Shulou(Shulou.com)06/03 Report--

This article mainly shows you "whether it is safe to directly inject HttpServletRequst into spring mvc". The content is simple and easy to understand and the organization is clear. I hope it can help you solve your doubts. Let Xiaobian lead you to study and learn this article "whether it is safe to directly inject HttpServletRequst into spring mvc".

HttpServletRequest

The HttpServletRequest object represents the client's request. When the client accesses the server via HTTP protocol, all the information in the HTTP request header is encapsulated in this object. All the information requested by the client can be obtained through the methods provided by this object.

introduction

This article mainly introduces the spring mvc directly injected into HttpServletRequst security related content, seemingly a very simple problem, to track the source code processing under spring

There's a lot of this code in Control that writes springMVC, like getting a request object to do something.

For example:

@Controller@RequestMapping(value = "/user")public class LoanActionPage extends AbstractAction {@RequestMapping(value = "/page/active")public String loanAaccountActivePage(HttpServletRequest request) {// get request to dosomethingString pathInfo = request.getPathInfo();return "active";}}

It seems that every time you want to write a control, you have to pass the request as a live parameter, which is very redundant.

In fact, you can define a request object in control, inject it, and then use it at any time.

For example:

public class AbstractAction { @Autowiredprotected HttpServletRequest request;... ...

And then directly in control:

@Controller@RequestMapping(value = "/user") public class LoanActionPage extends AbstractAction {@RequestMapping(value = "/page/active") public String loanAaccountActivePage() { // get request to dosomethingString pathInfo = request.getPathInfo();return "active"; }}

Then the question comes, sevlet is multithreaded, each request is actually a new object, so directly sharing references, will it cause thread insecurity?

Convenience, the problem also came, servelt is actually multithreaded, sharing a request whether there will be security problems, analysis of the spring code

1. Where does the injected request come from?

Discovery is injected into WebApplicationContextUtils via RequestObjectFactory

Return is the value in RequestContextHolder. Track RequestContextHolder

Each return is actually a request from the implementation class ServletWebRequest(ServletRequestAttributes). Because RequestAttributes belongs to threadLocal, the injected request is thread-safe.

2, spring When is the request object set?

FrameworkServlet-> service()->processRequst()

Each request will set the latest request, set the value

The above is "Spring mvc direct injection HttpServletRequst is not safe" All the content of this article, thank you for reading! I believe that everyone has a certain understanding, hope to share the content to help everyone, if you still want to learn more knowledge, welcome to pay attention to the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.