Servlet线程不安全问题及解决办法

Servlet安全性问题

当用户发送Http请求的时候,tomcat会读取web.xml中的内容,加载所定义的Servlet并实例化该Servlet.Servlet只实例化一次,tomcat中Servlet是单例的.同一个Servlet可以同时处理多个用户请求,比如同时有两个用户A和用户B登录时,会启动两个负责登录的Servlet线程,并且触发Service方法才处理请求.所以在Servlet处理共享数据的时候,会出现线程安全问题.

举例

import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@WebServlet(name = "ThreadServlet", urlPatterns = {"/ThreadServlet"})
public class ThreadServlet extends HttpServlet {
    //共享数据
  private int count=0;

  protected void doPost(HttpServletRequest request,
      HttpServletResponse response)
      throws ServletException, IOException {
    this.doGet(request, response);
  }

  protected void doGet(HttpServletRequest request,
      HttpServletResponse response)
      throws ServletException, IOException {
    response.setContentType("text/html;charset=utf-8");
    PrintWriter out = response.getWriter();
    String threadName =  Thread.currentThread().getName();
    for (int i = 0; i < 1000; i++) {
      System.out.println(threadName+"  Count:"+count);
      try {
        Thread.sleep(100);
        count ++;
      } catch (InterruptedException e) {
        e.printStackTrace();
      }
    }
  }
}

部分输出:

http-nio-8080-exec-5  Count:5027
http-nio-8080-exec-4  Count:5028
http-nio-8080-exec-7  Count:5029
http-nio-8080-exec-3  Count:5030
http-nio-8080-exec-6  Count:5032
http-nio-8080-exec-8  Count:5032
http-nio-8080-exec-5  Count:5033

可以看出,出现了数据错误.

解决办法

  • 尽量使用局部变量
    使用全局变量会出现线程安全问题,所以我们可以尽量使用局部变量.在Servlet中,负责保存上下文ServletContext和负责处理Session对象的HttpSession是线程不安全的,而负责处理请求的ServletRequest是线程安全的.
  • 加锁
    用synchronized进行保护,但是要尽量的缩小保护范围.
protected void doGet(HttpServletRequest request,
      HttpServletResponse response)
      throws ServletException, IOException {
    response.setContentType("text/html;charset=utf-8");
    PrintWriter out = response.getWriter();
    String threadName =  Thread.currentThread().getName();
    synchronized (this){
      for (int i = 0; i < 1000; i++) {
        System.out.println(threadName+"  Count:"+count);
        try {
          Thread.sleep(100);
          count ++;
        } catch (InterruptedException e) {
          e.printStackTrace();
        }
      }
    }
  }
  • ThreadLocal
    ThreadLocal为每一个线程提供一个变量副本,线程之前该变量是独立的.可以通过ThreadLocal解决Servlet单例线程不安全问题.
package com.liushiyao.servlet.thread;


import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/*
    使用ThreadLocal的解决Servlet线程安全问题

    Servlet:单例多线程,线程不安全
    ThreadLocal:为每个线程复制一个变量副本,线程之间数据不共享


 */
@WebServlet(name = "ThreadLocalLocalServlet",urlPatterns = "/ThreadLocalServlet")
public class ThreadLocalServlet extends HttpServlet{

  //使用ThreadLocal,为每个线程创建一个变量副本
  private ThreadLocal threadLocal = new ThreadLocal(){
    @Override
    protected Object initialValue() {
      return new Integer(0);
    }
  };

  @Override
  protected void doGet(HttpServletRequest req, HttpServletResponse resp)
      throws ServletException, IOException {
    resp.setContentType("text/html;charset=utf-8");
    PrintWriter out = resp.getWriter();
    String threadName =  Thread.currentThread().getName();
      for (int i = 0; i < 1000; i++) {
        System.out.println(threadName+"  Count:"+threadLocal.get());
        try {
          Thread.sleep(100);
          int count = ((Integer)(threadLocal.get())).intValue();
          count ++;
          threadLocal.set(count);
        } catch (InterruptedException e) {
          e.printStackTrace();
        }
    }
  }

  @Override
  protected void doPost(HttpServletRequest req, HttpServletResponse resp)
      throws ServletException, IOException {
    super.doPost(req, resp);
  }
}
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值