介绍一下servlet相关知识点,方便学习
对servlet的命名可以通过在/WEB-INF/web.xml中进行映射,也可以通过调用者servlet来进行调用。
例如:
一.对一个com.tyy.ServletExample.java进行访问(应用程序根目录为/tomcat_test)
<servlet> <servlet-name>ServletExample</servlet-naem> <servlet-class>com.tyy.ServletExample</servlet-class> </servlet>
<servlet-mapping> <servlet-name>ServletExample</servlet-name> <url-pattern>/ServletExample</url-pattern> </servlet-mapping>
|
现在就可以通过两种方法进行访问:
1. http://localhost:8080/tomcat_test/ServletExample
2. http://localhost:8080/tomcat_test/servlet/com.tyy.ServletExample
也即可以通过这样的方式来进行调用:
1. http://localhost:8080/<Application-Directory>/<servlet-mapping-name>
2. http://localhost:8080/<Application-Directory>/<full-servlet-name>
注:
对于第二种方法的调用,需要解除注释%CATALINA_HOME%/conf/web.xml中的如下这样一段代码,因为这段代码在默认的情况下是注释掉的。
目的:
此种情况称为禁用调用者servlet,是为了保证servlet只有由web.xml中servlet-mapping元素指定的路径方可调用
<servlet> <servlet-name>invoker</servlet-name> <servlet-class> org.apache.catalina.servlets.InvokerServlet </servlet-class> <init-param> <param-name>debug</param-name> <param-value>0</param-value> </init-param> <load-on-startup>2</load-on-startup> </servlet>
<servlet-mapping> <servlet-name>invoker</servlet-name> <url-pattern>/servlet/*</url-pattern> </servlet-mapping> |
二.可以将Servlet作为一个controller,以实现对所有的请求的统一控制
<servlet> <servlet-name>ControllerServlet</servler-name> <servlet-class>com.tyy.ControlServlet</servlet-class> </servlet>
<servlet-mapping> <servlet-name>Controller</servlet-name> <url-pattern>/*</url-pattern> </servlet-mapping>
<servlet-mapping> <url-pattern>/servlet/*</url-pattern> </servlet-mapping> |
注:
1. <url-pattern>/servlet/*<url-pattern>这一句主要是为了防止
http://localhost:8080/<Application-Directory>/<servlet-mapping-name>来绕过控制器servlet。
故必须用自己的servlet-mapping来覆盖默认的调用者servlet。
这样所有的调用都会转到对此controller servlet的调用
3. 控制器servlet的作用:
a) 可以对请求进行一系列的检查,判断请求是否合法,在进行跳转。例如:
i. ----------------------------------CotrollerServlet.java------------------------------
ii.
三.
可以通过将静态html或动态jsp映射到ControllerServlet。例如:
<servlet> <servlet-name>ControllerServlet</servelt-name> <servlet-class>com.tyy.ControllerServlet</servlet-class> </servlet>
<servlet-mapping> <servlet-name>ControllerServlet</servlet-name> <url-pattern>*.jsp</url-pattern> </servlet-mapping>
<servlet-mapping> <servlet-name>ControllerServlet</servlet-name> <url-pattern>*.html</url-pattern> </servlet-mapping> |
这样任何对后缀为.html或.jsp的调用都会自动映射到com.tyy.ControllerSerlvet上。
四.
防止对com.tyy.ControllerServlet以外的servlet进行不合法的访问。
1. 解决办法:
a) 在/WEB-INF/web.xml中使用security-constraint(约束,强制)元素防止web用户对非controller servlet进行请求
2.使用javax.servlet.RequestDispatcher转发请求
void forward(ServletRequest request, ServletResponse response) throws ServletException, IOException
|
//---------------Controller.java------------------------ package com.tyy;
import javax.servlet.*; import javax.servlet.http.*; import java.io.*;
public class Controller extends HttpServlet { @Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { process(request, response);
} @Override public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { process(request, response); }
private void process(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { RequestDispatcher dispatcher = null; String param = request.getParameter("go"); if(param == null) throw new ServletException("Missing parameter in controller."); else if(param.equals("weather")) { dispatcher = request.getRequestDispatcher("/weather");
} else if(param.equals("maps")) { dispatcher = request.getRequestDispatcher("/maps");
} else throw new ServletException("Improper parameter passwd to Controller.");
if(dispatcher != null) dispatcher.forward(request, response); else throw new ServletException("Controller received a null dispatcher from request object.");
} }
/* <servlet> <servlet-name>Controller</servlet-name> <servlet-class>com.tyy.Controller</servlet-class> </servlet>
<servlet-mapping> <servlet-name>Controller</servlet-name> <url-pattern>/*</url-pattern> </servlet-mapping>
<servlet-mapping> <servlet-name>Controller</servlet-name> <url-pattern>/servlet/*</url-pattern> </servlet-mapping> */ |
--------------com.tyy.Weather------------------ package com.tyy;
import javax.servlet.*; import javax.servlet.http.*; import java.io.*;
public class Weather extends HttpServlet { @Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { process(request, response); }
@Override public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { process(request, response); }
private void process(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { PrintWriter out = response.getWriter(); out.println("<html>"); out.println("<hody>"); out.println("This is a Weather Servlet page,WElcome to here!"); out.println("</body>"); out.println("</html>"); } }
/* <servlet> <servlet-name>Weather</servlet-name> <servlet-class>com.tyy.Weather</servlet-class> </servlet>
<servlet-mapping> <servlet-name>Weather</servlet-name> <url-pattern>/weather</url-pattern> </servlet-mapping> */ |
---------------com.tyy.Maps--------------- package com.tyy;
import javax.servlet.*; import javax.servlet.http.*; import java.io.*;
public class Maps extends HttpServlet { @Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { process(request, response); }
@Override public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { process(request, response); }
private void process(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // response.setContentType("text/html;charset='gb2312'"); PrintWriter out = response.getWriter(); out.println("<html>"); out.println("<hody>"); out.println("<h1>"); out.println("This is a Maps Servlet page,WElcome to here!"); out.println("</h1>"); out.println("</body>"); out.println("</html>"); } }
/* <servlet> <servlet-name>Maps</servlet-name> <servlet-class>com.tyy.Maps</servlet-class> </servlet>
<servlet-mapping> <servlet-name>Maps</servlet-name> <url-pattern>/maps</url-pattern> </servlet-mapping> */ |
该例用于简单的测试,当http://localhost:8080/JSPProject/home?go=weather可以进行跳转,缺点:
使用http://localhost:8080/JSPProject/weather或http://localhost:8080/JSPProject/home?go=weather也可以访问资源。当
需要对某些资源进行保护时就会出现问题。
可以在web.xml中配置
<security-constraint> <web-resource-collection> <web-resource-name>Weather</web-resource-name> <url-pattern>/weather</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <web-resource-collection> <web-resource-name>Maps</web-resource-name> <url-pattern>/maps</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <description>This applies only to the "tomcat" security role</description> <role-name>admin</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint>
|
2. 使用javax.servlet.ServletContext.getNamedDispatcher(String name)转发请求
RequestDispatcher getNamedDispatcher(String name) |
3. javax.servlet.RequestDispatcher Request.getRequestDispatcher(String path) 与 javax.servlet.ServletContext.getNamedDispatcher(String name)两种转发请求方法的区别: