FORM_AUTH = "FORM";
/**
* String identifier for Client Certificate authentication. Value
* "CLIENT_CERT"
*/
public static final String CLIENT_CERT_AUTH = "CLIENT_CERT";
/**
* String identifier for Digest authentication. Value "DIGEST"
*/
public static final String DIGEST_AUTH = "DIGEST";
/**
* Returns the name of the authentication scheme used to protect the
* servlet. All servlet containers support basic, form and client
* certificate authentication, and may additionally support digest
* authentication. If the servlet is not authenticated <code>null</code> is
* returned.
* <p>
* Same as the value of the CGI variable AUTH_TYPE.
*
* @return one of the static members BASIC_AUTH, FORM_AUTH, CLIENT_CERT_AUTH,
* DIGEST_AUTH (suitable for == comparison) or the
* container-specific string indicating the authentication scheme,
* or <code>null</code> if the request was not authenticated.
*/
public String getAuthType();
/**
* Returns an array containing all of the <code>Cookie</code> objects the
* client sent with this request. This method returns <code>null</code> if
* no cookies were sent.
*
* @return an array of all the <code>Cookies</code> included with this
* request, or <code>null</code> if the request has no cookies
*/
public Cookie[] getCookies();
/**
* Returns the value of the specified request header as a <code>long</code>
* value that represents a <code>Date</code> object. Use this method with
* headers that contain dates, such as <code>If-Modified-Since</code>.
* <p>
* The date is returned as the number of milliseconds since January 1, 1970
* GMT. The header name is case insensitive.
* <p>
* If the request did not have a header of the specified name, this method
* returns -1. If the header can't be converted to a date, the method throws
* an <code>IllegalArgumentException</code>.
*
* @param name
* a <code>String</code> specifying the name of the header
* @return a <code>long</code> value representing the date specified in the
* header expressed as the number of milliseconds since January 1,
* 1970 GMT, or -1 if the named header was not included with the
* request
* @exception IllegalArgumentException
* If the header value can't be converted to a date
*/
public long getDateHeader(String name);
/**
* Returns the value of the specified request header as a
* <code>String</code>. If the request did not include a header of the
* specified name, this method returns <code>null</code>. If there are
* multiple headers with the same name, this method returns the first head
* in the request. The header name is case insensitive. You can use this
* method with any request header.
*
* @param name
* a <code>String</code> specifying the header name
* @return a <code>String</code> containing the value of the requested
* header, or <code>null</code> if the request does not have a
* header of that name
*/
public String getHeader(String name);
/**
* Returns all the values of the specified request header as an
* <code>Enumeration</code> of <code>String</code> objects.
* <p>
* Some headers, such as <code>Accept-Language</code> can be sent by clients
* as several headers each with a different value rather than sending the
* header as a comma separated list.
* <p>
* If the request did not include any headers of the specified name, this
* method returns an empty <code>Enumeration</code>. The header name is case
* insensitive. You can use this method with any request header.
*
* @param name
* a <code>String</code> specifying the header name
* @return an <code>Enumeration</code> containing the values of the requested
* header. If the request does not have any headers of that name
* return an empty enumeration. If the container does not allow
* access to header information, return null
*/
public Enumeration<String> getHeaders(String name);
/**
* Returns an enumeration of all the header names this request contains. If
* the request has no headers, this method returns an empty enumeration.
* <p>
* Some servlet containers do not allow servlets to access headers using
* this method, in which case this method returns <code>null</code>
*
* @return an enumeration of all the header names sent with this request; if
* the request has no headers, an empty enumeration; if the servlet
* container does not allow servlets to use this method,
* <code>null</code>
*/
public Enumeration<String> getHeaderNames();
/**
* Returns the value of the specified request header as an <code>int</code>.
* If the request does not have a header of the specified name, this method
* returns -1. If the header cannot be converted to an integer, this method
* throws a <code>NumberFormatException</code>.
* <p>
* The header name is case insensitive.
*
* @param name
* a <code>String</code> specifying the name of a request header
* @return an integer expressing the value of the request header or -1 if the
* request doesn't have a header of this name
* @exception NumberFormatException
* If the header value can't be converted to an
* <code>int</code>
*/
public int getIntHeader(String name);
/**
* Returns the name of the HTTP method with which this request was made, for
* example, GET, POST, or PUT. Same as the value of the CGI variable
* REQUEST_METHOD.
*
* @return a <code>String</code> specifying the name of the method with
* which this request was made
*/
public String getMethod();
/**
* Returns any extra path information associated with the URL the client
* sent when it made this request. The extra path information follows the
* servlet path but precedes the query string and will start with a "/"
* character.
* <p>
* This method returns <code>null</code> if there was no extra path
* information.
* <p>
* Same as the value of the CGI variable PATH_INFO.
*
* @return a <code>String</code>, decoded by the web container, specifying
* extra path information that comes after the servlet path but
* before the query string in the request URL; or <code>null</code>
* if the URL does not have any extra path information
*/
public String getPathInfo();
/**
* Returns any extra path information after the servlet name but before the
* query string, and translates it to a real path. Same as the value of the
* CGI variable PATH_TRANSLATED.
* <p>
* If the URL does not have any extra path information, this method returns
* <code>null</code> or the servlet container cannot translate the virtual
* path to a real path for any reason (such as when the web application is
* executed from an archive). The web container does not decode this string.
*
* @return a <code>String</code> specifying the real path, or
* <code>null</code> if the URL does not have any extra path
* information
*/
public String getPathTranslated();
/**
* Returns the portion of the request URI that indicates the context of the
* request. The context path always comes first in a request URI. The path
* starts with a "/" character but does not end with a "/" character. For
* servlets in the default (root) context, this method returns "". The
* container does not decode this string.
*
* @return a <code>String</code> specifying the portion of the request URI
* that indicates the context of the request
*/
public String getContextPath();
/**
* Returns the query string that is contained in the request URL after the
* path. This method returns <code>null</code> if the URL does not have a
* query string. Same as the value of the CGI variable QUERY_STRING.
*
* @return a <code>String</code> containing the query string or
* <code>null</code> if the URL contains no query string. The value
* is not decoded by the container.
*/
public String getQueryString();
/**
* Returns the login of the user making this request, if the user has been
* authenticated, or <code>null</code> if the user has not been
* authenticated. Whether the user name is sent with each subsequent request
* depends on the browser and type of authentication. Same as the value of
* the CGI variable REMOTE_USER.
*
* @return a <code>String</code> specifying the login of the user making
* this request, or <code>null</code> if the user login is not known
*/
public String getRemoteUser();
/**
* Returns a boolean indicating whether the authenticated user is included
* in the specified logical "role". Roles and role membership can be defined
* using deployment descriptors. If the user has not been authenticated, the
* method returns <code>false</code>.
*
* @param role
* a <code>String</code> specifying the name of the role
* @return a <code>boolean</code> indicating whether the user making this
* request belongs to a given role; <code>false</code> if the user
* has not been authenticated
*/
public boolean isUserInRole(String role);
/**
* Returns a <code>java.security.Principal</code> object containing the name
* of the current authenticated user. If the user has not been
* authenticated, the method returns <code>null</code>.
*
* @return a <code>java.security.Principal</code> containing the name of the
* user making this request; <code>null</code> if the user has not
* been authenticated
*/
public java.security.Principal getUserPrincipal();
/**
* Returns the session ID specified by the client. This may not be the same
* as the ID of the current valid session for this request. If the client
* did not specify a session ID, this method returns <code>null</code>.
*
* @return a <code>String</code> specifying the session ID, or
* <code>null</code> if the request did not specify a session ID
* @see #isRequestedSessionIdValid
*/
public String getRequestedSessionId();
/**
* Returns the part of this request's URL from the protocol name up to the
* query string in the first line of the HTTP request. The web container
* does not decode this String. For example:
* <table summary="Examples of Returned Values">
* <tr align=left>
* <th>First line of HTTP request</th>
* <th>Returned Value</th>
* <tr>
* <td>POST /some/path.html HTTP/1.1
* <td>
* <td>/some/path.html
* <tr>
* <td>GET http://foo.bar/a.html HTTP/1.0
* <td>
* <td>/a.html
* <tr>
* <td>HEAD /xyz?a=b HTTP/1.1
* <td>
* <td>/xyz
* </table>
* <p>
* To reconstruct an URL with a scheme and host, use
* {@link #getRequestURL}.
*
* @return a <code>String</code> containing the part of the URL from the
* protocol name up to the query string
* @see #getRequestURL
*/
public String getRequestURI();
/**
* Reconstructs the URL the client used to make the request. The returned
* URL contains a protocol, server name, port number, and server path, but
* it does not include query string parameters.
* <p>
* Because this method returns a <code>StringBuffer</code>, not a string,
* you can modify the URL easily, for example, to append query parameters.
* <p>
* This method is useful for creating redirect messages and for reporting
* errors.
*
* @return a <code>StringBuffer</code> object containing the reconstructed
* URL
*/
public StringBuffer getRequestURL();
/**
* Returns the part of this request's URL that calls the servlet. This path
* starts with a "/" character and includes either the servlet name or a
* path to the servlet, but does not include any extra path information or a
* query string. Same as the value of the CGI variable SCRIPT_NAME.
* <p>
* This method will return an empty string ("") if the servlet used to
* process this request was matched using the "/*" pattern.
*
* @return a <code>String</code> containing the name or path of the servlet
* being called, as specified in the request URL, decoded, or an
* empty string if the servlet used to process the request is
* matched using the "/*" pattern.
*/
public String getServletPath();
/**
* Returns the current <code>HttpSession</code> associated with this request
* or, if there is no current session and <code>create</code> is true,
* returns a new session.
* <p>
* If <code>create</code> is <code>false</code> and the request has no valid
* <code>HttpSession</code>, this method returns <code>null</code>.
* <p>
* To make sure the session is properly maintained, you must call this
* method before the response is committed. If the container is using
* cookies to maintain session integrity and is asked to create a new
* session when the response is committed, an IllegalStateException is
* thrown.
*
* @param create
* <code>true</code> to create a new session for this request if
* necessary; <code>false</code> to return <code>null</code> if
* there's no current session
* @return the <code>HttpSession</code> associated with this request or
* <code>null</code> if <code>create</code> is <code>false</code>
* and the request has no valid session
* @see #getSession()
*/
public HttpSession getSession(boolean create);
/**
* Returns the current session associated with this request, or if the
* request does not have a session, creates one.
*
* @return the <code>HttpSession</code> associated with this request
* @see #getSession(boolean)
*/
public HttpSession getSession();
/**
* Changes the session ID of the session associated with this request. This
* method does not create a new session object it only changes the ID of the
* current session.
*
* @return the new session ID allocated to the session
* @see HttpSessionIdListener
* @since Servlet 3.1
*/
public String changeSessionId();
/**
* Checks whether the requested session ID is still valid.
*
* @return <code>true</code> if this request has an id for a valid session
* in the current session context; <code>false</code> otherwise
* @see #getRequestedSessionId
* @see #getSession
*/
public boolean isRequestedSessionIdValid();
/**
* Checks whether the requested session ID came in as a cookie.
*
* @return <code>true</code> if the session ID came in as a cookie;
* otherwise, <code>false</code>
* @see #getSession
*/
public boolean isRequestedSessionIdFromCookie();
/**
* Checks whether the requested session ID came in as part of the request
* URL.
*
* @return <code>true</code> if the session ID came in as part of a URL;
* otherwise, <code>false</code>
* @see #getSession
*/
public boolean isRequestedSessionIdFromURL();
/**
* @deprecated As of Version 2.1 of the Java Servlet API, use
* {@link #isRequestedSessionIdFromURL} instead.
*/
@SuppressWarnings("dep-ann")
// Spec API does not use @Deprecated
public boolean isRequestedSessionIdFromUrl();
/**
* Triggers the same authentication process as would be triggered if the
* request is for a resource that is protected by a security constraint.
*
* @param response The response to use to return any authentication
* challenge
* @return <code>true</code> if the user is successfully authenticated and
* <code>false</code> if not
*
* @since Servlet 3.0
*/
public boolean authenticate(HttpServletResponse response)
throws IOException, ServletException;
/**
* Authenticate the provided user name and password and then associated the
* authenticated user with the request.
*
* @param username The user name to authenticate
* @param password The password to use to authenticate the user
*
* @throws ServletException
* If any of {@link #getRemoteUser()},
* {@link #getUserPrincipal()} or {@link #getAuthType()} are
* non-null, if the configured authenticator does not support
* user name and password authentication or if the
* authentication fails
* @since Servlet 3.0
*/
public void login(String username, String password) throws ServletException;
/**
* Removes any authenticated user from the request.
*
* @throws ServletException
* If the logout fails
* @since Servlet 3.0
*/
public void logout() throws ServletException;
/**
* Return a collection of all uploaded Parts.
*
* @return A collection of all uploaded Parts.
* @throws IOException
* if an I/O error occurs
* @throws IllegalStateException
* if size limits are exceeded or no multipart configuration is
* provided
* @throws ServletException
* if the request is not multipart/form-data
* @since Servlet 3.0
*/
public Collection<Part> getParts() throws IOException,
ServletException;
/**
* Gets the named Part or null if the Part does not exist. Triggers upload
* of all Parts.
*
* @param name
* @return The named Part or null if the Part does not exist
* @throws IOException
* if an I/O error occurs
* @throws IllegalStateException
* if size limits are exceeded
* @throws ServletException
* if the request is not multipart/form-data
* @since Servlet 3.0
*/
public Part getPart(String name) throws IOException,
ServletException;
/**
* Start the HTTP upgrade process and pass the connection to the provided
* protocol handler once the current request/response pair has completed
* processing. Calling this method sets the response status to {@link
* HttpServletResponse#SC_SWITCHING_PROTOCOLS} and flushes the response.
* Protocol specific headers must have already been set before this method
* is called.
*
* @throws IOException
* if an I/O error occurred during the upgrade
* @throws ServletException
* if the given httpUpgradeHandlerClass fails to be instantiated
* @since Servlet 3.1
*/
public <T extends HttpUpgradeHandler> T upgrade(
Class<T> httpUpgradeHandlerClass) throws java.io.IOException, ServletException;
}
|
