WebApp Sec mailing list archives

Re: When GET = POST?

From: Jason Childers <childers_j () yahoo com>
Date: Mon, 11 Nov 2002 10:17:34 -0800 (PST)

J2EE app servers allow for discretionary functionality
based on the type of request that comes in, but it's
more than common-place to just wrap the methods in
question so that there's a single point of entry (or
so it seems) into the webapp.

Here's an excerpt from the
javax.servlet.http.HTTPServlet class for J2EE 1.3.x:

"Provides an abstract class to be subclassed to create
an HTTP servlet suitable for a Web site. A subclass of
HttpServlet must override at least one method, usually
one of these: 

- doGet, if the servlet supports HTTP GET requests 
- doPost, for HTTP POST requests 
- doPut, for HTTP PUT requests 
- doDelete, for HTTP DELETE requests 
- init and destroy, to manage resources that are held
for the life of the servlet 
- getServletInfo, which the servlet uses to provide
information about itself"

You can check out the javadocs here:
http://java.sun.com/j2ee/sdk_1.3/techdocs/api/index.html

Most webapp functionality is almost entirely dependent
on doGet and doPost, and most webapps I've seen either
wrap one or the other... for example:

public class MyServlet extends HTTPServlet {
    
    public void doGet (Request req, Response resp) {

        // just forward this to the doPost method
        this.doPost(req, resp);
    }

    public void doPost (Request req, Response resp) {
        // do what you want to do with the request
here
    }
}

Note that the above signatures aren't the exact method
signatures, but they indicate the idea.

I'm working with the Apache Struts framework right now
which hides a lot of the controller implementation
from the developer.  I haven't take a look to see
exactly what they do behind the scenes, whether they
wrap functionality or not... but I'm about to, 'cause
this thread has gotten me curious. ;)

Hope that gives you some idea of how J2EE apps are
being developed.

Cheers,
-Jason


__________________________________________________
Do you Yahoo!?
U2 on LAUNCH - Exclusive greatest hits videos
http://launch.yahoo.com/u2

Current thread:

When GET = POST? Chris Thomas (Nov 08)
- Re: When GET = POST? Alonso Robles (Nov 09)
  - Re: When GET = POST? Jonas Anden (Nov 10)
    - Re: When GET = POST? Vincent Janelle (Nov 10)
- Re: When GET = POST? David Bullock (Nov 09)
- RE: When GET = POST? Tony Welsh (Nov 09)
  - Re: When GET = POST? Adrian Wiesmann (Nov 10)
- Re: When GET = POST? Kevin Spett (Nov 11)
  - Re: When GET = POST? Jason Childers (Nov 11)
- Re: When GET = POST? Charles Miller (Nov 11)
  - Re: When GET = POST? Jeff Dafoe (Nov 11)
    - Re: When GET = POST? Jason Healy (Nov 11)
  - Re: When GET = POST? Kevin Spett (Nov 12)
    - Re: When GET = POST? Daniel Hedrick (Nov 12)
- <Possible follow-ups>
- Re: When GET = POST? Steven M. Christey (Nov 11)
- RE: When GET = POST? Glyn Geoghegan (Nov 14)
- RE: When GET = POST? Glyn Geoghegan (Nov 14)