Menu
I'm confused about the access modifier of the doGet(), doPost() and other methods of HttpServlet class.
Why are they protected?
As per my understanding, the protected modifier of doGet() means that a client has to be in the same package (or a child - through inheritance) to access doGet(). So how will the invoking JSP or the container access it?
411
Because doGet() is called by the service() method. and service method. And they both are in the same package.So the doGet method is protected.
If you going to use doGet() method this will append the your username and password end of url.So it is not secure.So i suggest you that go for doPost() method that is more secure. And if you want more security you also go SSL(Secure Socket Layer).
->doGet() shall be used when small amount of data and insensitive data like a query has to be sent as a request. ->doPost() shall be used when comparatively large amount of sensitive data has to be sent. Examples are sending data after filling up a form or sending login id and password.
doget() is request information. dopost() is provide information. In doget() parameters are appended to URL and sent with header information. In dopost(), on the other hand, will send the information through socket back to the webservers and it won't show in the URL bar.
They're protected primarily for two reasons.
HttpServlet can override them. Well, they can also be overridden if they were public, but see point #1.Now your other question, "So how will the invoking JSP or the Container access it?"
HttpServlet implements the Servlet interface, which declares a service(ServletRequest, ServletResponse) method. This, of course, by default becomes public in HttpServlet. This is the primary entry point (for containers) to call into HttpServlet implementations.
My guess (I haven't dived into the source) is that the default implementation of HttpServlet checks the ServletRequest object passed in, which is actually an HttpServletRequest and which defines a getMethod() method that returns the HTTP method used. It then dispatches to either doGet() or doPost() depending on the HTTP request method.
102
Here's from the official javadoc.
Provides an abstract class to be subclassed to create an HTTP servlet suitable for a Web site. A subclass of HttpServlet must override at least one method, usually one of these:
doGet, if the servlet supports HTTP GET requests
doPost, for HTTP POST requests
doPut, for HTTP PUT requests
doDelete, for HTTP DELETE requests
init and destroy, to manage resources that are held for the life of the servlet
getServletInfo, which the servlet uses to provide information about itself
And also
There's almost no reason to override the service method. service handles standard HTTP requests by dispatching them to the handler methods for each HTTP request type (the doXXX methods listed above).
And in the docs for doGet method:
Called by the server (via the service method) to allow a servlet to handle a GET request.
So HttpServlet is designed for inheritance and the entry point is the service method. Hence doGet is protected to enforce clear API.
37
doGet and doPost are the basic methods in generating and sending the HttpResponse to the client (i.e usually Browser or HttpClient)
Also, The container calls the Servlet.service() method which is public. It then calls the HttpServlet.service() method which is protected and it then call doGet()/doPost() method.
2
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
