HttpServlet是J2EE里的核心基础类,J2EE是一套框架规范,具体实现依赖于各服务器厂商自身。tomcat应该是用的最多的开源J2EE服务器了,拿它的来分析比较有典型。
去tomcat的官网上下载源码即可,我选择的是tomcat8.
导入到eclipse下,包结构大概如下:
分javax和org.apache两部分,javax应该是j2ee规范要求的,org.apache是tomcat自己特有的。这部分没详细研究。
HttpServlet是J2EE的核心类,首先它是一个抽象类,用户需要继承它并覆盖一些方法来实现具体功能的Servlet。类注释直接逐句翻译如下:
/**
* Provides an abstract class to be subclassed to create(提供一个抽象类,用于实现子类,子类来满足web系统具体功能)
* an HTTP servlet suitable for a Web site. A subclass of(继承它的子类,必须覆盖至少它的一个方法,通常是下面所列的这些方法之一)
* <code>HttpServlet</code> must override at least
* one method, usually one of these:
*
* <ul>
* <li> <code>doGet</code>, if the servlet supports HTTP GET requests
* <li> <code>doPost</code>, for HTTP POST requests
* <li> <code>doPut</code>, for HTTP PUT requests
* <li> <code>doDelete</code>, for HTTP DELETE requests
* <li> <code>init</code> and <code>destroy</code>,
* to manage resources that are held for the life of the servlet(init方法特殊说明是用来管理servler生命周期内所持有的一些资源的)
* <li> <code>getServletInfo</code>, which the servlet uses to(getServletInfo见名知意,用来提供自身的相关信息)
* provide information about itself
* </ul>
*
* <p>There's almost no reason to override the <code>service</code>
(一般情况下不要覆盖service方法,后面会看到service是处理http请求的总入口,它的核心功能就是
根据Http请求的类型,把请求分发给不同的处理方法doGet,doPost等)
* method. <code>service</code> handles standard HTTP
* requests by dispatching them to the handler methods
* for each HTTP request type (the <code>do</code><i>Method</i>
* methods listed above).
*
* <p>Likewise, there's almost no reason to override the
* <code>doOptions</code> and <code>doTrace</code> methods.
(一般情况下也不要覆盖doTrace方法,http里trace请求是用于远程诊断服务器的,
跟具体的业务操作无关,所以默认处理就可以了)
*
* <p>Servlets typically run on multithreaded servers,
* so be aware that a servlet must handle concurrent
* requests and be careful to synchronize access to shared resources.
* Shared resources include in-memory data such as
* instance or class variables and external objects
* such as files, database connections, and network
* connections.
(Servlet一般是允许在多线程服务器上,也就是会同时接受多个http请求。所以必须注意这点,
Servlet必须能够处理并发请求,必须留心同步访问共享资源的情况。共享资源可能是内存里的数据,如对象实例或类变量,
也可能是来自外部,如文件,数据库连接,网络连接)
* See the
* <a href="http://java.sun.com/Series/Tutorial/java/threads/multithreaded.html">
* Java Tutorial on Multithreaded Programming</a> for more
* information on handling multiple threads in a Java program.
*/
(关于java多线程编程的问题,可以查看上面的官方技术文档)
看了这段开头注释,我们大概明白HttpServlet是干什么的了。
下面看一下类结构组成,如下图。
第一部分,静态常量字符串若干。
接下来是一个HttpServlet构造方法,因为是抽象类,所以什么都不做,空的不用管。
接下来是doGet方法,处理Http Get请求。
接下来是getLastModified方法,用于返回HttpServletRequest最近被修改的时间,返回一个long长整型数。
接下来是doHead方法处理Http Head请求。doPost方法处理Post请求。doPut方法处理Put请求。doDelete方法处理Delete请求。
接下来是getAllDeclaredMethods方法,私有方法,动态反射获取一个类的所有方法。不用管。
接下来doOptions处理Option请求。doTrace处理trace请求。
接下来第一个service方法,负责将不同类型http请求分发给各处理方法doXXX。
接下来maybeSetLastModified方法,私有方法,略过。
接下来第二个service方法,只是一个壳,直接调用第一个service方法。
接下来是两个内部类,NoBodyResponse和NoBodyOutputStream。用于回应Head请求用,因为Head请求响应报文不需要携带报文体。
由此可见HttpServlet的核心是service方法。是分析的关键。具体处理方法doGet,doPost最重要,其他的可以简略。
前提提一点,HttpServlet继承了GenericServlet,这个留待下次分析。
- doGet方法
doGet方法,顾名思义用于处理HTTP GET请求的。
doGet的方法注释翻译如下:
/**
* Called by the server (via the <code>service</code> method) to
* allow a servlet to handle a GET request.
(服务器通过service方法间接调用doGet方法来处理GET请求)
*
* <p>Overriding this method to support a GET request also
* automatically supports an HTTP HEAD request. A HEAD
* request is a GET request that returns no body in the
* response, only the request header fields.
(如果覆盖了这个方法,除了支持GET请求外,它还能自动支持HEAD请求。因为HEAD请求是
GET的请求的一种特殊情况,即HEAD请求的响应中不需要报文体,只需要请求报文头部域)
*
* <p>When overriding this method, read the request data,
* write the response headers, get the response's writer or
* output stream object, and finally, write the response data.
(覆盖此方法时,首先读取request请求数据,然后写response响应的头部,然后获取response的writer或者outputstream对象,
最后用writer或outputstream写入response响应数据)
* It's best to include content type and encoding. When using
* a <code>PrintWriter</code> object to return the response,
* set the content type before accessing the
* <code>PrintWriter</code> object.
(response响应报文头最好包含content-type和enconding。如果用一个PrintWriter对象返回response,需要在访问PrintWriter
之前设置好content-type)
*
* <p>The servlet container must write the headers before
* committing the response, because in HTTP the headers must be sent
* before the response body.
(在提交response之前,servlet容器必须写入response报文头,因为HTTP协议要求响应报文头必须在响应报文头之前发送)
*
* <p>Where possible, set the Content-Length header (with the
* {@link javax.servlet.ServletResponse#setContentLength} method),
* to allow the servlet container to use a persistent connection
* to return its response to the client, improving performance.
* The content length is automatically set if the entire response fits
* inside the response buffer.
(如果能够做到,那么尽量在报文头里设置一下Content-Length属性(用ServletResponse.setContentLength方法),
这样的好处是servlet容器可以使用HTTP长连接返回响应报文,可以提高性能。如果整个response都在response buffer内,
那么这个属性是被自动设置的,不需要手工设置)
*
* <p>When using HTTP 1.1 chunked encoding (which means that the response
* has a Transfer-Encoding header), do not set the Content-Length header.
*(如果用了HTTP1.1版本协议的chunked编码(这意味着response有一个Transfer-Encoding头部字段),这种情况下也不要设置Content-Length字段。
具体去看HTTP协议吧。。。)
* <p>The GET method should be safe, that is, without
* any side effects for which users are held responsible.
(GET方法必须是安全的,不能要求用户对其副作用负责,意思就是不能改变服务器上的数据)
* For example, most form queries have no side effects.
* If a client request is intended to change stored data,
* the request should use some other HTTP method.
(例如,大多数表单查询就是没有副作用的。如果客户端的请求意在改变服务器上的存储数据,那么这个请求不适用GET,应该用其他HTTP方法)
*
* <p>The GET method should also be idempotent, meaning
* that it can be safely repeated. Sometimes making a
* method safe also makes it idempotent. For example,
* repeating queries is both safe and idempotent, but
* buying a product online or modifying data is neither
* safe nor idempotent.
(GET方法还应该是幂等的,也就是可以被多次重复执行。像重复的查询,既是安全的又是幂等的。
而在线购买商品或者修改数据,既不是安全的也不是幂等的)
*
* <p>If the request is incorrectly formatted, <code>doGet</code>
* returns an HTTP "Bad Request" message.
(如果请求数据格式不对,doGet方法应返回一个“Bad Request”消息)
*
* @param req an {@link HttpServletRequest} object that
* contains the request the client has made
* of the servlet
(输入参数req,一个HttpServletRequest对象,包含了客户端发送的请求)
*
* @param resp an {@link HttpServletResponse} object that
* contains the response the servlet sends
* to the client
*
(输入参数resp,包含了Servlet发给client的对象)
* @exception IOException if an input or output error is
* detected when the servlet handles
* the GET request
*
* @exception ServletException if the request for the GET
* could not be handled
*
* @see javax.servlet.ServletResponse#setContentType
*/
doGet方法罗辑并不复杂。
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException
{
String protocol = req.getProtocol();
String msg = lStrings.getString("http.method_get_not_supported");
if (protocol.endsWith("1.1")) {
resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED, msg);
} else {
resp.sendError(HttpServletResponse.SC_BAD_REQUEST, msg);
}
}
首先从request中获取协议号。如果协议号以1.1结尾,那么就发送报错response,错误码为405,错误信息是从静态资源文件读取的字符串。
如果不以1.1结尾,那么也发送报错response,错误码是400,。
所以实际上这段代码不做任何有意义的事,只返回报错response。如果想要正确处理HTTP GET Request,还需要覆盖这个方法。
默认的doPost,doPut,doDelete方法也是如此,如果需要正确处理,均需要开发者去覆盖相应的方法。
- doHead方法
方法注释翻译如下:
/**
* <p>Receives an HTTP HEAD request from the protected
* <code>service</code> method and handles the
* request.
(service方法会将HTTP HEAD request转发给此方法,此方法对其进行处理)
* The client sends a HEAD request when it wants
* to see only the headers of a response, such as
* Content-Type or Content-Length. The HTTP HEAD
* method counts the output bytes in the response
* to set the Content-Length header accurately.
(当客户端只想看到response的头部时,例如查看Content-Type和Content-Length头部字段,它就会发生一个HEAD request。
HTTP HEAD方法会去统计response的输出字节数,然后去设置Content-Length字段。都是HTTP协议的东西,大家可以去详读协议)
*
* <p>If you override this method, you can avoid computing
* the response body and just set the response headers
* directly to improve performance. Make sure that the
* <code>doHead</code> method you write is both safe
* and idempotent (that is, protects itself from being
* called multiple times for one HTTP HEAD request).
(如果开发者要覆盖此方法(一般不用覆盖此方法),可以不用计算response 的报文体,只设置response的报文头,这样可以
提高性能。要保证你覆盖的方法必须是安全且幂等的,当多次调用HTTP HEAD请求时要做到不能影响自身数据)
*
* <p>If the HTTP HEAD request is incorrectly formatted,
* <code>doHead</code> returns an HTTP "Bad Request"
* message.
(如果request格式不对,方法要返回HTTP "Bad Request"消息)
*
* @param req the request object that is passed to the servlet
*
* @param resp the response object that the servlet
* uses to return the headers to the client
*
* @exception IOException if an input or output error occurs
*
* @exception ServletException if the request for the HEAD
* could not be handled
*/
代码罗辑也并不复杂,如果分发类型为INCLUDE,那么直接转给doGet方法处理。否则先创建一个NoBodyResponse对象,顾名思义是无报文体的response对象,然后调用doGet,最后设置response的ContentLength。
protected void doHead(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
if (DispatcherType.INCLUDE.equals(req.getDispatcherType())) {
doGet(req, resp);
} else {
NoBodyResponse response = new NoBodyResponse(resp);
doGet(req, response);
response.setContentLength();
}
}
- doOptions方法
先说一下HTTP OPTIONS 方法,这个方法的主要功能是用于探查服务器上资源可以使用的请求方法。
/**
* Called by the server (via the <code>service</code> method)
* to allow a servlet to handle a OPTIONS request.
(服务器通过Servlet的service方法调用此方法来处理HTTP OPTIONS request)
*
* The OPTIONS request determines which HTTP methods
* the server supports and
* returns an appropriate header. For example, if a servlet
* overrides <code>doGet</code>, this method returns the
* following header:
*
* <p><code>Allow: GET, HEAD, TRACE, OPTIONS</code>
(OPTIONS request 用来确定服务器支持哪些HTTP方法,返回一个恰当的报文头。例如如果一个Servlet覆盖了doGet方法,
那么OPTIONS方法就会返回这个一个报文头:
Allow: GET, HEAD, TRACE, OPTIONS
)
*
* <p>There's no need to override this method unless the
* servlet implements new HTTP methods, beyond those
* implemented by HTTP 1.1.
(一般情况不需要覆盖doOptions,除非Servlet实现了HTTP1.1里不包含的新HTTP方法)
*
* @param req the {@link HttpServletRequest} object that
* contains the request the client made of
* the servlet
*
* @param resp the {@link HttpServletResponse} object that
* contains the response the servlet returns
* to the client
*
* @exception IOException if an input or output error occurs
* while the servlet is handling the
* OPTIONS request
*
* @exception ServletException if the request for the
* OPTIONS cannot be handled
*/
代码如下。注意最后一句,resp.setHeader(“Allow”, allow),最终目的就是在response的头部设置Allow字段。前面的代码都是为了拼接allow字符串。
首先通过getAllDeclaredMethods方法用动态反射机制获取到当前类实现的方法,然后根据方法名判断当前Servlet支持哪些HTTP方法,最后根据判断结果拼接allow字符串,用逗号分隔。
protected void doOptions(HttpServletRequest req,
HttpServletResponse resp)
throws ServletException, IOException {
Method[] methods = getAllDeclaredMethods(this.getClass());
boolean ALLOW_GET = false;
boolean ALLOW_HEAD = false;
boolean ALLOW_POST = false;
boolean ALLOW_PUT = false;
boolean ALLOW_DELETE = false;
boolean ALLOW_TRACE = true;
boolean ALLOW_OPTIONS = true;
for (int i=0; i<methods.length; i++) {
Method m = methods[i];
if (m.getName().equals("doGet")) {
ALLOW_GET = true;
ALLOW_HEAD = true;
}
if (m.getName().equals("doPost"))
ALLOW_POST = true;
if (m.getName().equals("doPut"))
ALLOW_PUT = true;
if (m.getName().equals("doDelete"))
ALLOW_DELETE = true;
}
String allow = null;
if (ALLOW_GET)
allow=METHOD_GET;
if (ALLOW_HEAD)
if (allow==null) allow=METHOD_HEAD;
else allow += ", " + METHOD_HEAD;
if (ALLOW_POST)
if (allow==null) allow=METHOD_POST;
else allow += ", " + METHOD_POST;
if (ALLOW_PUT)
if (allow==null) allow=METHOD_PUT;
else allow += ", " + METHOD_PUT;
if (ALLOW_DELETE)
if (allow==null) allow=METHOD_DELETE;
else allow += ", " + METHOD_DELETE;
if (ALLOW_TRACE)
if (allow==null) allow=METHOD_TRACE;
else allow += ", " + METHOD_TRACE;
if (ALLOW_OPTIONS)
if (allow==null) allow=METHOD_OPTIONS;
else allow += ", " + METHOD_OPTIONS;
resp.setHeader("Allow", allow);
}
- doTrace方法
HTTP TRACE用于远程诊断服务器连通性。
方法注释翻译如下
/**
* Called by the server (via the <code>service</code> method)
* to allow a servlet to handle a TRACE request.
(由服务器调用,处理TRACE request)
*
* A TRACE returns the headers sent with the TRACE
* request to the client, so that they can be used in
* debugging. There's no need to override this method.
(TRACE方法把带有TRACE request的头部信息返回给客户端,这些头部信息可以用于调试连通性。
没有必要去覆盖这个方法)
*
* @param req the {@link HttpServletRequest} object that
* contains the request the client made of
* the servlet
*
* @param resp the {@link HttpServletResponse} object that
* contains the response the servlet returns
* to the client
*
* @exception IOException if an input or output error occurs
* while the servlet is handling the
* TRACE request
*
* @exception ServletException if the request for the
* TRACE cannot be handled
*/
代码逻辑并不复杂,按照TRACE的报文格式拼接字符串。
首先是TRACE,
然后拼接URI,
然后拼接Protocol,
然后拼接request报文头的键值对,键值对格式为key:value,键值对用CRLF符号分隔。
完成拼接后得到字符串长度作为ContentLength,
在response头部写入ContentType和ContentLength,然后拼接字符串写入response报文体。
protected void doTrace(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException
{
int responseLength;
String CRLF = "\r\n";
StringBuilder buffer = new StringBuilder("TRACE ").append(req.getRequestURI())
.append(" ").append(req.getProtocol());
Enumeration<String> reqHeaderEnum = req.getHeaderNames();
while( reqHeaderEnum.hasMoreElements() ) {
String headerName = reqHeaderEnum.nextElement();
buffer.append(CRLF).append(headerName).append(": ")
.append(req.getHeader(headerName));
}
buffer.append(CRLF);
responseLength = buffer.length();
resp.setContentType("message/http");
resp.setContentLength(responseLength);
ServletOutputStream out = resp.getOutputStream();
out.print(buffer.toString());
out.close();
return;
}
- protected service方法
protected service方法是HttpServlet的核心。负责接收Servlet接收的所有HTTP请求,然后分发给各方法做处理。
方法注释大该意思就是,protected service方法从public service方法接收标准HTTP request,然后分发给相应的do方法做处理。没必要覆盖这个方法
/**
* Receives standard HTTP requests from the public
* <code>service</code> method and dispatches
* them to the <code>do</code><i>Method</i> methods defined in
* this class. This method is an HTTP-specific version of the
* {@link javax.servlet.Servlet#service} method. There's no
* need to override this method.
*
* @param req the {@link HttpServletRequest} object that
* contains the request the client made of
* the servlet
*
* @param resp the {@link HttpServletResponse} object that
* contains the response the servlet returns
* to the client
*
* @exception IOException if an input or output error occurs
* while the servlet is handling the
* HTTP request
*
* @exception ServletException if the HTTP request
* cannot be handled
*
* @see javax.servlet.Servlet#service
*/
代码逻辑大概就是:首先从request内获取HTTP方法类型赋值给局部变量method,
如果method为GET,则从request获取LastModified属性,如果LastModified为-1,表示没缓存GET请求,直接转给doGet方法进行处理。
如果LastModified 不等于-1,代表有缓存GET请求,接下来从报文头获取ifModifiedSince字段,比较LastModified和ifModifiedSince。
ifModifiedSince代表浏览器问服务器自从某事情起该资源是否更新了?LastModified则代表服务器上该资源是否修改。
如果LastModified小于ifModifiedSince则表示服务器资源没发生变化,返回304,告诉浏览器,资源没变。
如果LastModified大于ifModifiedSince则表示服务器资源发生了变化,调用doGet方法,获取最新资源。
这两个变量之间有一个1000*1000的比例换算。
这种比较是为了尽量利用浏览器端的缓存,减小对服务器的资源访问压力。
如果method为HEAD,转发给doHead方法。
如果method为POST,转发给doPost方法。
如果method为PUT,转发给doPut方法。
如果method为DELETE,转发给doDelete方法。
如果method为OPTIONS,转发给doOptions方法。
如果method为TRACE,转发给doTrace方法。
如果method不匹配以上所有,则返回编码501,填入错误信息。
protected void service(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
String method = req.getMethod();
if (method.equals(METHOD_GET)) {
long lastModified = getLastModified(req);
if (lastModified == -1) {
// servlet doesn't support if-modified-since, no reason
// to go through further expensive logic
doGet(req, resp);
} else {
long ifModifiedSince;
try {
ifModifiedSince = req.getDateHeader(HEADER_IFMODSINCE);
} catch (IllegalArgumentException iae) {
// Invalid date header - proceed as if none was set
ifModifiedSince = -1;
}
if (ifModifiedSince < (lastModified / 1000 * 1000)) {
// If the servlet mod time is later, call doGet()
// Round down to the nearest second for a proper compare
// A ifModifiedSince of -1 will always be less
maybeSetLastModified(resp, lastModified);
doGet(req, resp);
} else {
resp.setStatus(HttpServletResponse.SC_NOT_MODIFIED);
}
}
} else if (method.equals(METHOD_HEAD)) {
long lastModified = getLastModified(req);
maybeSetLastModified(resp, lastModified);
doHead(req, resp);
} else if (method.equals(METHOD_POST)) {
doPost(req, resp);
} else if (method.equals(METHOD_PUT)) {
doPut(req, resp);
} else if (method.equals(METHOD_DELETE)) {
doDelete(req, resp);
} else if (method.equals(METHOD_OPTIONS)) {
doOptions(req,resp);
} else if (method.equals(METHOD_TRACE)) {
doTrace(req,resp);
} else {
//
// Note that this means NO servlet supports whatever
// method was requested, anywhere on this server.
//
String errMsg = lStrings.getString("http.method_not_implemented");
Object[] errArgs = new Object[1];
errArgs[0] = method;
errMsg = MessageFormat.format(errMsg, errArgs);
resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, errMsg);
}
}
- public service方法。
对request和response参数做一下包装,然后转给protected service方法。 - NoBodyResponse内部类
该内部类用于返回无报文体的response。只看一下方法注释就可以了,不需要关注其方法。
方法注释说的很清楚:这是用于支持HTTP HEAD方法的一个response包装器。这个包装器仅仅把报文过一遍,
统计一下报文字节数,以便设置content-length字段。所有其他方法都委托给被包装的HTTP Servlet Response对象。
/*
* A response wrapper for use in (dumb) "HEAD" support.
* This just swallows that body, counting the bytes in order to set
* the content length appropriately. All other methods delegate to the
* wrapped HTTP Servlet Response object.
*/
至此,HttpServlet源码分析完。
本文深入剖析了J2EE核心类HttpServlet的源码,详细解读了其内部工作原理及重要方法,包括doGet、doPost等HTTP请求处理方法。
4109

被折叠的 条评论
为什么被折叠?



