Introduction to HttpServletRequest
The HttpServletRequest object represents the client's request. When the client accesses the server through the HTTP protocol, all the information in the HTTP request header is encapsulated in this object. Through the method provided by this object, all the information requested by the client can be obtained.
introduction
This article mainly introduces related content about the security of spring mvc direct injection of HttpServletRequest. It seems a very simple question, so we can track the source code processing of spring
There are a lot of this kind of code in the Control that writes springMVC, if you need to get the request object to do something
like:
@Controller@RequestMapping(value = "/user")public class LoanActionPage extends AbstractAction {@RequestMapping(value = "/page/active")public String loanAaccountActivePage(HttpServletRequest request) {// get request to dosomethingString pathInfo = request.getPathInfo();return "active";}}It seems that every time I want to write a control, I have to pass the request as the parameter, which is very redundant.
In fact, you can define a request object in the control, inject it, and then use it at any time.
like:
public class AbstractAction { @Autowiredprotected HttpServletRequest request;... ...Then use it directly in control:
@Controller@RequestMapping(value = "/user") public class LoanActionPage extends AbstractAction {@RequestMapping(value = "/page/active") public String loanAaccountActivePage() { // get request to dosomethingString pathInfo = request.getPathInfo();return "active"; }}So the question is, sevlets are multi-threaded, and the request each time they request is actually a new object. Will sharing references directly cause thread insecure?
It's convenient, and the problem is also here. Servert is actually multi-threaded. Is there any security problem with sharing a request? Analyze the spring code
1. Where does the injected request come from?
It is found that the injection is actually going to WebApplicationContextUtils to get the value through the RequestObjectFactory and track it
Returns the value in RequestContextHolder. Tracks RequestContextHolder
The request returned every time is actually the request in the implementation class ServletWebRequest(ServletRequestAttributes). Because RequestAttributes belongs to threadLocal, the injected request is also thread-safe.
2. When is the request object set by spring?
HttpServlet implementation class FrameworkServlet-> service()->processRequst()
Each request will set the latest request and set the value
Summarize
The above is the entire content of this article. I hope that the content of this article has certain reference value for everyone's study or work. If you have any questions, you can leave a message to communicate. Thank you for your support to Wulin.com.