This section describes ways to acquire user-supplied input, ways to interact with the user's session, potentially dangerous APIs, and security-relevant configuration options on the Java platform.
Java applications acquire user-submitted input via the javax.servlet.http.HttpServletRequest interface, which extends the javax.servlet.ServletRequest interface. These two interfaces contain numerous APIs that web applications can use to access user-supplied data. The APIs listed in Table 19-1 can be used to obtain data from the user request.
getParameter getParameterNames getParameterValues getParameterMap
|Parameters within the URL query string and the body of a POST request are stored as a map of String names to String values, which can be accessed using these APIs.|
|getQueryString||Returns the entire query string contained within the request and can be used as an alternative to the getParameter APIs.|
getHeader getHeaders getHeaderNames
|HTTP headers in the request are stored as a map of String names to String values and can be accessed using these APIs.|
|These APIs return the URL contained within the request, including the query string.|
|getCookies||Returns an array of Cookie objects, which contain details of the cookies received in the request, including their names and values.|