Package jakarta.servlet.http

Interface HttpServletRequest

All Superinterfaces:

ServletRequest

All Known Implementing Classes:

HttpServletRequestWrapper

public interface HttpServletRequest
extends ServletRequest

Extends the ServletRequest interface to provide request information for HTTP servlets.

The servlet container creates an HttpServletRequest object and passes it as an argument to the servlet's service methods (doGet, doPost, etc).

Field Summary

Fields

Modifier and Type	Field	Description
static final String	BASIC_AUTH	String identifier for Basic authentication.
static final String	CLIENT_CERT_AUTH	String identifier for Client Certificate authentication.
static final String	DIGEST_AUTH	String identifier for Digest authentication.
static final String	FORM_AUTH	String identifier for Form authentication.

Method Summary

Modifier and Type	Method	Description
boolean	authenticate(HttpServletResponse response)	Triggers the same authentication process as would be triggered if the request is for a resource that is protected by a security constraint.
String	changeSessionId()	Changes the session ID of the session associated with this request.
String	getAuthType()	Returns the name of the authentication scheme used to protect the servlet.
String	getContextPath()	Returns the portion of the request URI that indicates the context of the request.
Cookie[]	getCookies()	Returns an array containing all of the Cookie objects the client sent with this request.
long	getDateHeader(String name)	Returns the value of the specified request header as a long value that represents a Date object.
String	getHeader(String name)	Returns the value of the specified request header as a String.
Enumeration<String>	getHeaderNames()	Returns an enumeration of all the header names this request contains.
Enumeration<String>	getHeaders(String name)	Returns all the values of the specified request header as an Enumeration of String objects.
default HttpServletMapping	getHttpServletMapping()	Obtain the mapping information for this request.
int	getIntHeader(String name)	Returns the value of the specified request header as an int.
String	getMethod()	Returns the name of the HTTP method with which this request was made, for example, GET, POST, or PUT.
Part	getPart(String name)	Gets the named Part or null if the Part does not exist.
Collection<Part>	getParts()	Return a collection of all uploaded Parts.
String	getPathInfo()	Returns any extra path information associated with the URL the client sent when it made this request.
String	getPathTranslated()	Returns any extra path information after the servlet name but before the query string, and translates it to a real path.
String	getQueryString()	Returns the query string that is contained in the request URL after the path.
String	getRemoteUser()	Returns the login of the user making this request, if the user has been authenticated, or null if the user has not been authenticated.
String	getRequestedSessionId()	Returns the session ID specified by the client.
String	getRequestURI()	Returns the part of this request's URL from the protocol name up to the query string in the first line of the HTTP request.
StringBuffer	getRequestURL()	Reconstructs the URL the client used to make the request.
String	getServletPath()	Returns the part of this request's URL that calls the servlet.
HttpSession	getSession()	Returns the current session associated with this request, or if the request does not have a session, creates one.
HttpSession	getSession(boolean create)	Returns the current HttpSession associated with this request or, if there is no current session and create is true, returns a new session.
default Map<String,String>	getTrailerFields()	Obtain a Map of the trailer fields that is not backed by the request object.
Principal	getUserPrincipal()	Returns a java.security.Principal object containing the name of the current authenticated user.
boolean	isRequestedSessionIdFromCookie()	Checks whether the requested session ID came in as a cookie.
boolean	isRequestedSessionIdFromURL()	Checks whether the requested session ID came in as part of the request URL.
boolean	isRequestedSessionIdValid()	Checks whether the requested session ID is still valid.
default boolean	isTrailerFieldsReady()	Are trailer fields ready to be read (there may still be no trailers to read).
boolean	isUserInRole(String role)	Returns a boolean indicating whether the authenticated user is included in the specified logical "role".
void	login(String username, String password)	Authenticate the provided user name and password and then associated the authenticated user with the request.
void	logout()	Removes any authenticated user from the request.
default PushBuilder	newPushBuilder()	Deprecated. In favor of 103 early hints
<T extends HttpUpgradeHandler> T	upgrade(Class<T> httpUpgradeHandlerClass)	Start the HTTP upgrade process and create and instance of the provided protocol handler class.

Methods inherited from interface jakarta.servlet.ServletRequest

getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentLengthLong, getContentType, getDispatcherType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameter, getParameterMap, getParameterNames, getParameterValues, getProtocol, getProtocolRequestId, getReader, getRemoteAddr, getRemoteHost, getRemotePort, getRequestDispatcher, getRequestId, getScheme, getServerName, getServerPort, getServletConnection, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, removeAttribute, setAttribute, setCharacterEncoding, setCharacterEncoding, startAsync, startAsync

Field Details

BASIC_AUTH

static final String BASIC_AUTH

String identifier for Basic authentication. Value "BASIC"

See Also:

• Constant Field Values

FORM_AUTH

static final String FORM_AUTH

String identifier for Form authentication. Value "FORM"

See Also:

• Constant Field Values

CLIENT_CERT_AUTH

static final String CLIENT_CERT_AUTH

String identifier for Client Certificate authentication. Value "CLIENT_CERT"

See Also:

• Constant Field Values

DIGEST_AUTH

static final String DIGEST_AUTH

String identifier for Digest authentication. Value "DIGEST"

See Also:

• Constant Field Values

Method Details

getAuthType

String getAuthType()

Returns the name of the authentication scheme used to protect the servlet. All servlet containers support basic, form and client certificate authentication, and may additionally support digest authentication. If the servlet is not authenticated null is returned.

Same as the value of the CGI variable AUTH_TYPE.

Returns:

one of the static members BASIC_AUTH, FORM_AUTH, CLIENT_CERT_AUTH, DIGEST_AUTH (suitable for == comparison) or the container-specific string indicating the authentication scheme, or null if the request was not authenticated.

getCookies

Cookie[] getCookies()

Returns an array containing all of the Cookie objects the client sent with this request. This method returns null if no cookies were sent.

Returns:

an array of all the Cookies included with this request, or null if the request has no cookies

getDateHeader

long getDateHeader(String name)

Returns the value of the specified request header as a long value that represents a Date object. Use this method with headers that contain dates, such as If-Modified-Since.

The date is returned as the number of milliseconds since January 1, 1970 GMT. The header name is case insensitive.

If the request did not have a header of the specified name, this method returns -1. If the header can't be converted to a date, the method throws an IllegalArgumentException.

Parameters:

name - a String specifying the name of the header

Returns:

a long value representing the date specified in the header expressed as the number of milliseconds since January 1, 1970 GMT, or -1 if the named header was not included with the request

Throws:

IllegalArgumentException - If the header value can't be converted to a date

getHeader

String getHeader(String name)

Returns the value of the specified request header as a String. If the request did not include a header of the specified name, this method returns null. If there are multiple headers with the same name, this method returns the first head in the request. The header name is case insensitive. You can use this method with any request header.

Parameters:

name - a String specifying the header name

Returns:

a String containing the value of the requested header, or null if the request does not have a header of that name

getHeaders

Enumeration<String> getHeaders(String name)

Returns all the values of the specified request header as an Enumeration of String objects.

Some headers, such as Accept-Language can be sent by clients as several headers each with a different value rather than sending the header as a comma separated list.

If the request did not include any headers of the specified name, this method returns an empty Enumeration. The header name is case insensitive. You can use this method with any request header.

Parameters:

name - a String specifying the header name

Returns:

an Enumeration containing the values of the requested header. If the request does not have any headers of that name return an empty enumeration. If the container does not allow access to header information, return null

getHeaderNames

Enumeration<String> getHeaderNames()

Returns an enumeration of all the header names this request contains. If the request has no headers, this method returns an empty enumeration.

Some servlet containers do not allow servlets to access headers using this method, in which case this method returns null

Returns:

an enumeration of all the header names sent with this request; if the request has no headers, an empty enumeration; if the servlet container does not allow servlets to use this method, null

getIntHeader

int getIntHeader(String name)

Returns the value of the specified request header as an int. If the request does not have a header of the specified name, this method returns -1. If the header cannot be converted to an integer, this method throws a NumberFormatException.

The header name is case insensitive.

Parameters:

name - a String specifying the name of a request header

Returns:

an integer expressing the value of the request header or -1 if the request doesn't have a header of this name

Throws:

NumberFormatException - If the header value can't be converted to an int

getHttpServletMapping

default HttpServletMapping getHttpServletMapping()

Obtain the mapping information for this request.

Returns:

the mapping information for this request

getMethod

String getMethod()

Returns the name of the HTTP method with which this request was made, for example, GET, POST, or PUT. Same as the value of the CGI variable REQUEST_METHOD.

Returns:

a String specifying the name of the method with which this request was made

getPathInfo

String getPathInfo()

Returns any extra path information associated with the URL the client sent when it made this request. The extra path information follows the servlet path but precedes the query string and will start with a "/" character.

This method returns null if there was no extra path information.

The URL will be canonicalized as per section 3.5 of the specification before the path information, if any, is extracted.

Returns:

a String, canonicalized by the web container, specifying extra path information that comes after the servlet path but before the query string in the request URL; or null if the URL does not have any extra path information

getPathTranslated

String getPathTranslated()

Returns any extra path information after the servlet name but before the query string, and translates it to a real path. Same as the value of the CGI variable PATH_TRANSLATED.

If the URL does not have any extra path information, this method returns null or the servlet container cannot translate the virtual path to a real path for any reason (such as when the web application is executed from an archive). The web container does not decode this string.

Returns:

a String specifying the real path, or null if the URL does not have any extra path information

newPushBuilder

@Deprecated
default PushBuilder newPushBuilder()

Deprecated.

In favor of 103 early hints

Obtain a builder for generating push requests. PushBuilder documents how this request will be used as the basis for a push request. Each call to this method will return a new instance, independent of any previous instance obtained.

Returns:

A builder that can be used to generate push requests based on this request or null if push is not supported. Some implementations may opt not to support server push and will therefore always return null. If a PushBuilder instance is returned, by the time that PushBuilder.push() is called, it may no longer be valid to push a request and the push request will be ignored.

Since:

Servlet 4.0

getContextPath

String getContextPath()

Returns the portion of the request URI that indicates the context of the request. The context path always comes first in a request URI. The path starts with a "/" character but does not end with a "/" character. For servlets in the default (root) context, this method returns "". The container does not decode this string.

Returns:

a String specifying the portion of the request URI that indicates the context of the request

getQueryString

String getQueryString()

Returns the query string that is contained in the request URL after the path. This method returns null if the URL does not have a query string. Same as the value of the CGI variable QUERY_STRING.

Returns:

a String containing the query string or null if the URL contains no query string. The value is not decoded by the container.

getRemoteUser

String getRemoteUser()

Returns the login of the user making this request, if the user has been authenticated, or null if the user has not been authenticated. Whether the user name is sent with each subsequent request depends on the browser and type of authentication. Same as the value of the CGI variable REMOTE_USER.

Returns:

a String specifying the login of the user making this request, or null if the user login is not known

isUserInRole

boolean isUserInRole(String role)

Returns a boolean indicating whether the authenticated user is included in the specified logical "role". Roles and role membership can be defined using deployment descriptors. If the user has not been authenticated, the method returns false.

Parameters:

role - a String specifying the name of the role

Returns:

a boolean indicating whether the user making this request belongs to a given role; false if the user has not been authenticated

getUserPrincipal

Principal getUserPrincipal()

Returns a java.security.Principal object containing the name of the current authenticated user. If the user has not been authenticated, the method returns null.

Returns:

a java.security.Principal containing the name of the user making this request; null if the user has not been authenticated

getRequestedSessionId

String getRequestedSessionId()

Returns the session ID specified by the client. This may not be the same as the ID of the current valid session for this request. If the client did not specify a session ID, this method returns null.

Returns:

a String specifying the session ID, or null if the request did not specify a session ID

See Also:

• isRequestedSessionIdValid()

getRequestURI

String getRequestURI()

Returns the part of this request's URL from the protocol name up to the query string in the first line of the HTTP request. The web container does not decode this String. For example:

Examples of Returned Values

First line of HTTP request	Returned Value
POST /some/path.html HTTP/1.1		/some/path.html
GET http://foo.bar/a.html HTTP/1.0		/a.html
HEAD /xyz?a=b HTTP/1.1		/xyz

To reconstruct a URL with a scheme and host, use getRequestURL().

Returns:

a String containing the part of the URL from the protocol name up to the query string

See Also:

• getRequestURL()

getRequestURL

StringBuffer getRequestURL()

Reconstructs the URL the client used to make the request. The returned URL contains a protocol, server name, port number, and server path, but it does not include query string parameters.

Because this method returns a StringBuffer, not a string, you can modify the URL easily, for example, to append query parameters.

This method is useful for creating redirect messages and for reporting errors.

Returns:

a StringBuffer object containing the reconstructed URL

getServletPath

String getServletPath()

Returns the part of this request's URL that calls the servlet. This path starts with a "/" character and includes either the servlet name or a path to the servlet, but does not include any extra path information or a query string. Same as the value of the CGI variable SCRIPT_NAME.

The URL will be canonicalized as per section 3.5 of the specification before the path information, if any, is extracted.

This method will return an empty string ("") if the servlet used to process this request was matched using the "/*" pattern.

Returns:

a String, canonicalized by the web container, containing the name or path of the servlet being called, as specified in the request URL, or an empty string if the servlet used to process the request is matched using the "/*" pattern.

getSession

HttpSession getSession(boolean create)

Returns the current HttpSession associated with this request or, if there is no current session and create is true, returns a new session.

If create is false and the request has no valid HttpSession, this method returns null.

To make sure the session is properly maintained, you must call this method before the response is committed. If the container is using cookies to maintain session integrity and is asked to create a new session when the response is committed, an IllegalStateException is thrown.

Parameters:

create - true to create a new session for this request if necessary; false to return null if there's no current session

Returns:

the HttpSession associated with this request or null if create is false and the request has no valid session

See Also:

• getSession()

getSession

HttpSession getSession()

Returns the current session associated with this request, or if the request does not have a session, creates one.

Returns:

the HttpSession associated with this request

See Also:

• getSession(boolean)

changeSessionId

String changeSessionId()

Changes the session ID of the session associated with this request. This method does not create a new session object it only changes the ID of the current session.

Returns:

the new session ID allocated to the session

Since:

Servlet 3.1

See Also:

• HttpSessionIdListener

isRequestedSessionIdValid

boolean isRequestedSessionIdValid()

Checks whether the requested session ID is still valid.

Returns:

true if this request has an id for a valid session in the current session context; false otherwise

See Also:

• getRequestedSessionId()
• getSession(boolean)

isRequestedSessionIdFromCookie

boolean isRequestedSessionIdFromCookie()

Checks whether the requested session ID came in as a cookie.

Returns:

true if the session ID came in as a cookie; otherwise, false

See Also:

• getSession(boolean)

isRequestedSessionIdFromURL

boolean isRequestedSessionIdFromURL()

Checks whether the requested session ID came in as part of the request URL.

Returns:

true if the session ID came in as part of a URL; otherwise, false

See Also:

• getSession(boolean)

authenticate

boolean authenticate(HttpServletResponse response)
              throws IOException,
ServletException

Triggers the same authentication process as would be triggered if the request is for a resource that is protected by a security constraint.

Parameters:

response - The response to use to return any authentication challenge

Returns:

true if the user is successfully authenticated and false if not

Throws:

IOException - if the authentication process attempted to read from the request or write to the response and an I/O error occurred

IllegalStateException - if the authentication process attempted to write to the response after it had been committed

ServletException - if the authentication failed and the caller is expected to handle the failure

Since:

Servlet 3.0

login

void login(String username,
 String password)
    throws ServletException

Authenticate the provided user name and password and then associated the authenticated user with the request.

Parameters:

username - The user name to authenticate

password - The password to use to authenticate the user

Throws:

ServletException - If any of getRemoteUser(), getUserPrincipal() or getAuthType() are non-null, if the configured authenticator does not support user name and password authentication or if the authentication fails

Since:

Servlet 3.0

logout

void logout()
     throws ServletException

Removes any authenticated user from the request.

Throws:

ServletException - If the logout fails

Since:

Servlet 3.0

getParts

Collection<Part> getParts()
                   throws IOException,
ServletException

Return a collection of all uploaded Parts.

Returns:

A collection of all uploaded Parts.

Throws:

IOException - if an I/O error occurs

IllegalStateException - if size limits are exceeded or no multipart configuration is provided

ServletException - if the request is not multipart/form-data

Since:

Servlet 3.0

getPart

Part getPart(String name)
      throws IOException,
ServletException

Gets the named Part or null if the Part does not exist. Triggers upload of all Parts.

Parameters:

name - The name of the Part to obtain

Returns:

The named Part or null if the Part does not exist

Throws:

IOException - if an I/O error occurs

IllegalStateException - if size limits are exceeded

ServletException - if the request is not multipart/form-data

Since:

Servlet 3.0

upgrade

<T extends HttpUpgradeHandler> T upgrade(Class<T> httpUpgradeHandlerClass)
                                  throws IOException,
ServletException

Start the HTTP upgrade process and create and instance of the provided protocol handler class. The connection will be passed this instance once the current request/response pair has completed processing. Calling this method sets the response status to HttpServletResponse.SC_SWITCHING_PROTOCOLS.

Type Parameters:

T - The type of the upgrade handler

Parameters:

httpUpgradeHandlerClass - The class that implements the upgrade handler

Returns:

A newly created instance of the specified upgrade handler type

Throws:

IOException - if an I/O error occurred during the upgrade

ServletException - if the given httpUpgradeHandlerClass fails to be instantiated

Since:

Servlet 3.1

getTrailerFields

default Map<String,String> getTrailerFields()

Obtain a Map of the trailer fields that is not backed by the request object.

Returns:

A Map of the received trailer fields with all keys lower case or an empty Map if no trailers are present

Since:

Servlet 4.0

isTrailerFieldsReady

default boolean isTrailerFieldsReady()

Are trailer fields ready to be read (there may still be no trailers to read). This method always returns true if the underlying protocol does not support trailer fields. Otherwise, true is returned once all of the following are true:

• The application has ready all the request data and an EOF has been received or the content-length is zero
• All trailer fields, if any, have been received

Returns:

true if trailers are ready to be read

Since:

Servlet 4.0