public abstract class WebUtils
extends java.lang.Object
Modifier and Type | Field and Description |
---|---|
static java.lang.String |
CONTENT_TYPE_CHARSET_PREFIX
Prefix of the charset clause in a content type String: ";charset="
|
static java.lang.String |
DEFAULT_CHARACTER_ENCODING
Default character encoding to use when
request.getCharacterEncoding
returns null , according to the Servlet spec. |
static java.lang.String |
DEFAULT_WEB_APP_ROOT_KEY
Default web app root key: "webapp.root"
|
static java.lang.String |
ERROR_EXCEPTION_ATTRIBUTE |
static java.lang.String |
ERROR_EXCEPTION_TYPE_ATTRIBUTE |
static java.lang.String |
ERROR_MESSAGE_ATTRIBUTE |
static java.lang.String |
ERROR_REQUEST_URI_ATTRIBUTE |
static java.lang.String |
ERROR_SERVLET_NAME_ATTRIBUTE |
static java.lang.String |
ERROR_STATUS_CODE_ATTRIBUTE
Standard Servlet 2.3+ spec request attributes for error pages.
|
static java.lang.String |
FORWARD_CONTEXT_PATH_ATTRIBUTE |
static java.lang.String |
FORWARD_PATH_INFO_ATTRIBUTE |
static java.lang.String |
FORWARD_QUERY_STRING_ATTRIBUTE |
static java.lang.String |
FORWARD_REQUEST_URI_ATTRIBUTE
Standard Servlet 2.4+ spec request attributes for forward URI and paths.
|
static java.lang.String |
FORWARD_SERVLET_PATH_ATTRIBUTE |
static java.lang.String |
HTML_ESCAPE_CONTEXT_PARAM
HTML escape parameter at the servlet context level
(i.e.
|
static java.lang.String |
INCLUDE_CONTEXT_PATH_ATTRIBUTE |
static java.lang.String |
INCLUDE_PATH_INFO_ATTRIBUTE |
static java.lang.String |
INCLUDE_QUERY_STRING_ATTRIBUTE |
static java.lang.String |
INCLUDE_REQUEST_URI_ATTRIBUTE
Standard Servlet 2.3+ spec request attributes for include URI and paths.
|
static java.lang.String |
INCLUDE_SERVLET_PATH_ATTRIBUTE |
static java.lang.String |
RESPONSE_ENCODED_HTML_ESCAPE_CONTEXT_PARAM
Use of response encoding for HTML escaping parameter at the servlet context level
(i.e.
|
static java.lang.String |
SESSION_MUTEX_ATTRIBUTE
Key for the mutex session attribute
|
static java.lang.String[] |
SUBMIT_IMAGE_SUFFIXES
Name suffixes in case of image buttons
|
static java.lang.String |
TEMP_DIR_CONTEXT_ATTRIBUTE
Standard Servlet spec context attribute that specifies a temporary
directory for the current web application, of type
java.io.File . |
static java.lang.String |
WEB_APP_ROOT_KEY_PARAM
Web app root key parameter at the servlet context level
(i.e.
|
Constructor and Description |
---|
WebUtils() |
Modifier and Type | Method and Description |
---|---|
static void |
clearErrorRequestAttributes(HttpServletRequest request)
Clear the Servlet spec's error attributes as
HttpServletRequest
attributes under the keys defined in the Servlet 2.3 specification:
javax.servlet.error.status_code ,
javax.servlet.error.exception_type ,
javax.servlet.error.message ,
javax.servlet.error.exception ,
javax.servlet.error.request_uri ,
javax.servlet.error.servlet_name . |
static void |
exposeErrorRequestAttributes(HttpServletRequest request,
java.lang.Throwable ex,
java.lang.String servletName)
Expose the Servlet spec's error attributes as
HttpServletRequest
attributes under the keys defined in the Servlet 2.3 specification, for error pages that
are rendered directly rather than through the Servlet container's error page resolution:
javax.servlet.error.status_code ,
javax.servlet.error.exception_type ,
javax.servlet.error.message ,
javax.servlet.error.exception ,
javax.servlet.error.request_uri ,
javax.servlet.error.servlet_name . |
static void |
exposeRequestAttributes(ServletRequest request,
java.util.Map<java.lang.String,?> attributes)
Deprecated.
as of Spring 4.3.2, in favor of custom code for such purposes
|
static java.lang.String |
extractFilenameFromUrlPath(java.lang.String urlPath)
Deprecated.
as of Spring 4.3.2, in favor of custom code for such purposes
|
static java.lang.String |
extractFullFilenameFromUrlPath(java.lang.String urlPath)
Deprecated.
as of Spring 4.3.2, in favor of custom code for such purposes
(or
UriUtils.extractFileExtension(java.lang.String) for the file extension use case) |
static java.lang.String |
findParameterValue(java.util.Map<java.lang.String,?> parameters,
java.lang.String name)
Obtain a named parameter from the given request parameters.
|
static java.lang.String |
findParameterValue(ServletRequest request,
java.lang.String name)
Obtain a named parameter from the given request parameters.
|
static Cookie |
getCookie(HttpServletRequest request,
java.lang.String name)
Retrieve the first cookie with the given name.
|
static java.lang.Boolean |
getDefaultHtmlEscape(ServletContext servletContext)
Return whether default HTML escaping is enabled for the web application,
i.e.
|
static <T> T |
getNativeRequest(ServletRequest request,
java.lang.Class<T> requiredType)
Return an appropriate request object of the specified type, if available,
unwrapping the given request as far as necessary.
|
static <T> T |
getNativeResponse(ServletResponse response,
java.lang.Class<T> requiredType)
Return an appropriate response object of the specified type, if available,
unwrapping the given response as far as necessary.
|
static java.lang.Object |
getOrCreateSessionAttribute(HttpSession session,
java.lang.String name,
java.lang.Class<?> clazz)
Deprecated.
as of Spring 4.3.2, in favor of custom code for such purposes
|
static java.util.Map<java.lang.String,java.lang.Object> |
getParametersStartingWith(ServletRequest request,
java.lang.String prefix)
Return a map containing all parameters with the given prefix.
|
static java.lang.String |
getRealPath(ServletContext servletContext,
java.lang.String path)
Return the real path of the given path within the web application,
as provided by the servlet container.
|
static java.lang.Object |
getRequiredSessionAttribute(HttpServletRequest request,
java.lang.String name)
Check the given request for a session attribute of the given name.
|
static java.lang.Boolean |
getResponseEncodedHtmlEscape(ServletContext servletContext)
Return whether response encoding should be used when HTML escaping characters,
thus only escaping XML markup significant characters with UTF-* encodings.
|
static java.lang.Object |
getSessionAttribute(HttpServletRequest request,
java.lang.String name)
Check the given request for a session attribute of the given name.
|
static java.lang.String |
getSessionId(HttpServletRequest request)
Determine the session id of the given request, if any.
|
static java.lang.Object |
getSessionMutex(HttpSession session)
Return the best available mutex for the given session:
that is, an object to synchronize on for the given session.
|
static int |
getTargetPage(ServletRequest request,
java.lang.String paramPrefix,
int currentPage)
Deprecated.
as of Spring 4.3.2, in favor of custom code for such purposes
|
static java.io.File |
getTempDir(ServletContext servletContext)
Return the temporary directory for the current web application,
as provided by the servlet container.
|
static boolean |
hasSubmitParameter(ServletRequest request,
java.lang.String name)
Check if a specific input type="submit" parameter was sent in the request,
either via a button (directly with name) or via an image (name + ".x" or
name + ".y").
|
static boolean |
isDefaultHtmlEscape(ServletContext servletContext)
Deprecated.
as of Spring 4.1, in favor of
getDefaultHtmlEscape(javax.servlet.ServletContext) |
static boolean |
isIncludeRequest(ServletRequest request)
Determine whether the given request is an include request,
that is, not a top-level HTTP request coming in from the outside.
|
static boolean |
isSameOrigin(HttpRequest request)
Check if the request is a same-origin one, based on
Origin , Host ,
Forwarded , X-Forwarded-Proto , X-Forwarded-Host and |
static boolean |
isValidOrigin(HttpRequest request,
java.util.Collection<java.lang.String> allowedOrigins)
Check the given request origin against a list of allowed origins.
|
static MultiValueMap<java.lang.String,java.lang.String> |
parseMatrixVariables(java.lang.String matrixVariables)
Parse the given string with matrix variables.
|
static void |
removeWebAppRootSystemProperty(ServletContext servletContext)
Remove the system property that points to the web app root directory.
|
static void |
setSessionAttribute(HttpServletRequest request,
java.lang.String name,
java.lang.Object value)
Set the session attribute with the given name to the given value.
|
static void |
setWebAppRootSystemProperty(ServletContext servletContext)
Set a system property to the web application root directory.
|
public static final java.lang.String INCLUDE_REQUEST_URI_ATTRIBUTE
If included via a RequestDispatcher, the current resource will see the originating request. Its own URI and paths are exposed as request attributes.
public static final java.lang.String INCLUDE_CONTEXT_PATH_ATTRIBUTE
public static final java.lang.String INCLUDE_SERVLET_PATH_ATTRIBUTE
public static final java.lang.String INCLUDE_PATH_INFO_ATTRIBUTE
public static final java.lang.String INCLUDE_QUERY_STRING_ATTRIBUTE
public static final java.lang.String FORWARD_REQUEST_URI_ATTRIBUTE
If forwarded to via a RequestDispatcher, the current resource will see its own URI and paths. The originating URI and paths are exposed as request attributes.
public static final java.lang.String FORWARD_CONTEXT_PATH_ATTRIBUTE
public static final java.lang.String FORWARD_SERVLET_PATH_ATTRIBUTE
public static final java.lang.String FORWARD_PATH_INFO_ATTRIBUTE
public static final java.lang.String FORWARD_QUERY_STRING_ATTRIBUTE
public static final java.lang.String ERROR_STATUS_CODE_ATTRIBUTE
To be exposed to JSPs that are marked as error pages, when forwarding to them directly rather than through the servlet container's error page resolution mechanism.
public static final java.lang.String ERROR_EXCEPTION_TYPE_ATTRIBUTE
public static final java.lang.String ERROR_MESSAGE_ATTRIBUTE
public static final java.lang.String ERROR_EXCEPTION_ATTRIBUTE
public static final java.lang.String ERROR_REQUEST_URI_ATTRIBUTE
public static final java.lang.String ERROR_SERVLET_NAME_ATTRIBUTE
public static final java.lang.String CONTENT_TYPE_CHARSET_PREFIX
public static final java.lang.String DEFAULT_CHARACTER_ENCODING
request.getCharacterEncoding
returns null
, according to the Servlet spec.public static final java.lang.String TEMP_DIR_CONTEXT_ATTRIBUTE
java.io.File
.public static final java.lang.String HTML_ESCAPE_CONTEXT_PARAM
web.xml
): "defaultHtmlEscape".public static final java.lang.String RESPONSE_ENCODED_HTML_ESCAPE_CONTEXT_PARAM
web.xml
): "responseEncodedHtmlEscape".public static final java.lang.String WEB_APP_ROOT_KEY_PARAM
web.xml
): "webAppRootKey".public static final java.lang.String DEFAULT_WEB_APP_ROOT_KEY
public static final java.lang.String[] SUBMIT_IMAGE_SUFFIXES
public static final java.lang.String SESSION_MUTEX_ATTRIBUTE
public static void setWebAppRootSystemProperty(ServletContext servletContext) throws java.lang.IllegalStateException
web.xml
. Default is "webapp.root".
Can be used for tools that support substitution with System.getProperty
values, like log4j's "${key}" syntax within log file locations.
servletContext
- the servlet context of the web applicationjava.lang.IllegalStateException
- if the system property is already set,
or if the WAR file is not expandedWEB_APP_ROOT_KEY_PARAM
,
DEFAULT_WEB_APP_ROOT_KEY
,
WebAppRootListener
,
Log4jWebConfigurer
public static void removeWebAppRootSystemProperty(ServletContext servletContext)
servletContext
- the servlet context of the web applicationsetWebAppRootSystemProperty(javax.servlet.ServletContext)
@Deprecated public static boolean isDefaultHtmlEscape(ServletContext servletContext)
getDefaultHtmlEscape(javax.servlet.ServletContext)
web.xml
(if any). Falls back to false
in case of no explicit default given.servletContext
- the servlet context of the web applicationfalse
)public static java.lang.Boolean getDefaultHtmlEscape(ServletContext servletContext)
web.xml
(if any).
This method differentiates between no param specified at all and an actual boolean value specified, allowing to have a context-specific default in case of no setting at the global level.
servletContext
- the servlet context of the web applicationnull
= no explicit default)public static java.lang.Boolean getResponseEncodedHtmlEscape(ServletContext servletContext)
web.xml
(if any).
This method differentiates between no param specified at all and an actual boolean value specified, allowing to have a context-specific default in case of no setting at the global level.
servletContext
- the servlet context of the web applicationnull
= no explicit default)public static java.io.File getTempDir(ServletContext servletContext)
servletContext
- the servlet context of the web applicationpublic static java.lang.String getRealPath(ServletContext servletContext, java.lang.String path) throws java.io.FileNotFoundException
Prepends a slash if the path does not already start with a slash,
and throws a FileNotFoundException if the path cannot be resolved to
a resource (in contrast to ServletContext's getRealPath
,
which returns null).
servletContext
- the servlet context of the web applicationpath
- the path within the web applicationjava.io.FileNotFoundException
- if the path cannot be resolved to a resourceServletContext.getRealPath(java.lang.String)
public static java.lang.String getSessionId(HttpServletRequest request)
request
- current HTTP requestnull
if nonepublic static java.lang.Object getSessionAttribute(HttpServletRequest request, java.lang.String name)
request
- current HTTP requestname
- the name of the session attributenull
if not foundpublic static java.lang.Object getRequiredSessionAttribute(HttpServletRequest request, java.lang.String name) throws java.lang.IllegalStateException
request
- current HTTP requestname
- the name of the session attributenull
if not foundjava.lang.IllegalStateException
- if the session attribute could not be foundpublic static void setSessionAttribute(HttpServletRequest request, java.lang.String name, java.lang.Object value)
request
- current HTTP requestname
- the name of the session attributevalue
- the value of the session attribute@Deprecated public static java.lang.Object getOrCreateSessionAttribute(HttpSession session, java.lang.String name, java.lang.Class<?> clazz) throws java.lang.IllegalArgumentException
session
- current HTTP sessionname
- the name of the session attributeclazz
- the class to instantiate for a new attributejava.lang.IllegalArgumentException
- if the session attribute could not be instantiatedpublic static java.lang.Object getSessionMutex(HttpSession session)
Returns the session mutex attribute if available; usually,
this means that the HttpSessionMutexListener needs to be defined
in web.xml
. Falls back to the HttpSession itself
if no mutex attribute found.
The session mutex is guaranteed to be the same object during
the entire lifetime of the session, available under the key defined
by the SESSION_MUTEX_ATTRIBUTE
constant. It serves as a
safe reference to synchronize on for locking on the current session.
In many cases, the HttpSession reference itself is a safe mutex as well, since it will always be the same object reference for the same active logical session. However, this is not guaranteed across different servlet containers; the only 100% safe way is a session mutex.
session
- the HttpSession to find a mutex fornull
)SESSION_MUTEX_ATTRIBUTE
,
HttpSessionMutexListener
public static <T> T getNativeRequest(ServletRequest request, java.lang.Class<T> requiredType)
request
- the servlet request to introspectrequiredType
- the desired type of request objectnull
if none
of that type is availablepublic static <T> T getNativeResponse(ServletResponse response, java.lang.Class<T> requiredType)
response
- the servlet response to introspectrequiredType
- the desired type of response objectnull
if none
of that type is availablepublic static boolean isIncludeRequest(ServletRequest request)
Checks the presence of the "javax.servlet.include.request_uri" request attribute. Could check any request attribute that is only present in an include request.
request
- current servlet requestpublic static void exposeErrorRequestAttributes(HttpServletRequest request, java.lang.Throwable ex, java.lang.String servletName)
HttpServletRequest
attributes under the keys defined in the Servlet 2.3 specification, for error pages that
are rendered directly rather than through the Servlet container's error page resolution:
javax.servlet.error.status_code
,
javax.servlet.error.exception_type
,
javax.servlet.error.message
,
javax.servlet.error.exception
,
javax.servlet.error.request_uri
,
javax.servlet.error.servlet_name
.
Does not override values if already present, to respect attribute values that have been exposed explicitly before.
Exposes status code 200 by default. Set the "javax.servlet.error.status_code" attribute explicitly (before or after) in order to expose a different status code.
request
- current servlet requestex
- the exception encounteredservletName
- the name of the offending servletpublic static void clearErrorRequestAttributes(HttpServletRequest request)
HttpServletRequest
attributes under the keys defined in the Servlet 2.3 specification:
javax.servlet.error.status_code
,
javax.servlet.error.exception_type
,
javax.servlet.error.message
,
javax.servlet.error.exception
,
javax.servlet.error.request_uri
,
javax.servlet.error.servlet_name
.request
- current servlet request@Deprecated public static void exposeRequestAttributes(ServletRequest request, java.util.Map<java.lang.String,?> attributes)
request
- current HTTP requestattributes
- the attributes Mappublic static Cookie getCookie(HttpServletRequest request, java.lang.String name)
request
- current servlet requestname
- cookie namenull
if none is foundpublic static boolean hasSubmitParameter(ServletRequest request, java.lang.String name)
request
- current HTTP requestname
- name of the parameterSUBMIT_IMAGE_SUFFIXES
public static java.lang.String findParameterValue(ServletRequest request, java.lang.String name)
See findParameterValue(java.util.Map, String)
for a description of the lookup algorithm.
request
- current HTTP requestname
- the logical name of the request parameternull
if the parameter does not exist in given requestpublic static java.lang.String findParameterValue(java.util.Map<java.lang.String,?> parameters, java.lang.String name)
This method will try to obtain a parameter value using the following algorithm:
parameters
- the available parameter mapname
- the logical name of the request parameternull
if the parameter does not exist in given requestpublic static java.util.Map<java.lang.String,java.lang.Object> getParametersStartingWith(ServletRequest request, java.lang.String prefix)
For example, with a prefix of "spring_", "spring_param1" and "spring_param2" result in a Map with "param1" and "param2" as keys.
request
- HTTP request in which to look for parametersprefix
- the beginning of parameter names
(if this is null or the empty string, all parameters will match)ServletRequest.getParameterNames()
,
ServletRequest.getParameterValues(java.lang.String)
,
ServletRequest.getParameterMap()
@Deprecated public static int getTargetPage(ServletRequest request, java.lang.String paramPrefix, int currentPage)
request
- current servlet requestparamPrefix
- the parameter prefix to check for
(e.g. "_target" for parameters like "_target1" or "_target2")currentPage
- the current page, to be returned as fallback
if no target page specified@Deprecated public static java.lang.String extractFilenameFromUrlPath(java.lang.String urlPath)
urlPath
- the request URL path (e.g. "/index.html")@Deprecated public static java.lang.String extractFullFilenameFromUrlPath(java.lang.String urlPath)
UriUtils.extractFileExtension(java.lang.String)
for the file extension use case)urlPath
- the request URL path (e.g. "/products/index.html")public static MultiValueMap<java.lang.String,java.lang.String> parseMatrixVariables(java.lang.String matrixVariables)
"q1=a;q1=b;q2=a,b,c"
. The resulting map would contain
keys "q1"
and "q2"
with values ["a","b"]
and
["a","b","c"]
respectively.matrixVariables
- the unparsed matrix variables stringnull
)public static boolean isValidOrigin(HttpRequest request, java.util.Collection<java.lang.String> allowedOrigins)
Note: this method may use values from "Forwarded"
(RFC 7239),
"X-Forwarded-Host", "X-Forwarded-Port", and "X-Forwarded-Proto" headers,
if present, in order to reflect the client-originated address.
Consider using the ForwardedHeaderFilter
in order to choose from a
central place whether to extract and use, or to discard such headers.
See the Spring Framework reference for more on this filter.
true
if the request origin is valid, false
otherwisepublic static boolean isSameOrigin(HttpRequest request)
Origin
, Host
,
Forwarded
, X-Forwarded-Proto
, X-Forwarded-Host
andtrue
if the request is a same-origin one, false
in case
of cross-origin request