Java and HTTP protocols

Source: Internet
Author: User
Tags microsoft iis

Introduction

HTTP (Hypertext Transfer Protocol) is a stateless, application-layer protocol based on request and response modes. It is often based on TCP connections. The main features of HTTP are:
1. Supports the customer/Server mode.
2. simple and fast: when a customer requests a service from the server, they only need to send the request method and path. Because the HTTP protocol is simple, the communication speed is fast.
3. Flexibility: HTTP allows transmission of any type of data objects. The type is marked by Content-Type.
4. No connection: Each connection processes only one request. After the customer's request is processed and the customer's response is received, the connection is closed. This method can save transmission time.
5. Stateless: stateless means that the Protocol has no memory for transaction processing.

Http1.0 is a non-persistent connection by default, and http1.1 is a persistent connection by default.

Non-persistent connection: each time the server sends an object, the corresponding TCP connection is closed, that is, each connection does not last until other objects can be transferred. Each TCP connection is used to transmit only one request message and one response message.

Persistent connection: After the server sends a response, the TCP connection continues to open. Subsequent requests and responses to the same client/server can be sent through this connection. The default HTTP/1.1 mode uses persistent connections with pipelines.

 

I,HTTPRequest for detailed protocol explanation

 

 //  Request Line  
Post/Reg. jsp HTTP/(CRLF)

// Message Header
Accept: image/GIF, image/X-xbitmap, image/JPEG, application/X-Shockwave-flash, application/vnd. MS-Excel, application/vnd. MS-PowerPoint, application/mswo RD ,*/* (CRLF)
Accept-language: ZH-CN (CRLF)
Accept-encoding: gzip, deflate (CRLF)
If-modified-since: Wed, 05 Jan 2007 11:21:25 GMT (CRLF)
If-None-Match: W/"80b1a4c018f3c41: 8317" (CRLF)
User-Agent: Mozilla/4.0 (compatible; msie6.0; Windows NT 5.0) (CRLF)
HOST: www.guet.edu.cn (CRLF)
Connection: keep-alive (CRLF)
(CRLF)

// Request body
User = Jeffrey & Pwd = 1234

The above are three HTTP requests:Request Line, message header, and request body.

 

The request line starts with a method symbol and is separated by spaces, followed by the requested URI and Protocol version. The format is as follows:

Method Request-Uri http-version CRLF
Method indicates the request method (such as post, get, put, and delete), request-Uri is a unified resource identifier, and HTTP-version indicates the HTTP protocol version of the request; CRLF indicates carriage return and line feed.

 

II,HTTPResponse to protocol details

//Status line
HTTP/1.1 200 OK (CRLF)

//Message Header
Cache-control:Private, Max-age = 30
Content-Type: text/html; charset = UTF-8
Content-encoding: Gzip
Expires: Mon, 25 May 2009 03:20:33 GMT
Last-modified: Mon, 25 May 2009 03:20:03 GMT
Vary: Accept-Encoding
Server: Microsoft-Microsoft IIS/7.0
X-ASPnet-version: 2.0.50727
X-powered-by: ASP. NET
Date: Mon, 25 May 2009 03:20:02 GMT
Content-Length: 12173

//Response body
Omitted

HTTP response is composed of three parts:Status line, message header, response body

The status line format is as follows:
HTTP-version status-code reason-phrase CRLF
HTTP-version indicates the HTTP protocol version of the server, and status-code indicates the response status sent back by the server.Code; Reason-phrase indicates the text description of the status code.

Common status codes, status descriptions, and descriptions:
200 OK // client request successful
400 bad request // The client request has a syntax error and cannot be understood by the server
401 unauthorized // The request is unauthorized. This status code must be used with the WWW-Authenticate header domain
403 Forbidden // The server receives the request but rejects the service.
404 Not found // The requested resource does not exist. For example, the incorrect URL is entered.
500 internal server error // unexpected Server Error
503 server unavailable // The server cannot process client requests currently and may return to normal after a period of time

 

III,HTTPMessage Headers for detailed agreement explanation

An HTTP message consists of a client-to-server request and a server-to-client response. The request message and Response Message are both from the start line (for the request message, the start line is the request line; for the response message, the start line is the status line), and the message header (optional ), empty line (only CRLF line), message body (optional.

HTTP message headers include common headers, request headers, response headers, and object headers. Each header field consists of the name + ":" + space + value. The name of the message header field is case-insensitive.

1. Request Header
The request header allows the client to send additional request information and client information to the server.

Common request headers

The accept request header field is used to specify the types of information the client accepts.
The accept-charset request header field is used to specify the character set accepted by the client.
The accept-encoding Request Header domain is similar to accept, but it is used to specify acceptable content encoding.
The accept-language Request Header domain is similar to accept, but it is used to specify a natural language.
The authorization request header domain is used to prove that the client has the right to view a resource.

The host request header field is used to specify the Internet host and port number of the requested resource. It is usually extracted from the http url. The User-Agent request header field allows the client to tell the server its operating system, browser, and other attributes.

2. Response Header

The Response Header allows the server to transmit additional response information that cannot be placed in the status line, as well as information about the server and the next access to the resource identified by the request-Uri.

Common Response Headers
The location response header field is used to redirect the receiver to a new location. Location response header fields are often used when domain names are changed.
The server response header contains the software information used by the server to process requests.

3. Object Header

Both request and response messages can be transmitted as an entity.

Common Object Headers
Content-encoding indicates the encoding of the additional content that has been applied to the Object Body.

The content-language object header field describes the natural language used by the resource.

The Content-Length object header field is used to specify the length of the Object Body, which is represented by a decimal number stored in bytes.
The Content-Type object header field specifies the media type of the Object Body sent to the recipient.
The last-modified object header field is used to indicate the last modification date and time of the resource.
The expires object header field specifies the response expiration date and time.

 

IV,Supplement

1. HTTP Content lenth restriction vulnerability resulting in DoS Attacks
When using the POST method, you can set contentlenth to define the length of the data to be transmitted, for example, contentlenth: 999999999. Before the transfer is complete, the internal storage will not be released. Attackers can exploit this vulnerability, send junk data to the Web server until the memory of the Web server is exhausted. This attack method basically does not leave any trace.
2. In order to improve the performance of browsers, modern browsers also support concurrent access. Multiple connections are established when you browse a Web page, in order to quickly obtain multiple icons on a web page, this can more quickly complete the transmission of the entire web page. Http1.1 provides this continuous connection method, while the next-generation HTTP protocol: HTTP-NG increases support for session control, rich content negotiation and other methods to provide more efficient connections.

 

V. Java uses http protocol for networking and download

URL request connection (get method)

String currenturl = "http://www.myWeb.com/login.jsp? Username = 'dev' & Password = 'mypassword' "; // URL? The following content is the body of the HTTP request
 
URL url =NewURL (currenturl );

Httpurlconnection = URL. openconnection ();
  // set the message header in the HTTP request.  
httpurlconnection. setrequestproperty ("User-Agent", commonvalues. user_agent);
httpurlconnection. setrequestproperty ("accept", commonvalues. accept);
httpurlconnection. setrequestproperty ("Accept-charset", commonvalues. accept_charset);
httpurlconnection. setrequestproperty ("Accept-language", commonvalues. accept_language);
httpurlconnection. setrequestproperty ("connection", commonvalues. connection);
httpurlconnection. setrequestproperty ("keep-alive", commonvalues. keep_alive);
httpurlconnection. setconnecttimeout (commonvalues. connectiontimeout);
httpurlconnection. setreadtimeout (commonvalues. readtimeout);
httpurlconnection. connect ();
int responsecode = httpurlconnection. getresponsecode ();
If (responsecode = httpurlconnection. http_ OK) // response code of the Status line in the HTTP Response
{
// Operation Request stream, which corresponds to the response body in the HTTP Response
}

If(Httpurlconnection! =Null)
{
Httpurlconnection. Disconnect ();
}

View POST method connection: http://www.cnblogs.com/devinzhang/archive/2012/01/17/2325092.html

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.