Pie*_*rre 3 java servlets httpresponse member httprequest
将HttpServletRequest和HttpServletResponse临时存储为HttpServlet的两个字段(见下文)是一种好的做法/安全吗?如果没有,为什么?
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class Test extends HttpServlet
{
private HttpServletRequest req;
private HttpServletResponse resp;
@Override
protected void doPost(
HttpServletRequest req,
HttpServletResponse resp
)
throws ServletException, IOException
{
try
{
this.req=req;
this.resp=resp;
do1();
do2();
}
finally
{
this.req=null;
this.resp=null;
}
}
private void do1() throws ServletException, IOException
{
//use req resp
}
private void do2() throws ServletException, IOException
{
//use req resp
}
}
或者我应该调用类似的东西:
do1(req,resp);
do2(req,resp);
将HttpServletRequest和HttpServletResponse临时存储为HttpServlet的两个字段(见下文)是一种好的做法/安全吗?
没有!
如果没有,为什么?
因为servlet 必须是线程安全的.多个线程将同时通过该servlet对象.如果将请求/响应存储在字段中,则线程安全性会消失.
不要试图采取这种捷径只是为了避免参数传递的视觉不愉快.
如果您确实必须避免参数,则将请求/响应存储在java.lang.ThreadLocal字段中.这仍然是不好的做法,但至少现在它将是线程安全的.
| 归档时间: |
|
| 查看次数: |
1166 次 |
| 最近记录: |