Interface HttpServletRequest
- All Superinterfaces:
ServletRequest
- All Known Implementing Classes:
HttpServletRequestWrapper
ServletRequest
interface to provide request information for HTTP servlets.
The servlet container creates an HttpServletRequest
object and passes it as an argument to the servlet's
service methods (doGet
, doPost
, etc).
- Author:
- Various
-
Field Summary
Modifier and TypeFieldDescriptionstatic final String
String identifier for Basic authentication.static final String
String identifier for Client Certificate authentication.static final String
String identifier for Digest authentication.static final String
String identifier for Form authentication. -
Method Summary
Modifier and TypeMethodDescriptionboolean
authenticate
(HttpServletResponse response) Use the container login mechanism configured for theServletContext
to authenticate the user making this request.Change the session id of the current session associated with this request and return the new session id.Returns the name of the authentication scheme used to protect the servlet.Returns the portion of the request URI that indicates the context of the request.Cookie[]
Returns an array containing all of theCookie
objects the client sent with this request.long
getDateHeader
(String name) Returns the value of the specified request header as along
value that represents aDate
object.Returns the value of the specified request header as aString
.Returns an enumeration of all the header names this request contains.getHeaders
(String name) Returns all the values of the specified request header as anEnumeration
ofString
objects.default HttpServletMapping
Return the HttpServletMapping of the request.int
getIntHeader
(String name) Returns the value of the specified request header as anint
.Returns the name of the HTTP method with which this request was made, for example, GET, POST, or PUT.Gets thePart
with the given name.getParts()
Gets all thePart
components of this request, provided that it is of typemultipart/form-data
.Returns any extra path information associated with the URL the client sent when it made this request.Returns any extra path information after the servlet name but before the query string, and translates it to a real path.Returns the query string that is contained in the request URL after the path.Returns the login of the user making this request, if the user has been authenticated, ornull
if the user has not been authenticated.Returns the session ID specified by the client.Returns the part of this request's URL from the protocol name up to the query string in the first line of the HTTP request.Reconstructs the URL the client used to make the request.Returns the part of this request's URL that calls the servlet.Returns the current session associated with this request, or if the request does not have a session, creates one.getSession
(boolean create) Returns the currentHttpSession
associated with this request or, if there is no current session andcreate
is true, returns a new session.Get the request trailer fields.Returns ajava.security.Principal
object containing the name of the current authenticated user.boolean
Checks whether the requested session ID was conveyed to the server as an HTTP cookie.boolean
Checks whether the requested session ID was conveyed to the server as part of the request URL.boolean
Checks whether the requested session ID is still valid.default boolean
Return a boolean indicating whether trailer fields are ready to read usinggetTrailerFields()
.boolean
isUserInRole
(String role) Returns a boolean indicating whether the authenticated user is included in the specified logical "role".void
Validate the provided username and password in the password validation realm used by the web container login mechanism configured for theServletContext
.void
logout()
Establishnull
as the value returned whengetUserPrincipal
,getRemoteUser
, andgetAuthType
is called on the request.default PushBuilder
Deprecated.In favor of 103 early hints<T extends HttpUpgradeHandler>
TCreates an instance ofHttpUpgradeHandler
for a given class and uses it for the http protocol upgrade processing.Methods inherited from interface jakarta.servlet.ServletRequest
getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentLengthLong, getContentType, getDispatcherType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameter, getParameterMap, getParameterNames, getParameterValues, getProtocol, getProtocolRequestId, getReader, getRemoteAddr, getRemoteHost, getRemotePort, getRequestDispatcher, getRequestId, getScheme, getServerName, getServerPort, getServletConnection, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, removeAttribute, setAttribute, setCharacterEncoding, setCharacterEncoding, startAsync, startAsync
-
Field Details
-
BASIC_AUTH
String identifier for Basic authentication. Value "BASIC"- See Also:
-
FORM_AUTH
String identifier for Form authentication. Value "FORM"- See Also:
-
CLIENT_CERT_AUTH
String identifier for Client Certificate authentication. Value "CLIENT_CERT"- See Also:
-
DIGEST_AUTH
String identifier for Digest authentication. Value "DIGEST"- See Also:
-
-
Method Details
-
getAuthType
String getAuthType()Returns the name of the authentication scheme used to protect the servlet. All servlet containers support basic, form and client certificate authentication, and may additionally support digest authentication. If the servlet is not authenticatednull
is returned.- Returns:
- one of the static members BASIC_AUTH, FORM_AUTH, CLIENT_CERT_AUTH, DIGEST_AUTH (suitable for == comparison)
or the container-specific string indicating the authentication scheme, or
null
if the request was not authenticated.
-
getCookies
Cookie[] getCookies()Returns an array containing all of theCookie
objects the client sent with this request. This method returnsnull
if no cookies were sent.- Returns:
- an array of all the
Cookies
included with this request, ornull
if the request has no cookies
-
getDateHeader
Returns the value of the specified request header as along
value that represents aDate
object. Use this method with headers that contain dates, such asIf-Modified-Since
.The date is returned as the number of milliseconds since January 1, 1970 GMT. The header name is case insensitive.
If the request did not have a header of the specified name, this method returns -1. If there are multiple headers with the same name, this method returns the value of the first header in the request. If the header can't be converted to a date, the method throws an
IllegalArgumentException
.- Parameters:
name
- aString
specifying the name of the header- Returns:
- a
long
value representing the date specified in the header expressed as the number of milliseconds since January 1, 1970 GMT, or -1 if the named header was not included with the request - Throws:
IllegalArgumentException
- If the header value can't be converted to a date
-
getHeader
Returns the value of the specified request header as aString
. If the request did not include a header of the specified name, this method returnsnull
. If there are multiple headers with the same name, this method returns the value of the first header in the request. The header name is case insensitive. You can use this method with any request header.- Parameters:
name
- aString
specifying the header name- Returns:
- a
String
containing the value of the requested header, ornull
if the request does not have a header of that name
-
getHeaders
Returns all the values of the specified request header as anEnumeration
ofString
objects.Some headers, such as
Accept-Language
can be sent by clients as several headers each with a different value rather than sending the header as a comma separated list.If the request did not include any headers of the specified name, this method returns an empty
Enumeration
. The header name is case insensitive. You can use this method with any request header.- Parameters:
name
- aString
specifying the header name- Returns:
- an
Enumeration
containing the values of the requested header. If the request does not have any headers of that name return an empty enumeration. If the container does not allow access to header information, return null
-
getHeaderNames
Enumeration<String> getHeaderNames()Returns an enumeration of all the header names this request contains. If the request has no headers, this method returns an empty enumeration.Some servlet containers do not allow servlets to access headers using this method, in which case this method returns
null
- Returns:
- an enumeration of all the header names sent with this request; if the request has no headers, an empty
enumeration; if the servlet container does not allow servlets to use this method,
null
-
getIntHeader
Returns the value of the specified request header as anint
. If the request does not have a header of the specified name, this method returns -1. If there are multiple headers with the same name, this method returns the value of the first header in the request. If the header cannot be converted to an integer, this method throws aNumberFormatException
.The header name is case insensitive.
- Parameters:
name
- aString
specifying the name of a request header- Returns:
- an integer expressing the value of the request header or -1 if the request doesn't have a header of this name
- Throws:
NumberFormatException
- If the header value can't be converted to anint
-
getHttpServletMapping
Return the HttpServletMapping of the request.The mapping returned depends on the current
DispatcherType
as obtained fromServletRequest.getDispatcherType()
:DispatcherType.REQUEST
,DispatcherType.ASYNC
,DispatcherType.ERROR
- Return the mapping for the target of the dispatch i.e. the mapping for the current
Servlet
. DispatcherType.INCLUDE
- Return the mapping as prior to the current dispatch. i.e the mapping returned is unchanged by a call to
DispatcherType.FORWARD
- Return the mapping for the target of the dispatch i.e. the mapping for the current
Servlet
, unless theRequestDispatcher
was obtained viaServletContext.getNamedDispatcher(String)
, in which case return the mapping as prior to the current dispatch. i.e the mapping returned is changed during a call toRequestDispatcher.forward(ServletRequest, jakarta.servlet.ServletResponse)
only if the dispatcher is not a named dispatcher.
RequestDispatcher.include(ServletRequest, jakarta.servlet.ServletResponse)
.For example:
- For a sequence Servlet1 --include--> Servlet2 --include--> Servlet3, a call to this method in Servlet3 will return the mapping for Servlet1.
- For a sequence Servlet1 --async--> Servlet2 --named-forward--> Servlet3, a call to this method in Servlet3 will return the mapping for Servlet2.
The returned object is immutable. Servlet 4.0 onwards compliant implementations must override this method.
- Returns:
- An instance of
HttpServletMapping
describing the manner in which the current request was invoked. - Since:
- Servlet 4.0
-
getMethod
String getMethod()Returns the name of the HTTP method with which this request was made, for example, GET, POST, or PUT.- Returns:
- a
String
specifying the name of the method with which this request was made
-
getPathInfo
String getPathInfo()Returns any extra path information associated with the URL the client sent when it made this request. The extra path information follows the servlet path but precedes the query string and will start with a "/" character.This method returns
null
if there was no extra path information.- Returns:
- a
String
specifying extra path information that comes after the servlet path but before the query string in the request URL; ornull
if the URL does not have any extra path information. The path will be canonicalized as per Servlet 6.0, 3.5. This method will not return any encoded characters unless the container is configured specifically to allow them. - Throws:
IllegalArgumentException
- In standard configuration, this method will never throw. However, a container may be configured to not reject some suspicious sequences identified by Servlet 6.0, 3.5.2, furthermore the container may be configured to allow such paths to only be accessed via safer methods likegetRequestURI()
and to throw IllegalArgumentException if this method is called for such suspicious paths.
-
getPathTranslated
String getPathTranslated()Returns any extra path information after the servlet name but before the query string, and translates it to a real path.If the URL does not have any extra path information, this method returns
null
or the servlet container cannot translate the virtual path to a real path for any reason (such as when the web application is executed from an archive). The web container does not decode this string.- Returns:
- a
String
specifying the real path, ornull
if the URL does not have any extra path information
-
newPushBuilder
Deprecated.In favor of 103 early hintsInstantiates a new instance ofPushBuilder
for issuing server push responses from the current request. This method returns null if the current connection does not support server push, or server push has been disabled by the client via aSETTINGS_ENABLE_PUSH
settings frame value of0
(zero).- Returns:
- a
PushBuilder
for issuing server push responses from the current request, ornull
if push is not supported. Note that some implementations may opt not to support server push and will therefore always returnnull
- Since:
- Servlet 4.0
-
getContextPath
String getContextPath()Returns the portion of the request URI that indicates the context of the request. The context path always comes first in a request URI. The path starts with a "/" character but does not end with a "/" character. For servlets in the default (root) context, this method returns "". The container does not decode this string.It is possible that a servlet container may match a context by more than one context path. In such cases this method will return the actual context path used by the request and it may differ from the path returned by the
ServletContext.getContextPath()
method. The context path returned byServletContext.getContextPath()
should be considered as the prime or preferred context path of the application.- Returns:
- a
String
specifying the portion of the request URI that indicates the context of the request. The path will be canonicalized as per Servlet 6.0, 3.5. This method will not return any encoded characters unless the container is configured specifically to allow them. - Throws:
IllegalArgumentException
- In standard configuration, this method will never throw. However, a container may be configured to not reject some suspicious sequences identified by Servlet 6.0, 3.5.2, furthermore the container may be configured to allow such paths to only be accessed via safer methods likegetRequestURI()
and to throw IllegalArgumentException if this method is called for such suspicious paths.- See Also:
-
getQueryString
String getQueryString()Returns the query string that is contained in the request URL after the path. This method returnsnull
if the URL does not have a query string.- Returns:
- a
String
containing the query string ornull
if the URL contains no query string. The value is not decoded by the container.
-
getRemoteUser
String getRemoteUser()Returns the login of the user making this request, if the user has been authenticated, ornull
if the user has not been authenticated. Whether the user name is sent with each subsequent request depends on the browser and type of authentication.- Returns:
- a
String
specifying the login of the user making this request, ornull
if the user login is not known
-
isUserInRole
Returns a boolean indicating whether the authenticated user is included in the specified logical "role". Roles and role membership can be defined using deployment descriptors. If the user has not been authenticated, the method returnsfalse
.The role name "*" should never be used as an argument in calling
isUserInRole
. Any call toisUserInRole
with "*" must return false. If the role-name of the security-role to be tested is "**", and the application has NOT declared an application security-role with role-name "**",isUserInRole
must only return true if the user has been authenticated; that is, only whengetRemoteUser()
andgetUserPrincipal()
would both return a non-null value. Otherwise, the container must check the user for membership in the application role.- Parameters:
role
- aString
specifying the name of the role- Returns:
- a
boolean
indicating whether the user making this request belongs to a given role;false
if the user has not been authenticated
-
getUserPrincipal
Principal getUserPrincipal()Returns ajava.security.Principal
object containing the name of the current authenticated user. If the user has not been authenticated, the method returnsnull
.- Returns:
- a
java.security.Principal
containing the name of the user making this request;null
if the user has not been authenticated
-
getRequestedSessionId
String getRequestedSessionId()Returns the session ID specified by the client. This may not be the same as the ID of the current valid session for this request. If the client did not specify a session ID, this method returnsnull
.- Returns:
- a
String
specifying the session ID, ornull
if the request did not specify a session ID - See Also:
-
getRequestURI
String getRequestURI()Returns the part of this request's URL from the protocol name up to the query string in the first line of the HTTP request. The web container does not decode this String. For example:First line of HTTP request Returned Value POST /some/path.html HTTP/1.1 /some/path.html GET http://foo.bar/a.html HTTP/1.0 /a.html HEAD /xyz?a=b HTTP/1.1 /xyz - Returns:
- a
String
containing the part of the URL from the protocol name up to the query string
-
getRequestURL
StringBuffer getRequestURL()Reconstructs the URL the client used to make the request. The returned URL contains a protocol, server name, port number, and server path, but it does not include query string parameters.If this request has been forwarded using
RequestDispatcher.forward(jakarta.servlet.ServletRequest, jakarta.servlet.ServletResponse)
, the server path in the reconstructed URL must reflect the path used to obtain the RequestDispatcher, and not the server path specified by the client.Because this method returns a
StringBuffer
, not a string, you can modify the URL easily, for example, to append query parameters.This method is useful for creating redirect messages and for reporting errors.
- Returns:
- a
StringBuffer
object containing the reconstructed URL
-
getServletPath
String getServletPath()Returns the part of this request's URL that calls the servlet. This path starts with a "/" character and includes the path to the servlet, but does not include any extra path information or a query string.This method will return an empty string ("") if the servlet used to process this request was matched using the "/*" pattern.
- Returns:
- a
String
containing the path of the servlet being called, as specified in the request URL, or an empty string if the servlet used to process the request is matched using the "/*" pattern. The path will be canonicalized as per Servlet 6.0, 3.5. This method will not return any encoded characters unless the container is configured specifically to allow them. - Throws:
IllegalArgumentException
- In standard configuration, this method will never throw. However, a container may be configured to not reject some suspicious sequences identified by Servlet 6.0, 3.5.2, furthermore the container may be configured to allow such paths to only be accessed via safer methods likegetRequestURI()
and to throw IllegalArgumentException if this method is called for such suspicious paths.
-
getSession
Returns the currentHttpSession
associated with this request or, if there is no current session andcreate
is true, returns a new session.If
create
isfalse
and the request has no validHttpSession
, this method returnsnull
.To make sure the session is properly maintained, you must call this method before the response is committed. If the container is using cookies to maintain session integrity and is asked to create a new session when the response is committed, an IllegalStateException is thrown.
- Parameters:
create
-true
to create a new session for this request if necessary;false
to returnnull
if there's no current session- Returns:
- the
HttpSession
associated with this request ornull
ifcreate
isfalse
and the request has no valid session - See Also:
-
getSession
HttpSession getSession()Returns the current session associated with this request, or if the request does not have a session, creates one.- Returns:
- the
HttpSession
associated with this request - See Also:
-
changeSessionId
String changeSessionId()Change the session id of the current session associated with this request and return the new session id.- Returns:
- the new session id
- Throws:
IllegalStateException
- if there is no session associated with the request- Since:
- Servlet 3.1
-
isRequestedSessionIdValid
boolean isRequestedSessionIdValid()Checks whether the requested session ID is still valid.If the client did not specify any session ID, this method returns
false
.- Returns:
true
if this request has an id for a valid session in the current session context;false
otherwise- See Also:
-
isRequestedSessionIdFromCookie
boolean isRequestedSessionIdFromCookie()Checks whether the requested session ID was conveyed to the server as an HTTP cookie.
- Returns:
true
if the session ID was conveyed to the server an an HTTP cookie; otherwise,false
- See Also:
-
isRequestedSessionIdFromURL
boolean isRequestedSessionIdFromURL()Checks whether the requested session ID was conveyed to the server as part of the request URL.
- Returns:
true
if the session ID was conveyed to the server as part of a URL; otherwise,false
- See Also:
-
authenticate
Use the container login mechanism configured for theServletContext
to authenticate the user making this request.This method may modify and commit the argument
HttpServletResponse
.- Parameters:
response
- TheHttpServletResponse
associated with thisHttpServletRequest
- Returns:
true
when non-null values were or have been established as the values returned bygetUserPrincipal
,getRemoteUser
, andgetAuthType
. Returnfalse
if authentication is incomplete and the underlying login mechanism has committed, in the response, the message (e.g., challenge) and HTTP status code to be returned to the user.- Throws:
IOException
- if an input or output error occurred while reading from this request or writing to the given responseIllegalStateException
- if the login mechanism attempted to modify the response and it was already committedServletException
- if the authentication failed and the caller is responsible for handling the error (i.e., the underlying login mechanism did NOT establish the message and HTTP status code to be returned to the user)- Since:
- Servlet 3.0
-
login
Validate the provided username and password in the password validation realm used by the web container login mechanism configured for theServletContext
.This method returns without throwing a
ServletException
when the login mechanism configured for theServletContext
supports username password validation, and when, at the time of the call to login, the identity of the caller of the request had not been established (i.e, all ofgetUserPrincipal
,getRemoteUser
, andgetAuthType
return null), and when validation of the provided credentials is successful. Otherwise, this method throws aServletException
as described below.When this method returns without throwing an exception, it must have established non-null values as the values returned by
getUserPrincipal
,getRemoteUser
, andgetAuthType
.- Parameters:
username
- TheString
value corresponding to the login identifier of the user.password
- The passwordString
corresponding to the identified user.- Throws:
ServletException
- if the configured login mechanism does not support username password authentication, or if a non-null caller identity had already been established (prior to the call to login), or if validation of the provided username and password fails.- Since:
- Servlet 3.0
-
logout
Establishnull
as the value returned whengetUserPrincipal
,getRemoteUser
, andgetAuthType
is called on the request.- Throws:
ServletException
- if logout fails- Since:
- Servlet 3.0
-
getParts
Gets all thePart
components of this request, provided that it is of typemultipart/form-data
.If this request is of type
multipart/form-data
, but does not contain anyPart
components, the returnedCollection
will be empty.Any changes to the returned
Collection
must not affect thisHttpServletRequest
.- Returns:
- a (possibly empty)
Collection
of thePart
components of this request - Throws:
IOException
- if an I/O error occurred during the retrieval of thePart
components of this requestServletException
- if this request is not of typemultipart/form-data
IllegalStateException
- if the request body is larger thanmaxRequestSize
, or anyPart
in the request is larger thanmaxFileSize
, or there is no@MultipartConfig
ormultipart-config
in deployment descriptors- Since:
- Servlet 3.0
- See Also:
-
getPart
Gets thePart
with the given name.- Parameters:
name
- the name of the requestedPart
- Returns:
- The
Part
with the given name, ornull
if this request is of typemultipart/form-data
, but does not contain the requestedPart
- Throws:
IOException
- if an I/O error occurred during the retrieval of the requestedPart
ServletException
- if this request is not of typemultipart/form-data
IllegalStateException
- if the request body is larger thanmaxRequestSize
, or anyPart
in the request is larger thanmaxFileSize
, or there is no@MultipartConfig
ormultipart-config
in deployment descriptors- Since:
- Servlet 3.0
- See Also:
-
upgrade
<T extends HttpUpgradeHandler> T upgrade(Class<T> handlerClass) throws IOException, ServletException Creates an instance ofHttpUpgradeHandler
for a given class and uses it for the http protocol upgrade processing.- Type Parameters:
T
- TheClass
, which extendsHttpUpgradeHandler
, of thehandlerClass
.- Parameters:
handlerClass
- TheHttpUpgradeHandler
class used for the upgrade.- Returns:
- an instance of the
HttpUpgradeHandler
- Throws:
IOException
- if an I/O error occurred during the upgradeServletException
- if the givenhandlerClass
fails to be instantiated- Since:
- Servlet 3.1
- See Also:
-
getTrailerFields
Get the request trailer fields.The returned map is not backed by the
HttpServletRequest
object, so changes in the returned map are not reflected in theHttpServletRequest
object, and vice-versa.isTrailerFieldsReady()
should be called first to determine if it is safe to call this method without causing an exception.- Returns:
- A map of trailer fields in which all the keys are in lowercase, regardless of the case they had at the
protocol level. If there are no trailer fields, yet
isTrailerFieldsReady()
is returning true, the empty map is returned. - Throws:
IllegalStateException
- ifisTrailerFieldsReady()
is false- Since:
- Servlet 4.0
-
isTrailerFieldsReady
default boolean isTrailerFieldsReady()Return a boolean indicating whether trailer fields are ready to read usinggetTrailerFields()
. This methods returns true immediately if it is known that there is no trailer in the request, for instance, the underlying protocol (such as HTTP 1.0) does not supports the trailer fields, or the request is not in chunked encoding in HTTP 1.1. And the method also returns true if both of the following conditions are satisfied:- the application has read all the request data and an EOF indication has been returned from the
ServletRequest.getReader()
orServletRequest.getInputStream()
. - all the trailer fields sent by the client have been received. Note that it is possible that the client has sent no trailer fields.
- Returns:
- a boolean whether trailer fields are ready to read
- Since:
- Servlet 4.0
- the application has read all the request data and an EOF indication has been returned from the
-