Servlet线程不安全问题及解决办法

Servlet安全性问题

当用户发送Http请求的时候,tomcat会读取web.xml中的内容,加载所定义的Servlet并实例化该Servlet.Servlet只实例化一次,tomcat中Servlet是单例的.同一个Servlet可以同时处理多个用户请求,比如同时有两个用户A和用户B登录时,会启动两个负责登录的Servlet线程,并且触发Service方法才处理请求.所以在Servlet处理共享数据的时候,会出现线程安全问题.

举例

import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@WebServlet(name = "ThreadServlet", urlPatterns = {"/ThreadServlet"})
public class ThreadServlet extends HttpServlet {
//共享数据
private int count=0;

protected void doPost(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
this.doGet(request, response);
}

protected void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=utf-8");
PrintWriter out = response.getWriter();
String threadName =  Thread.currentThread().getName();
for (int i = 0; i < 1000; i++) {
System.out.println(threadName+"  Count:"+count);
try {
Thread.sleep(100);
count ++;
} catch (InterruptedException e) {
e.printStackTrace();
}
}
}
}

部分输出:

http-nio-8080-exec-5  Count:5027
http-nio-8080-exec-4  Count:5028
http-nio-8080-exec-7  Count:5029
http-nio-8080-exec-3  Count:5030
http-nio-8080-exec-6  Count:5032
http-nio-8080-exec-8  Count:5032
http-nio-8080-exec-5  Count:5033

可以看出,出现了数据错误.

解决办法

尽量使用局部变量

使用全局变量会出现线程安全问题,所以我们可以尽量使用局部变量.在Servlet中,负责保存上下文ServletContext和负责处理Session对象的HttpSession是线程不安全的,而负责处理请求的ServletRequest是线程安全的.

加锁

用synchronized进行保护,但是要尽量的缩小保护范围.

protected void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=utf-8");
PrintWriter out = response.getWriter();
String threadName =  Thread.currentThread().getName();
synchronized (this){
for (int i = 0; i < 1000; i++) {
System.out.println(threadName+"  Count:"+count);
try {
Thread.sleep(100);
count ++;
} catch (InterruptedException e) {
e.printStackTrace();
}
}
}
}

ThreadLocal

ThreadLocal为每一个线程提供一个变量副本,线程之前该变量是独立的.可以通过ThreadLocal解决Servlet单例线程不安全问题.

package com.liushiyao.servlet.thread;

import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/*
使用ThreadLocal的解决Servlet线程安全问题

Servlet:单例多线程,线程不安全
ThreadLocal:为每个线程复制一个变量副本,线程之间数据不共享

*/
@WebServlet(name = "ThreadLocalLocalServlet",urlPatterns = "/ThreadLocalServlet")
public class ThreadLocalServlet extends HttpServlet{

//使用ThreadLocal,为每个线程创建一个变量副本
private ThreadLocal threadLocal = new ThreadLocal(){
@Override
protected Object initialValue() {
return new Integer(0);
}
};

@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
resp.setContentType("text/html;charset=utf-8");
PrintWriter out = resp.getWriter();
String threadName =  Thread.currentThread().getName();
for (int i = 0; i < 1000; i++) {
System.out.println(threadName+"  Count:"+threadLocal.get());
try {
Thread.sleep(100);
int count = ((Integer)(threadLocal.get())).intValue();
count ++;
threadLocal.set(count);
} catch (InterruptedException e) {
e.printStackTrace();
}
}
}

@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
super.doPost(req, resp);
}
}