Why look at servlets
It’s 2020, why servlets?? First of all, this is a necessary stage, when I started to learn Java Web, this part is the focus, second is when I learn some more advanced frameworks, or from time to time to see it, like Spring, when I learn his source code, I can see the DispatcherServlet it maintains. So stop asking why 2020 is still watching such cheesy stuff?
Of course, there is another question is whether to look at JSP, which I think is simple to understand, now enterprise development is basically the front and back end of the separation model, even simple construction, Freemarker, Thymeleaf template language is more convenient, so if you have time, then you can go to see, but do not need to go too deep
1 Basic Concepts
A Servlet is an interface that defines the specification for Servlet containers to recognize Java programs
2 Basic Implementation
Implementing the Servlet Interface
The most basic servlet implementation, directly implement the servlet interface, rewrite his 5 methods, at the same time need to configure the servlet in web. XML, the servlet is according to the configuration in web
public class HelloServlet implements Servlet {
public void init(ServletConfig servletConfig) throws ServletException {
System.out.println("init ...");
public ServletConfig getServletConfig(a) {
return null;
public void service(ServletRequest servletRequest, ServletResponse servletResponse) throws ServletException, IOException {
System.out.println("service ...");
public String getServletInfo(a) {
return null;
public void destroy(a) {
System.out.println("destroy ..."); }}Copy the code
<?xml version="1.0" encoding="UTF-8"? >
<web-app xmlns=""
Copy the code
Inheriting the HttpServlet
Note that : Servlet3.0 is only available from J2EE 6, mainly to simplify development without tedious XML configuration, so you can use web.xml directly
Use @webServlet annotations directly on the servlet. As you can see by looking at the source code, the original configuration in web.xml can be moved to the value of the annotation
@WebServlet(name = "hello3", urlPatterns = {"/hello3"})
public class HelloServlet3 implements Servlet {
public void init(ServletConfig servletConfig) throws ServletException {}@Override
public ServletConfig getServletConfig(a) {
return null;
public void service(ServletRequest servletRequest, ServletResponse servletResponse) throws ServletException, IOException {
System.out.println("The servlet 3.0...");
public String getServletInfo(a) {
return null;
public void destroy(a) {}}Copy the code
public @interface WebServlet {
String name(a) default "";
String[] value() default {};
String[] urlPatterns() default {};
int loadOnStartup(a) default- 1;
WebInitParam[] initParams() default {};
boolean asyncSupported(a) default false;
String smallIcon(a) default "";
String largeIcon(a) default "";
String description(a) default "";
String displayName(a) default "";
Copy the code
3. In-depth study
The life cycle
There are five methods in the Servlet, three of which are lifecycle related
- Init initialization: executed when the Servlet is created, only once
- Service Service: executes when the Servlet is accessed, and executes on each access
- Destroy: Executed once when the container is closed properly
By default, servlets are created when they are accessed for the first time. You can also configure load-on-startup (negative by default, 0 or a positive integer if enabled) to be created with server startup. Therefore, there are thread safety issues when multiple users access, so try not to use member variables in servlets or modify member variables in servlets.
The destroy method is executed only if the container is closed properly, and it is executed before the container is closed, so it is usually used to free resources.
Inheritance system
GenericServlet implements the Servlet interface, which is a wrapper abstract class based on the Servlet interface. The inheritor must override the Service method and can override the other four methods according to its own needs
HttpServlet inherits GenericServlet and further encapsulates Servlet on the basis of HTTP protocol. The commonly used doGet and doPost are used on demand according to the different HTTP method to simplify development
@WebServlet("/http") public class HelloHttpServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { System.out.println("do get ..."); } @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { System.out.println("do post ..."); }}Copy the code
Wildcard of the mapping
- A serlvet can be configured with multiple mappings
- Rules:
- /xxx
- /xxx/xxx
- Note that (*). XXX cannot be used with /
- The priority of the access is the higher the match
- Matches with only (/) are called default matches, and matches where nothing else can be found
4 Request
The nature of the Request object
Servlets are objects created by reflection in Tomcat, and the passed Request object is actually a RequestFacade that implements HttpRequestServlet, which is provided by Tomcat (facade mode)
The commonly used API
Get the request line
Suppose the request line for a request is GET /hello/ ABC? Name = 123 HTTP / 1.1
- GET a GET request. GetMethod
- Request. GetContextPath access/hello
- Request. GetServletPath access/ABC
- Request. GetQueryString to obtain name = 123
- Request. GetRequestURI access/hello/ABC
- Request. GetRequestURL access to http://localhost:8080/hello/abc
- Request. GetProtocal for HTTP / 1.1
- Request. getRemoteAddr Obtains the IP address of the client
Get the request header
Request. getHeader(key) Obtains the request header information based on the request header name
Preventing hotlinking
The so-called anti-theft chain is to prevent other web site pages through the link to the site to access the site content, so for the site infringement of the site’s copyright
Request. getHeader(“referer”) can obtain the source, and null indicates that the browser address bar directly input access, through the domain name matching can achieve anti-theft effect
@Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { System.out.println("do get ..."); System.out.println(req.getHeader("referer")); String referer = req.getHeader("referer"); if (referer == null) { System.out.println("Direct access from browser address"); }else if (referer.contains("localhost:8080")) { System.out.println("Local Access"); }else { System.out.println("I don't know where the hell I'm visiting."); }}Copy the code
- Request. getHeaderNames Gets the names of all request headers
- Get request body
- Request. getReader Gets the request body (character stream)
- Request. getInputStream gets the request body (byte stream) for file uploading
- Get request parameters
- Request.getrequestparam (name) gets parameters by name
- Request. GetParameterValues (name) according to the array name to obtain parameters
- Request. GetParameterNames obtain the names of all the request parameters
- Request. getParamterMap Retrieves all request parameters K-v and encapsulates a map
- Chinese garbled characters are caused by the inconsistency of the stream encoding format transmitted by the page after Tomcat’s acceptance and conversion. The page is uploaded with UTF-8, but Tomcat has ISO encoding inside, and utF-8 is in disorder after output to the console. Therefore, it is necessary to convert the encoding of Request before reading parameters. SetCharacterEncoding (” UTF-8 “); Can be
- Request.getrequestparam (name) gets parameters by name
- Forward requests
- request.. GetRequestDispatcher (” destination path “). Forward (req, resp);
- Features 1. Server redirection the browser is insensitive 2. One request 3
- The domain object
- A scope is a request that passes data when the request is forwarded within the server
- Request. setAttribute(“key”, value) stores a value into the domain object
- Request. getAttribute(“key”) takes a value from the domain object. If no value is obtained, the value is null
- Request. removeAttribute(“key”) removes the value corresponding to the key from the domain object
- Get the ServletContext object
- request.getServletContext
5 Response
Commonly used API
- Setting the response header
- response.setHeader(key, value)
- Set the response body
- Get output stream
- Byte stream response. GetWriter
- Character stream response. GetOutputStream
- Output data using output streams
- Get output stream
- Set HTTP code 302 to prompt the browser for client redirection
- Set the redirection address
- Features: 1, in the client browser 2, actually initiated two requests 3, can access any resources
Field – Verification code
In fact, the drawing tool is used to draw a two-dimensional code picture, and then output the picture object through the byte output stream of response
public class VerifyCodeServlet extends HttpServlet {
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
BufferedImage bufferedImage = new BufferedImage(100.50, BufferedImage.TYPE_INT_RGB);
Graphics graphics = bufferedImage.getGraphics();
// You can customize the captcha content here
String i = String.valueOf(new Random().nextInt(100));
graphics.drawString(i, 50.25);
ImageIO.write(bufferedImage, "jpg", resp.getOutputStream()); }}Copy the code
6 ServletContext
The domain object
The ServletContext domain object is created when the container is started, and servlets in all projects share the same object, whether the ServletContext obtained by the Request object or the methods provided by the GenericServlet abstract superclass. A domain object accesses data in the same way as a Request object
- ServletContext. SetAttribute (” key “, value) to the domain object inside put value
- ServletContext. GetAttribute (” key “) from a domain object values, take less than is null
- ServletContext. RemoveAttribute (” key “) to remove the key from a domain object corresponding to the value
To get the MIME TYPE
- ServletContext. GetMimeType (absolute path to the file)
- The format of MIME-type is large type/small type
- What it does: Browsers typically use MIME types (not file extensions) to determine how to handle urls, so it’s important that Web servers add the correct MIME type to the response header. If the configuration is not correct, the browser may misinterpret the content of the file, the site will not work properly, and downloaded files will be handled incorrectly.
public class ContextServlet extends HttpServlet {
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
// These two get the same
ServletContext servletContext = req.getServletContext();
// ServletContext servletContext1 = getServletContext();
File file = new File(servletContext.getRealPath("/hehe.html"));
String mimeType = servletContext.getMimeType(file.getName()); / / output: text/HTMLSystem.out.println(mimeType); }}Copy the code
Obtain the official file path
- Project file servletContext. GetRealPath (relative path)
- Tomcat virtual directory address + relative address
Actual combat – file download
The steps are simple
1, tell the browser to download a file resp.setHeader(” Content-disposition “, “attachment; Filename = hello. JPG “);
Load the file to be downloaded into the byte output stream of the RESP
public class DownloadServlet extends HttpServlet {
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
String fileName = req.getParameter("fileName");
String realPath = getServletContext().getRealPath(fileName);
resp.setHeader("content-disposition"."attachment; Filename = hello. JPG");
ImageIO.write( File(realPath)), "jpg", resp.getOutputStream()); }}Copy the code
7 ServletConfig
ServletConfig provides this space to store ancillary information that might be required when running servlets
For traditional XML configuration, add the init-param tag to the servlet tag
<param-value>this is hello value</param-value>
Copy the code
For simpler and more convenient annotations, it is also simpler to use
@WebServlet(urlPatterns = "/config", initParams = {@WebInitParam(name = "abc", value = "123")})
Copy the code
Note that : servlet config configuration only applies to configured servlets
The servlet gets the configuration in a similar way to the servlet context
@WebServlet(urlPatterns = "/config", initParams = {@WebInitParam(name = "abc", value = "123")})
public class ConfigServlet extends HttpServlet {
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
ServletConfig servletConfig = getServletConfig();
String abc = servletConfig.getInitParameter("abc"); System.out.println(abc); }}Copy the code
8 Conversation Technology
A session contains multiple requests and responses. A session is the first time that the browser sends a request to the server, and the session is established until one party is closed. Session technology is to share data within this session. There are two main methods: 1, cookie 2 and session
9 cookie
Basic operation
Creating a Cookie Object
Cookie cookie = new Cookie("abc"."123"); Copy the code
Set cookies to clients
resp.addCookie(cookie); Copy the code
Get client cookie
Cookie[] cookies = req.getCookies(); Copy the code
The essence of the cookie
In essence, the add-cookie and cookie of HTTP header are used. The essence of setting a cookie on the server is adding add-cookie to the header, and the server retrieves the cookie, that is, parsing the cookie value in the header
More than one cookie
Multiple cookies are allowed at the same time by adding cookies multiple times
The validity time of the Cookie
- Cookie. setMaxAge(seconds) Stores the value of seconds
- If the seconds value is positive, it indicates the duration of the session. If the seconds value is negative, the session is closed by default. If the seconds value is 0, the session is cleared immediately
Cookie Sharing problem
- Cookies are not shared by default
- Cookie. setPath can be set to cookie sharing within a project, such as setPath(“/ ABC “), so that the uri under/ABC can be shared
- Cookie. setDomain can be set to domain name sharing. is set, can share the cookie
Cookie special symbol problem
- There is a special place, cookies do not support special symbols, so it is best to use it to transcode URLEncoder. Encode, do not forget to decode urldecoder.decode
Actual combat – Remember the last time you logged in
The implementation idea is relatively simple. The program starts to directly obtain cookies, and retrieves whether there is any cookie we have set in the obtained cookie. If there is any cookie, it means that we have logged in before, and if there is no cookie, it means the first login
public class CookieTestServlet extends HttpServlet {
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
resp.setContentType("text/html; charset=utf-8");
Cookie[] cookies = req.getCookies();
if(cookies ! =null) {
for (Cookie item: cookies) {
if (item.getName().equals("loginTime")) {
// Retrieve the last time
String lastLoginTime = URLDecoder.decode(item.getValue(), "utf-8");
// Save the current time
item.setMaxAge(60 * 60 * 24 * 30);
item.setValue(URLEncoder.encode(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss")\
.format(new Date()),"utf-8"));
resp.getWriter().println("Last login time:" + lastLoginTime);
Cookie cookie = new Cookie("loginTime",
URLEncoder.encode(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss")
.format(new Date()),"utf-8"));
cookie.setMaxAge(60 * 60 * 24 * 30);
resp.getWriter().println("Welcome to your first login."); }}Copy the code
10 Session
Basic operation
Similar to the cookie
- Get the session object: Request.getSession
- Object using the session scope: session. The setAttribute | session. The getAttribute | session. The removeAttribute
Session Implementation Principle
Session implementation is essentially realized through cookies. As you can see, after the session is established, the server creates a session object in memory and adds a cookie named JSESSIONID to the response, representing the object id of the session. During the same session, the browser will make a request with the JSESSIONID. After receiving the request, the server will compare the ID with the objects in memory to determine whether the session is the same as the previous session.
Session lifetime
If the Tomcat container is used, the default lifetime of a session is 30 minutes. The default value is configured in tomcat/conf/web. XML. You can modify session-config to manually change the value
After the client is shut down, check whether the session requested next time is the same
By default, the client is closed. Due to the nature of cookies, cookies are cleared when the browser is closed, so they are different. However, after we understand the basic principle of session, we can manually set the lifetime of JSESSIONID cookies to achieve the effect of caching cookies, so that the next request to open the browser can maintain the same session
After the server is shut down, check whether the session of the next request is the same
Without doing anything, the server shuts down and the session object in memory does not exist, so it cannot be the same. To maintain a session, you need to passivate the session, that is, store the session object information persistently before the server is shut down, and activate the session when the server restarts. That is, the passivated session is reloaded into the memory.
Our common Tomcat container provides this functionality for us
Comparison between session and cookie
- Session is a server session technology and cookie is a client session technology
- The values in the session can be of any type and any size; Cookies can only store character values, and the size is limited by the browser
- Session is relatively secure because it is stored in the server memory. It is not secure for cookies to be managed directly by the client browser
11 Filter
The basic use
Usage is very simple, through the implementation of Filter interface, rewrite three methods can be, the main Filter method is doFilter
@WebFilter(urlPatterns = "/hello3")
public class FilterDemo implements Filter {
public void init(FilterConfig filterConfig) throws ServletException {
// Created with server startup
System.out.println("init ... ");
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
System.out.println("filter ...");
filterChain.doFilter(servletRequest, servletResponse);
public void destroy(a) {
// Destroy with server shutdown
System.out.println("destroy ..."); }}Copy the code
The life cycle
- Init is created with server startup
- Destroy Destroys when the server is down
Multiple Filter
Multiple filters can be configured for the same access address to form the so-called Filter chain. Before accessing the specific method of the servlet, the Filter is filtered from the outside to the inside (the statement before filterchain-dofilter). After the service method of the servlet is terminated, Filter from inside out (statement after filterchain-dofilter)
Intercept the order
There are two cases:
- XML configuration, based on the configuration sequence, the configuration is performed first and then downwards
- The annotation configuration is executed in order by the first letter of the Filter class name.
Init-param is configured in XML or in annotations, and can only be retrieved from the corresponding filter.
By default, filters only filter requests. If you want to filter forwarding or other conditions, you need to set this parameter if you want to block them
- REUQEST by default, represents filtering requests
- FORWARD indicates filtering and forwarding
- INCLUDE means that if the page is referenced by the INCLUDE tag, it will be filtered (rarely)
- ERROR: Intercepts global errors that require redirecting to the ERROR page (rarely used)
12 JSP & Listener etc…
About JSP&Listener or some details I will not do too much exploration, because this part for the follow-up learning is not more help, because it is really used too little, the source code of the follow-up research framework will rarely see them, so forget it, ha ha ha, mainly lazy