Detailed introduction of Java and HTTP protocol

Detailed introduction of Java and HTTP protocol

introduction

http (Hypertext Transfer Protocol) is a stateless, application layer protocol based on request and response mode, often based on TCP connection mode. The main features of HTTP protocol are: 1. Support client / server mode. 2. Simple and fast: when a client requests a service from the server, it only needs to transmit the request method and path. Due to the simple HTTP protocol, the communication speed is very fast. 3. Flexible: H TTP allows the transfer of any type of data object. Type is marked by content type. 4. No connection: only one request is processed for each connection. After processing the customer's request and receiving the customer's response, the connection is disconnected. In this way, the transmission time can be saved. 5. Stateless: stateless means that the protocol has no memory ability for transaction processing.

http1. 0 protocol defaults to non persistent connection, http1 1. The default connection mode is persistent connection.

Non persistent connection: each time the server sends an object, the corresponding TCP connection is closed, that is, each connection does not last until it can be used to transmit other objects. Each TCP connection is only used to transmit a request message and a response message.

Persistent connection: the server keeps the TCP connection open after sending a response. Subsequent requests and responses between the same pair of clients / servers can be sent through this connection. The default mode of HTTP / 1.1 uses persistent connections with pipelining.

1、 HTTP protocol explanation request

These are the three parts of HTTP request: request line, message header and request body.

The request line starts with a method symbol, separated by a space, followed by the requested URI and protocol version. The format is as follows:

Method request URI HTTP version CRLF, where method represents the request method (such as post, get, put, delete, etc.); Request URI is a uniform resource identifier; HTTP version indicates the HTTP protocol version of the request; CRLF means carriage return and line feed.

2、 HTTP protocol detailed response

The HTTP response is also composed of three parts: status line, message header and response body

The format of the status line is as follows:

Where HTTP version represents the version of the Server HTTP protocol; Status code indicates the response status code sent back by the server; Reason Phrase represents the text description of the status code.

Common status codes, status descriptions and descriptions:

200 OK. / / the client succeeds in requesting 400 bad request. / / there is a syntax error in the client request, which cannot be understood by the server. 401 unauthorized. / / the request is unauthorized. This status code must be used with the WWW authenticate header field. 403 Forbidden. / / the server receives the request, but the service is denied. 404 not found. / / the requested resource does not exist, Eg: an incorrect URL 500 internal server error is entered. / / an unexpected error occurs in the server. 503 server unavailable. / / the server is unable to process the client's request. It may return to normal after a period of time

3、 HTTP protocol detailed message header

HTTP messages consist of client to server requests and server to client responses. Both request message and response message are composed of start line (for request message, the start line is the request line; for response message, the start line is the status line), message header (optional), empty line (only CRLF line) and message body (optional).

HTTP message headers include normal headers, request headers, response headers, and entity headers. Each header field is composed of name + ":" + space + value. The name of the message header field is case independent.

1. Request header

The request header allows the client to pass the requested additional information and the client's own information to the server.

Common request headers

The accept request header field is used to specify which types of information the client accepts. The accept charset request header field is used to specify the character set accepted by the client. The accept encoding request header field is similar to accept, but it is used to specify an acceptable content encoding. The accept language request header field is similar to accept, but it is used to specify a natural language. The authorization request header field is mainly used to prove that the client has the right to view a resource.

The host request header field is mainly used to specify the Internet host and port number of the requested resource. It is usually extracted from the HTTP URL. The user agent request header domain allows the client to tell the server its operating system, browser, and other properties.

2. Response header

The response header allows the server to pass additional response information that cannot be placed in the status line, as well as information about the server and information about the next access to the resource identified by the request URI.

Common response headers

The location response header field is used to redirect the recipient to a new location. The location response header domain is often used when changing the domain name. The server response header field contains the software information used by the server to process the request

3. Entity header

Both request and response messages can be sent to an entity.

Common entity headers

Content encoding indicates the encoding of additional content that has been applied to the entity body.

The content language entity header field describes the natural language used by the resource.

The content length entity header field is used to indicate the length of the entity body, which is represented by decimal digits stored in bytes. The content type entity header field term indicates the media type of the entity body sent to the recipient. The last modified entity header field is used to indicate the last modified date and time of the resource. The expires entity header field gives the date and time when the response expires.

4、 Supplement

1. HTTP protocol content lenth restriction vulnerability leads to denial of service attack

When using the post method, you can set contentlength to define the length of data to be transmitted. For example, contentlength: 99999999. The memory will not be released before the transmission is completed. Attackers can use this defect to continuously send garbage data to the web server until the web server runs out of memory. This attack method basically leaves no trace.

2. In order to improve the performance of users when using the browser, modern browsers also support concurrent access. When browsing a web page, multiple connections are established at the same time, so as to quickly obtain multiple icons on a web page, so as to complete the transmission of the whole web page more quickly. HTTP1. 1 provides this way of continuous connection, and the next generation HTTP protocol: http-ng adds support for session control, rich content negotiation and other methods to provide more efficient connection.

V Java uses HTTP protocol to realize networking and downloading

URL request connection (get mode)

If you have any questions, please leave a message or go to the community of this site for exchange and discussion. Thank you for reading. I hope it can help you. Thank you for your support to this site!