在 J2EE WebFilter 过滤器中使用静态方法是否安全?
Is it safe to use static methods in J2EE WebFilter filters?
我想知道在 J2ee Web 过滤器中使用静态方法是否安全(没有死锁的可能性),或者我应该使用实例方法吗?
我有以下 doFilter 方法
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
String contextPath = httpServletRequest.getContextPath();
if ((httpServletRequest.getRequestedSessionId() != null &&
!httpServletRequest.isRequestedSessionIdValid()) || (loginBean == null || loginBean.getUserId() == -1)) {
httpServletResponse.sendRedirect(contextPath + Navigation.getLoginURL());
} else {
chain.doFilter(request, response);
}
}
哪里
Navigation.getLoginURL()
是静态方法。这可能会导致僵局吗?
这是一个静态方法的要点是不依赖于 Filter 实例的状态;登录 url 在整个应用程序中是相同的。由于没有状态需要保护,所以没有理由锁定任何东西。
在静态方法中调用某些锁定的东西(如 System.out.println)并不意味着您的代码会死锁。 Java 实现 api servlet 和过滤器的 EE 代码应避免进行大量锁定,因为它需要支持高级别的并发性。
从实施者的角度来看这一点应该可以帮助您决定可以安全地调用什么,请参阅 Java 并发实践中的这句话,第 4.5.1 节(解释模糊文档):
You are going to have to guess. One way to improve the quality of your guess is to interpret the specification from the perspective of someone who will implement it (such as a container or database vendor), as opposed to someone who will merely use it. Servlets are always called from a container-managed thread, and it is safe to assume that if there is more than one such thread, the container knows this. The servlet container makes available certain objects that provide service to multiple servlets, such as HttpSession or ServletContext. So the servlet container should expect to have these objects accessed concurrently, since it has created multiple threads and called methods like Servlet.service from them that could reasonably be expected to access the ServletContext.
Since it is impossible to imagine a single-threaded context in which these objects would be useful, one has to assume that they have been made thread-safe, even though the specification does not explicitly require this. Besides, if they required client-side locking, on what lock should the client code synchronize? The documentation doesn't say, and it seems absurd to guess. This “reasonable assumption” is further bolstered by the examples in the specification and official tutorials that show how to access ServletContext or HttpSession and do not use any client-side synchronization.
我想知道在 J2ee Web 过滤器中使用静态方法是否安全(没有死锁的可能性),或者我应该使用实例方法吗? 我有以下 doFilter 方法
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
String contextPath = httpServletRequest.getContextPath();
if ((httpServletRequest.getRequestedSessionId() != null &&
!httpServletRequest.isRequestedSessionIdValid()) || (loginBean == null || loginBean.getUserId() == -1)) {
httpServletResponse.sendRedirect(contextPath + Navigation.getLoginURL());
} else {
chain.doFilter(request, response);
}
}
哪里
Navigation.getLoginURL()
是静态方法。这可能会导致僵局吗?
这是一个静态方法的要点是不依赖于 Filter 实例的状态;登录 url 在整个应用程序中是相同的。由于没有状态需要保护,所以没有理由锁定任何东西。
在静态方法中调用某些锁定的东西(如 System.out.println)并不意味着您的代码会死锁。 Java 实现 api servlet 和过滤器的 EE 代码应避免进行大量锁定,因为它需要支持高级别的并发性。
从实施者的角度来看这一点应该可以帮助您决定可以安全地调用什么,请参阅 Java 并发实践中的这句话,第 4.5.1 节(解释模糊文档):
You are going to have to guess. One way to improve the quality of your guess is to interpret the specification from the perspective of someone who will implement it (such as a container or database vendor), as opposed to someone who will merely use it. Servlets are always called from a container-managed thread, and it is safe to assume that if there is more than one such thread, the container knows this. The servlet container makes available certain objects that provide service to multiple servlets, such as HttpSession or ServletContext. So the servlet container should expect to have these objects accessed concurrently, since it has created multiple threads and called methods like Servlet.service from them that could reasonably be expected to access the ServletContext.
Since it is impossible to imagine a single-threaded context in which these objects would be useful, one has to assume that they have been made thread-safe, even though the specification does not explicitly require this. Besides, if they required client-side locking, on what lock should the client code synchronize? The documentation doesn't say, and it seems absurd to guess. This “reasonable assumption” is further bolstered by the examples in the specification and official tutorials that show how to access ServletContext or HttpSession and do not use any client-side synchronization.