public class DefaultServlet extends HttpServlet
HttpHandler.handleRequest(io.undertow.server.HttpServerExchange)
method,
otherwise the request is handled as a normal servlet request.
By default we only allow a restricted set of extensions.
todo: this thing needs a lot more work. In particular: - caching for blocking requests - correct mime type - range/last-modified and other headers to be handled properly - head requests - and probably heaps of other thingsModifier and Type | Field and Description |
---|---|
static String |
ALLOW_POST |
static String |
ALLOWED_EXTENSIONS |
static String |
DEFAULT_ALLOWED |
static String |
DIRECTORY_LISTING |
static String |
DISALLOWED_EXTENSIONS |
static String |
RESOLVE_AGAINST_CONTEXT_ROOT |
Constructor and Description |
---|
DefaultServlet() |
Modifier and Type | Method and Description |
---|---|
protected void |
doDelete(HttpServletRequest req,
HttpServletResponse resp)
Called by the server (via the
service method) to allow a servlet to handle a DELETE request. |
protected void |
doGet(HttpServletRequest req,
HttpServletResponse resp)
Called by the server (via the
service method) to allow a servlet to handle a GET request. |
protected void |
doOptions(HttpServletRequest req,
HttpServletResponse resp)
Called by the server (via the
service method) to allow a servlet to handle a OPTIONS request. |
protected void |
doPost(HttpServletRequest req,
HttpServletResponse resp)
Called by the server (via the
service method) to allow a servlet to handle a POST request. |
protected void |
doPut(HttpServletRequest req,
HttpServletResponse resp)
Called by the server (via the
service method) to allow a servlet to handle a PUT request. |
protected void |
doTrace(HttpServletRequest req,
HttpServletResponse resp)
Called by the server (via the
service method) to allow a servlet to handle a TRACE request. |
void |
init(ServletConfig config)
Called by the servlet container to indicate to a servlet that the servlet is being placed into service.
|
doHead, getLastModified, service, service
destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, getServletName, init, log, log
public static final String DIRECTORY_LISTING
public static final String DEFAULT_ALLOWED
public static final String ALLOWED_EXTENSIONS
public static final String DISALLOWED_EXTENSIONS
public static final String RESOLVE_AGAINST_CONTEXT_ROOT
public static final String ALLOW_POST
public void init(ServletConfig config) throws ServletException
GenericServlet
Servlet.init(javax.servlet.ServletConfig)
.
This implementation stores the ServletConfig
object it receives from the servlet container for later use.
When overriding this form of the method, call super.init(config)
.
init
in interface Servlet
init
in class GenericServlet
config
- the ServletConfig
object that contains configuration information for this servletServletException
- if an exception occurs that interrupts the servlet's normal operationUnavailableException
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException
HttpServlet
service
method) to allow a servlet to handle a GET request.
Overriding this method to support a GET request also automatically supports an HTTP HEAD request. A HEAD request is a GET request that returns no body in the response, only the request header fields.
When overriding this method, read the request data, write the response headers, get the response's writer or
output stream object, and finally, write the response data. It's best to include content type and encoding. When
using a PrintWriter
object to return the response, set the content type before accessing the
PrintWriter
object.
The servlet container must write the headers before committing the response, because in HTTP the headers must be sent before the response body.
Where possible, set the Content-Length header (with the ServletResponse.setContentLength(int)
method), to allow the servlet container to use a persistent connection to return its response to the client,
improving performance. The content length is automatically set if the entire response fits inside the response
buffer.
When using HTTP 1.1 chunked encoding (which means that the response has a Transfer-Encoding header), do not set the Content-Length header.
The GET method should be safe, that is, without any side effects for which users are held responsible. For example, most form queries have no side effects. If a client request is intended to change stored data, the request should use some other HTTP method.
The GET method should also be idempotent, meaning that it can be safely repeated. Sometimes making a method safe also makes it idempotent. For example, repeating queries is both safe and idempotent, but buying a product online or modifying data is neither safe nor idempotent.
If the request is incorrectly formatted, doGet
returns an HTTP "Bad Request" message.
doGet
in class HttpServlet
req
- an HttpServletRequest
object that contains the request the client has made of the servletresp
- an HttpServletResponse
object that contains the response the servlet sends to the clientServletException
- if the request for the GET could not be handledIOException
- if an input or output error is detected when the servlet handles the GET requestServletResponse.setContentType(java.lang.String)
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException
HttpServlet
service
method) to allow a servlet to handle a POST request.
The HTTP POST method allows the client to send data of unlimited length to the Web server a single time and is
useful when posting information such as credit card numbers.
When overriding this method, read the request data, write the response headers, get the response's writer or
output stream object, and finally, write the response data. It's best to include content type and encoding. When
using a PrintWriter
object to return the response, set the content type before accessing the
PrintWriter
object.
The servlet container must write the headers before committing the response, because in HTTP the headers must be sent before the response body.
Where possible, set the Content-Length header (with the ServletResponse.setContentLength(int)
method), to allow the servlet container to use a persistent connection to return its response to the client,
improving performance. The content length is automatically set if the entire response fits inside the response
buffer.
When using HTTP 1.1 chunked encoding (which means that the response has a Transfer-Encoding header), do not set the Content-Length header.
This method does not need to be either safe or idempotent. Operations requested through POST can have side effects for which the user can be held accountable, for example, updating stored data or buying items online.
If the HTTP POST request is incorrectly formatted, doPost
returns an HTTP "Bad Request" message.
doPost
in class HttpServlet
req
- an HttpServletRequest
object that contains the request the client has made of the servletresp
- an HttpServletResponse
object that contains the response the servlet sends to the clientServletException
- if the request for the POST could not be handledIOException
- if an input or output error is detected when the servlet handles the requestServletOutputStream
,
ServletResponse.setContentType(java.lang.String)
protected void doPut(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException
HttpServlet
service
method) to allow a servlet to handle a PUT request.
The PUT operation allows a client to place a file on the server and is similar to sending a file by FTP.
When overriding this method, leave intact any content headers sent with the request (including Content-Length, Content-Type, Content-Transfer-Encoding, Content-Encoding, Content-Base, Content-Language, Content-Location, Content-MD5, and Content-Range). If your method cannot handle a content header, it must issue an error message (HTTP 501 - Not Implemented) and discard the request. For more information on HTTP 1.1, see RFC 2616 .
This method does not need to be either safe or idempotent. Operations that doPut
performs can have
side effects for which the user can be held accountable. When using this method, it may be useful to save a copy
of the affected URL in temporary storage.
If the HTTP PUT request is incorrectly formatted, doPut
returns an HTTP "Bad Request" message.
doPut
in class HttpServlet
req
- the HttpServletRequest
object that contains the request the client made of the servletresp
- the HttpServletResponse
object that contains the response the servlet returns to the clientServletException
- if the request for the PUT cannot be handledIOException
- if an input or output error occurs while the servlet is handling the PUT requestprotected void doDelete(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException
HttpServlet
service
method) to allow a servlet to handle a DELETE request.
The DELETE operation allows a client to remove a document or Web page from the server.
This method does not need to be either safe or idempotent. Operations requested through DELETE can have side effects for which users can be held accountable. When using this method, it may be useful to save a copy of the affected URL in temporary storage.
If the HTTP DELETE request is incorrectly formatted, doDelete
returns an HTTP "Bad Request" message.
doDelete
in class HttpServlet
req
- the HttpServletRequest
object that contains the request the client made of the servletresp
- the HttpServletResponse
object that contains the response the servlet returns to the clientServletException
- if the request for the DELETE cannot be handledIOException
- if an input or output error occurs while the servlet is handling the DELETE requestprotected void doOptions(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException
HttpServlet
service
method) to allow a servlet to handle a OPTIONS request.
The OPTIONS request determines which HTTP methods the server supports and returns an appropriate header. For
example, if a servlet overrides doGet
, this method returns the following header:
Allow: GET, HEAD, TRACE, OPTIONS
There's no need to override this method unless the servlet implements new HTTP methods, beyond those implemented by HTTP 1.1.
doOptions
in class HttpServlet
req
- the HttpServletRequest
object that contains the request the client made of the servletresp
- the HttpServletResponse
object that contains the response the servlet returns to the clientServletException
- if the request for the OPTIONS cannot be handledIOException
- if an input or output error occurs while the servlet is handling the OPTIONS requestprotected void doTrace(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException
HttpServlet
service
method) to allow a servlet to handle a TRACE request.
A TRACE returns the headers sent with the TRACE request to the client, so that they can be used in debugging.
There's no need to override this method.doTrace
in class HttpServlet
req
- the HttpServletRequest
object that contains the request the client made of the servletresp
- the HttpServletResponse
object that contains the response the servlet returns to the clientServletException
- if the request for the TRACE cannot be handledIOException
- if an input or output error occurs while the servlet is handling the TRACE requestCopyright © 2019 JBoss by Red Hat. All rights reserved.