javax.servlet.http
Class HttpServlet

java.lang.Object
  |
  +--javax.servlet.GenericServlet
        |
        +--javax.servlet.http.HttpServlet

public abstract class HttpServlet

extends GenericServlet

implements java.io.Serializable

An abstract class that simplifies writing HTTP servlets. It extends the GenericServlet base class and provides an framework for handling the HTTP protocol. Because it is an abstract class, servlet writers must subclass it and override at least one method. The methods normally overridden are:

• doGet, if HTTP GET requests are supported. Overriding the doGet method automatically also provides support for the HEAD and conditional GET operations. Where practical, the getLastModified method should also be overridden, to facilitate caching the HTTP response data. This improves performance by enabling smarter conditional GET support.
• doPost, if HTTP POST requests are supported.
• doPut, if HTTP PUT requests are supported.
• doDelete, if HTTP DELETE requests are supported.
• The lifecycle methods init and destroy, if the servlet writer needs to manage resources that are held for the lifetime of the servlet. Servlets that do not manage resources do not need to specialize these methods.
• getServletInfo, to provide descriptive information through a service's administrative interfaces.

Notice that the service method is not typically overridden. The service method, as provided, supports standard HTTP requests by dispatching them to appropriate methods, such as the methods listed above that have the prefix "do". In addition, the service method also supports the HTTP 1.1 protocol's TRACE and OPTIONS methods by dispatching to the doTrace and doOptions methods. The doTrace and doOptions methods are not typically overridden.

Servlets typically run inside multi-threaded servers; servlets must be written to handle multiple service requests simultaneously. It is the servlet writer's responsibility to synchronize access to any shared resources. Such resources include in-memory data such as instance or class variables of the servlet, as well as external components such as files, database and network connections. Information on multithreaded programming in Java can be found in the Java Tutorial on Multithreaded Programming.

See Also:

Serialized Form

Constructor Summary

HttpServlet()
The default constructor does nothing.

Method Summary

protected void	doDelete(HttpServletRequest req, HttpServletResponse resp) Performs the HTTP DELETE operation; the default implementation reports an HTTP BAD_REQUEST error.
protected void	doGet(HttpServletRequest req, HttpServletResponse resp) Performs the HTTP GET operation; the default implementation reports an HTTP BAD_REQUEST error.
protected void	doOptions(HttpServletRequest req, HttpServletResponse resp) Performs the HTTP OPTIONS operation; the default implementation of this method automatically determines what HTTP Options are supported.
protected void	doPost(HttpServletRequest req, HttpServletResponse resp) Performs the HTTP POST operation; the default implementation reports an HTTP BAD_REQUEST error.
protected void	doPut(HttpServletRequest req, HttpServletResponse resp) Performs the HTTP PUT operation; the default implementation reports an HTTP BAD_REQUEST error.
protected void	doTrace(HttpServletRequest req, HttpServletResponse resp) Performs the HTTP TRACE operation; the default implementation of this method causes a response with a message containing all of the headers sent in the trace request.
protected long	getLastModified(HttpServletRequest req) Gets the time the requested entity was last modified; the default implementation returns a negative number, indicating that the modification time is unknown and hence should not be used for conditional GET operations or for other cache control operations as this implementation will always return the contents.
protected void	service(HttpServletRequest req, HttpServletResponse resp) This is an HTTP-specific version of the Servlet.service method, which accepts HTTP specific parameters.
void	service(ServletRequest req, ServletResponse res) Implements the high level Servlet.service method by delegating to the HTTP-specific service method.

Methods inherited from class javax.servlet.GenericServlet

destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, init, init, log, log

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

HttpServlet

public HttpServlet()

The default constructor does nothing.

Method Detail

doGet

protected void doGet(HttpServletRequest req,
                     HttpServletResponse resp)
              throws ServletException,
                     java.io.IOException

Performs the HTTP GET operation; the default implementation reports an HTTP BAD_REQUEST error. Overriding this method to support the GET operation also automatically supports the HEAD operation. (HEAD is a GET that returns no body in the response; it just returns the request HEADer fields.)

Servlet writers who override this method should read any data from the request, set entity headers in the response, access the writer or output stream, and, finally, write any response data. The headers that are set should include content type, and encoding. If a writer is to be used to write response data, the content type must be set before the writer is accessed. In general, the servlet implementor must write the headers before the response data because the headers can be flushed at any time after the data starts to be written.

Setting content length allows the servlet to take advantage of HTTP "connection keep alive". If content length can not be set in advance, the performance penalties associated with not using keep alives will sometimes be avoided if the response entity fits in an internal buffer.

Entity data written for a HEAD request is ignored. Servlet writers can, as a simple performance optimization, omit writing response data for HEAD methods. If no response data is to be written, then the content length field must be set explicitly.

The GET operation is expected to be safe: without any side effects for which users might be held responsible. For example, most form queries have no side effects. Requests intended to change stored data should use some other HTTP method. (There have been cases of significant security breaches reported because web-based applications used GET inappropriately.)

The GET operation is also expected to be idempotent: it can safely be repeated. This is not quite the same as being safe, but in some common examples the requirements have the same result. For example, repeating queries is both safe and idempotent (unless payment is required!), but buying something or modifying data is neither safe nor idempotent.

Parameters:

req - HttpServletRequest that encapsulates the request to the servlet

resp - HttpServletResponse that encapsulates the response from the servlet

Throws:

java.io.IOException - if detected when handling the request

ServletException - if the request could not be handled

See Also:

ServletResponse.setContentType(java.lang.String)

getLastModified

protected long getLastModified(HttpServletRequest req)

Gets the time the requested entity was last modified; the default implementation returns a negative number, indicating that the modification time is unknown and hence should not be used for conditional GET operations or for other cache control operations as this implementation will always return the contents.

Implementations supporting the GET request should override this method to provide an accurate object modification time. This makes browser and proxy caches work more effectively, reducing the load on server and network resources.

Parameters:

req - HttpServletRequest that encapsulates the request to the servlet

Returns:

the time the requested entity was last modified, as the difference, measured in milliseconds, between that time and midnight, January 1, 1970 UTC. Negative numbers indicate this time is unknown.

doPost

protected void doPost(HttpServletRequest req,
                      HttpServletResponse resp)
               throws ServletException,
                      java.io.IOException

Performs the HTTP POST operation; the default implementation reports an HTTP BAD_REQUEST error. Servlet writers who override this method should read any data from the request (for example, form parameters), set entity headers in the response, access the writer or output stream and, finally, write any response data using the servlet output stream. The headers that are set should include content type, and encoding. If a writer is to be used to write response data, the content type must be set before the writer is accessed. In general, the servlet implementor must write the headers before the response data because the headers can be flushed at any time after the data starts to be written.

If HTTP/1.1 chunked encoding is used (that is, if the transfer-encoding header is present), then the content-length header should not be set. For HTTP/1.1 communications that do not use chunked encoding and HTTP 1.0 communications, setting content length allows the servlet to take advantage of HTTP "connection keep alive". For just such communications, if content length can not be set, the performance penalties associated with not using keep alives will sometimes be avoided if the response entity fits in an internal buffer.

This method does not need to be either "safe" or "idempotent". Operations requested through POST can have side effects for which the user can be held accountable. Specific examples including updating stored data or buying things online.

Parameters:

req - HttpServletRequest that encapsulates the request to the servlet

resp - HttpServletResponse that encapsulates the response from the servlet

Throws:

java.io.IOException - if detected when handling the request

ServletException - if the request could not be handled

See Also:

ServletResponse.setContentType(java.lang.String)

doPut

protected void doPut(HttpServletRequest req,
                     HttpServletResponse resp)
              throws ServletException,
                     java.io.IOException

Performs the HTTP PUT operation; the default implementation reports an HTTP BAD_REQUEST error. The PUT operation is analogous to sending a file via FTP.

Servlet writers who override this method must respect any Content-* headers sent with the request. (These headers include content-length, content-type, content-transfer-encoding, content-encoding, content-base, content-language, content-location, content-MD5, and content-range.) If the subclass cannot honor a content header, then it must issue an error response (501) and discard the request. For more information, see the HTTP 1.1 RFC.

This method does not need to be either "safe" or "idempotent". Operations requested through PUT can have side effects for which the user can be held accountable. Although not required, servlet writers who override this method may wish to save a copy of the affected URI in temporary storage.

Parameters:

req - HttpServletRequest that encapsulates the request to the servlet

resp - HttpServletResponse that encapsulates the response from the servlet

Throws:

java.io.IOException - if detected when handling the request

ServletException - if the request could not be handled

doDelete

protected void doDelete(HttpServletRequest req,
                        HttpServletResponse resp)
                 throws ServletException,
                        java.io.IOException

Performs the HTTP DELETE operation; the default implementation reports an HTTP BAD_REQUEST error. The DELETE operation allows a client to request a URI to be removed from the server.

This method does not need to be either "safe" or "idempotent". Operations requested through DELETE can have side-effects for which users may be held accountable. Although not required, servlet writers who subclass this method may wish to save a copy of the affected URI in temporary storage.

Parameters:

req - HttpServletRequest that encapsulates the request to the servlet

resp - HttpServletResponse that encapsulates the response from the servlet

Throws:

java.io.IOException - if detected when handling the request

ServletException - if the request could not be handled

doOptions

protected void doOptions(HttpServletRequest req,
                         HttpServletResponse resp)
                  throws ServletException,
                         java.io.IOException

Performs the HTTP OPTIONS operation; the default implementation of this method automatically determines what HTTP Options are supported. For example, if a servlet writer subclasses HttpServlet and overrides the doGet method, then this method will return the following header:

Allow: GET,HEAD,TRACE,OPTIONS

This method does not need to be overridden unless the servlet implements new methods, beyond those supported by the HTTP/1.1 protocol.

Parameters:

req - HttpServletRequest that encapsulates the request to the servlet

resp - HttpServletResponse that encapsulates the response from the servlet

Throws:

java.io.IOException - if detected when handling the request

ServletException - if the request could not be handled

doTrace

protected void doTrace(HttpServletRequest req,
                       HttpServletResponse resp)
                throws ServletException,
                       java.io.IOException

Performs the HTTP TRACE operation; the default implementation of this method causes a response with a message containing all of the headers sent in the trace request. This method is not typically overridden.

Parameters:

req - HttpServletRequest that encapsulates the request to the servlet

resp - HttpServletResponse that encapsulates the response from the servlet

Throws:

java.io.IOException - if detected when handling the request

ServletException - if the request could not be handled

service

protected void service(HttpServletRequest req,
                       HttpServletResponse resp)
                throws ServletException,
                       java.io.IOException

This is an HTTP-specific version of the Servlet.service method, which accepts HTTP specific parameters. This method is rarely overridden. Standard HTTP requests are supported by dispatching to Java methods specialized to implement them.

Parameters:

req - HttpServletRequest that encapsulates the request to the servlet

resp - HttpServletResponse that encapsulates the response from the servlet

Throws:

java.io.IOException - if detected when handling the request

ServletException - if the request could not be handled

See Also:

Servlet.service(javax.servlet.ServletRequest, javax.servlet.ServletResponse)

service

public void service(ServletRequest req,
                    ServletResponse res)
             throws ServletException,
                    java.io.IOException

Implements the high level Servlet.service method by delegating to the HTTP-specific service method. This method is not normally overriden.

Parameters:

req - ServletRequest that encapsulates the request to the servlet

res - ServletResponse that encapsulates the response from the servlet

Throws:

java.io.IOException - if an I/O exception has occurred

ServletException - if a servlet exception has occurred

Overrides:

service in class GenericServlet

See Also:

Servlet.service(javax.servlet.ServletRequest, javax.servlet.ServletResponse)