The new Certification Class of Learn Spring Security is out:


1. Overview

In this quick article, we’ll explore the build-in web request utils in Spring MVC – WebUtilsServletRequestUtils.

New Guide: Microservices with

Spring Boot and Spring Cloud

2. WebUtils and ServletRequestUtils

In almost all applications, we face situations where we need to fetch some parameters from an incoming HTTP request.

To do that, we had to create some really hectic code segments like:

HttpSession session = request.getSession(false);
if (session != null) {
    String foo = session.getAttribute("parameter");

String name = request.getParameter("parameter");
if (name == null) {
    name = "DEFAULT";

Using WebUtils and ServletRequestUtils, we can do it with a just one line of code.

To see how these utilities work, let’s create a simple web application.

3. Sample Pages

We need to create sample pages in order to be able to link the URLs. We would use Spring Boot and Thymeleaf as our template engine. We need to add required dependencies for them.

Let’s create a page with a simple form:

<form action="setParam" method="POST">
    <h3>Set Parameter:  </h3>
    <p th:text="${parameter}" class="param"/>
    <input type="text" name="param" id="param"/>
    <input type="submit" value="SET"/>
<a href="other">Another Page</a>

As we can see, we are creating a form for initiating the POST request.

There is also one link, which will forward users to the next page, where we will show the submitted parameter from the session attribute.

And let’s create a second page:

Parameter set by you: <p th:text="${parameter}" class="param"/>

4. Usage

Now that we’re done building the views, let’s create our controller and use ServletRequestUtils and fetch the request parameter:

public String post(HttpServletRequest request, Model model) {
    String param 
      = ServletRequestUtils.getStringParameter(
        request, "param", "DEFAULT");

    WebUtils.setSessionAttribute(request, "parameter", param);

    model.addAttribute("parameter", "You set: " + (String) WebUtils
      .getSessionAttribute(request, "parameter"));

    return "utils";

Note how we’re using the getStringParameter API in ServletRequestUtils to fetch the request parameter name param; a default value will be assigned to the request parameter if no value is coming into the controller.

And, of course, notice the setSessionAttribute API out of WebUtils used to set a value in the session attribute. We don’t need to explicitly check if a session already exists nor link in vanilla servlet. Spring will configure it on the fly.

In the same way, let’s create the other handler which would show following session attribute:

public String other(HttpServletRequest request, Model model) {
    String param = (String) WebUtils.getSessionAttribute(
      request, "parameter");
    model.addAttribute("parameter", param);
    return "other";

That’s all we need to create our application.

One quick point to note here is that ServletRequestUtils has some wonderful inbuilt features which will automatically typecast the request parameter based on our need.

Here’s how we can convert the request parameter to Long:

Long param = ServletRequestUtils.getLongParameter(request, "param", 1L);

Similarly, we can convert the request parameter to other types:

boolean param = ServletRequestUtils.getBooleanParameter(
  request, "param", true);

double param = ServletRequestUtils.getDoubleParameter(
  request, "param", 1000);

float param = ServletRequestUtils.getFloatParameter(
  request, "param", (float) 1.00);

int param = ServletRequestUtils.getIntParameter(
  request, "param", 100);

Another point to note is that ServletRequestUtils has another method getRequiredStringParameter(ServletRequest request, String name) for fetching the request parameter. The difference is that if the parameter is not found in the incoming request, it would throw ServletRequestBindingException. This might be useful when we need to play with critical data.

Below is a sample code snippet:

try {
    ServletRequestUtils.getRequiredStringParameter(request, "param");
} catch (ServletRequestBindingException e) {

We could also create one simple JUnit test case to test the application:

public void givenParameter_setRequestParam_andSetSessionAttribute() 
  throws Exception {
      String param = "testparam";
          .param("param", param)
          .sessionAttr("parameter", param))

5. Conclusion

In this article, we see that using WebUtils and ServletRequestUtils can greatly reduce plenty of boilerplate coding overhead. However, on the other hand, it certainly increases dependency on the Spring framework – which is something to keep in mind if that’s a concern.

As always, the source code is available over on GitHub.

Go deeper into Spring Security with the course: