En español

Parameters, GET and POST methods in Servlets.

The parameters are the way in which a client or user can send information to the Http Server. For example, in a login screen, we need to send to the server, the user and the password so that it validates them.

How does the client or the Browser send these parameters using the methods GET or POST, is explained in the tutorial Web Server or HTTP Server. What we are going to see in this tutorial is how to recover this information in the server, using the API Servlet.

The first thing we are going to do is to create in our site a page "login.html" with the following content:

<html>
<body>
	<form action="login" method="get">
		<table>
			<tr>
				<td>User</td>
				<td><input name="user" /></td>
			</tr>
			<tr>
				<td>password</td>
				<td><input name="password" /></td>
			</tr>
		</table>
		<input type="submit" />
	</form>
</body>
</html>

Then, we create a Servlet which receives the request in /login , which is the indicated direction in the action attribute of the tag <form> of login.html

package com.edu4java.servlets;

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class LoginServlet extends HttpServlet {
	@Override
	protected void doGet(HttpServletRequest req, HttpServletResponse resp)
			throws ServletException, IOException {
		String user = req.getParameter("user");
		String pass = req.getParameter("password");
		if ("edu4java".equals(user) && "eli4java".equals(pass)) {
			response(resp, "login ok");
		} else {
			response(resp, "invalid login");
		}
	}

	private void response(HttpServletResponse resp, String msg)
			throws IOException {
		PrintWriter out = resp.getWriter();
		out.println("<html>");
		out.println("<body>");
		out.println("<t1>" + msg + "</t1>");
		out.println("</body>");
		out.println("</html>");
	}
}

We compilate this Servlet and we include LoginServlet.class in the folder /WEB-INF/classes. We modify web.xml to link /login with this Servlet. 

<web-app>
	<servlet>
		<servlet-name>timeservlet</servlet-name>
		<servlet-class>com.edu4java.servlets.FirstServlet</servlet-class>
	</servlet>
	<servlet>
		<servlet-name>login-servlet</servlet-name>
		<servlet-class>com.edu4java.servlets.LoginServlet</servlet-class>
	</servlet>
	<servlet-mapping>
		<servlet-name>timeservlet</servlet-name>
		<url-pattern>/what-time-is-it</url-pattern>
	</servlet-mapping>
	<servlet-mapping>
		<servlet-name>login-servlet</servlet-name>
		<url-pattern>/login</url-pattern>
	</servlet-mapping>
</web-app>

We restart the server, open the page login.html, write an "x" in user, write an "x" in password and click on the submit button.

As a response we receive

indicating that the login has failed. If we repeate the operation with "edu4java" as user and "eli4java" as password we obtain

The problem here is that the secret password is visible in the URL …/login?user=edu4java&password=eli4java, it will be kept in the history of the Browser and anybody who access the Browser after us can obtain it easily. This can be solved changing the way of sending the form and using the method POST in login.html.

<html>
<body>
	<form action="login" method="post">
		<table>
			<tr>
				<td>User</td>
				<td><input name="user" /></td>
			</tr>
			<tr>
				<td>password</td>
				<td><input name="password" /></td>
			</tr>
		</table>
		<input type="submit" />
	</form>
</body>
</html>

Reusing login.html, we will use the following error.

What is happening here is that we haven´t implemented the doPost method (we have only implemented doGet), so our Servlet is not able to receive POST requests. In the following code we can see the necessary modifications to make it work. 

package com.edu4java.servlets;

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class LoginServlet extends HttpServlet {
	@Override
	protected void doPost(HttpServletRequest req, HttpServletResponse resp)
			throws ServletException, IOException {
		String user = req.getParameter("user");
		String pass = req.getParameter("password");
		if ("edu4java".equals(user) && "eli4java".equals(pass)) {
			response(resp, "login ok");
		} else {
			response(resp, "invalid login");
		}
	}

	private void response(HttpServletResponse resp, String msg)
			throws IOException {
		PrintWriter out = resp.getWriter();
		out.println("<html>");
		out.println("<body>");
		out.println("<t1>" + msg + "</t1>");
		out.println("</body>");
		out.println("</html>");
	}
}

The only change is the replacement of doGet for doPost. After the recompilation, the deployment of the Servlet, the restart of the server and the reuse of login.html we obtain

We can see that the parameters of the URL have dissapeared.

<< First Servlet, website structure according to J2EE standards. Use of Eclipse IDE for Java EE Developers >>