the http protocol the http protocol
play

The HTTP Protocol The HTTP Protocol How to write servers and - PowerPoint PPT Presentation

Objectives Objectives How the HTTP protocol works An Introduction An Introduction to XML and Web Technologies to XML and Web Technologies The SSL security extension from a programmer's point of view The HTTP Protocol The HTTP Protocol


  1. Objectives Objectives � How the HTTP protocol works An Introduction An Introduction to XML and Web Technologies to XML and Web Technologies � The SSL security extension from a programmer's point of view The HTTP Protocol The HTTP Protocol � How to write servers and clients in Java Anders Møller & Michael I. Schwartzbach  2006 Addison-Wesley An Introduction to XML and Web Technologies 2 HTTP Network Layers HTTP Network Layers OUR APPLICATIONS THE APPLICATION LAYER HTTP, FTP, SMTP, DNS THE TRANSPORT LAYER TCP, UDP THE INTERNET LAYER IP � HTTP: HyperText Transfer Protocol � Client-Server model Ethernet THE NETWORK INTERFACE LAYER � Request-Response pattern An Introduction to XML and Web Technologies 3 An Introduction to XML and Web Technologies 4 1

  2. IP TCP IP TCP � IP: Internet Protocol � TCP: Transmission Control Protocol � Layer on top of IP � Unreliable communication of limited size data packets (datagrams) � Data is transmitted in streams � IP addresses (e.g. 165.193.130.107) identify � Reliability ensured by retransmitting lost datagrams, reordering, etc. machines � Connection-oriented � Handles routing using the underlying physical • establish connection between client and server network (e.g. Ethernet) • data streaming in both directions • close connection � Socket : end point of connection, associated a pair of (IP address, port number ) An Introduction to XML and Web Technologies 5 An Introduction to XML and Web Technologies 6 HTTP HTTP Requests HTTP HTTP Requests GET /search?q=Introduction+to+XML+and+Web+Technologies HTTP/1.1 � HTTP: HyperText Transfer Protocol Host: www.google.com � Layer on top of TCP User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.2) Gecko/20040803 � Request and response sent using TCP streams Accept: text/xml,application/xml,application/xhtml+xml, text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: da,en-us;q=0.8,en;q=0.5,sw;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://www.google.com/ � Request line (methods: GET, POST, ...) � Header lines � Request body (empty here) An Introduction to XML and Web Technologies 7 An Introduction to XML and Web Technologies 8 2

  3. HTTP Responses Status Codes HTTP Responses Status Codes � 200 OK HTTP/1.1 200 OK Date: Fri, 17 Sep 2009 07:59:01 GMT � 301 Moved Permanently Server: Apache/2.0.50 (Unix) mod_perl/1.99_10 Perl/v5.8.4 mod_ssl/2.0.50 OpenSSL/0.9.7d DAV/2 PHP/4.3.8 mod_bigwig/2.1-3 � 400 Bad Request Last-Modified: Tue, 24 Feb 2009 08:32:26 GMT ETag: "ec002-afa-fd67ba80" � 401 Unauthorized Accept-Ranges: bytes � 403 Forbidden Content-Length: 2810 Content-Type: text/html � 404 Not Found <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> � 500 Internal Server Error <html>...</html> � 503 Service Unavailable � Status line � ... � Header lines � Response body An Introduction to XML and Web Technologies 9 An Introduction to XML and Web Technologies 10 HTML Forms Encoding of Form Data HTML Forms Encoding of Form Data <h3>The Poll Service</h3> Name Value <form form ac acti tion on="http://freewig.brics.dk/users/laudrup/soccer.jsp“ bet other country method method="post"> Who wins the World Cup 2006? email zacharias_doe@notmail.com <select name="be bet"> send Go! <option value="br">Brazil!</option> <option selected value="dk">Denmark!</option> � Encoding to query string (URL encoding): <option value="other country">someone else?</option> </select><br> Please enter your email address: bet=other+country&email=zacharias_doe%40no <input type="text" name="email email"><br> tmail.com&send=Go%21 <input type="submit" name="send send" value="Go!"> </form> � GET: place query string in request URI http://.../soccer.jsp?be ?bet= t=ot othe her+ r+co coun untr try. y... .. � POST: place query string in request body An Introduction to XML and Web Technologies 11 An Introduction to XML and Web Technologies 12 3

  4. GET vs. POST? Authentication GET vs. POST? Authentication � The client should not be held responsible for the � Restricting access to authorized users consequences of a GET request • useful for retrieving data, � Common techniques: not for submitting orders to an online shop • IP-address � Limits on request URI length • Form (with username/password fields) � POST allows other encodings (e.g. for file upload) • HTTP Basic � Cachability • HTTP Digest An Introduction to XML and Web Technologies 13 An Introduction to XML and Web Technologies 14 HTTP Basic Authentication Advanced Features in HTTP HTTP Basic Authentication Advanced Features in HTTP � Challenge: � Cache control HTTP/1.1 401 Authorization Required � Range requests WWW-Authenticate: Basic realm="The Doe Family Site" � Persistent connections, pipelining � Response: � ... Authorization: Basic emFjaGFyaWFzOmFwcGxlcGllCg== An Introduction to XML and Web Technologies 15 An Introduction to XML and Web Technologies 16 4

  5. Cache Control Range Requests Cache Control Range Requests � Caches used in clients, servers, and network � Caches used in clients, servers, and network � Range: bytes=387- (proxy servers, content delivery networks) (proxy servers, content delivery networks) � 206 Partial Content � Cache-Control: � Cache-Control never cache this message • no-store • no-store may cache but need revalidation • no-cache • no-cache • public may cache • public intended for single user • private • private set expiration • max-age • max-age require revalidation • must-revalidate • must-revalidate � HTTP/1.0: Expires: Thu, 01 Jan 1970 00:00:00 GMT Pragma: no-cache An Introduction to XML and Web Technologies 17 An Introduction to XML and Web Technologies 18 Persistent Connections Limitations of HTTP Persistent Connections Limitations of HTTP � Multiple request-response pairs on a single TCP � Stateless , no built-in support for tracking clients connection (session management) • Content-Length (now important!) • Connection: close (persistent by default in HTTP/1.1) � No built-in security mechanisms • Connection: keep-alive (compatibility) • Keep-Alive: 300 (control timeout, compatibility) � Pipelining • send multiple requests before receiving the responses • fewer TCP/IP packets • only for idempotent requests (e.g. GET) • supported by newer browsers An Introduction to XML and Web Technologies 19 An Introduction to XML and Web Technologies 20 5

  6. Session Management Cookies Session Management Cookies � Extension of HTTP that allows servers to store data Techniques on the clients • limited size and number • URL rewriting • may be disabled by the client • Hidden form fields • Cookies � Set-Cookie: sessionid=21A9A8089C305319; path=/ • SSL sessions � Cookie: sessionid=21A9A8089C305319 An Introduction to XML and Web Technologies 21 An Introduction to XML and Web Technologies 22 Security SSL Security SSL Desirable properties: � SSL: Secure Sockets Layer � confidentiality � TLS: Transport Layer Security (newer version) � integrity SSL/TLS � authenticity � Layer between HTTP and TCP, accessed by https://... � non-repuditation � Based on public-key cryptography • private key + public key • certificate (usually for server authentication only) An Introduction to XML and Web Technologies 23 An Introduction to XML and Web Technologies 24 6

  7. Web Programming with Java TCP/IP: DomainName2IPNumbers Web Programming with Java TCP/IP: DomainName2IPNumbers DomainName2IPNumbers DomainName2IPNumbers Why Java? import java.net.*; import java.ne t.*; � platform independence public class DomainName2IPNumbers { � safe runtime model public static void main(String[] args) { � multi-threading try { � sandboxing InetAddress[] a = InetAddress.getAll InetAddress.getAllByName ByName(args[0]); for (int i = 0; i<a.length; i++) � Unicode System.out.println(a[i].getHostAdd getHostAddress ress()); � serialization, dynamic class loading } catch (UnknownHostExce UnknownHostException ption e) { � powerful standard libraries System.out.println("Unknown host!"); } • java.net java DomainName2IPNumbers www.google.com } • java.nio.channels } 66.102.9.104 • javax.net.ssl 66.102.9.99 An Introduction to XML and Web Technologies 25 An Introduction to XML and Web Technologies 26 TCP/IP: SimpleServer SimpleServer (1/2) (1/2) TCP/IP: SimpleServer SimpleServer (2/2) (2/2) TCP/IP: TCP/IP: SimpleServer SimpleServer SimpleServer SimpleServer import java.net.*; StringBuffer msg = new StringBuffer(); import java.io.*; int c; while ((c = in.read())!=0) public class SimpleServer { msg.append((char)c); public static void main(String[] args) { PrintWriter out = try { new PrintWriter(con.getOutputStr getOutputStream eam()); ServerSocket ss = out.print("Simon says: "+msg); new ServerSocket ServerSocket(Integer.parseInt(args[0])); out.flush(); while (true) { con.close(); Socket con = ss.accept accept(); } InputStreamReader in = } catch (IOException e) { new InputStreamReader(con.getInp getInputStream utStream()); e.printStackTrace(); } } } An Introduction to XML and Web Technologies 27 An Introduction to XML and Web Technologies 28 7

Recommend


More recommend