HTTP Requests & Responses1 Servlets: HTTP Request Header Contents and Responses.

Slides:



Advertisements
Similar presentations
HTTP HyperText Transfer Protocol. HTTP Uses TCP as its underlying transport protocol Uses port 80 Stateless protocol (i.e. HTTP Server maintains no information.
Advertisements

HTTP – HyperText Transfer Protocol
Chapter 9 Application Layer, HTTP Professor Rick Han University of Colorado at Boulder
1 HTTP – HyperText Transfer Protocol Part 1. 2 Common Protocols In order for two remote machines to “ understand ” each other they should –‘‘ speak the.
CS320 Web and Internet Programming Handling HTTP Requests Chengyu Sun California State University, Los Angeles.
CS320 Web and Internet Programming Generating HTTP Responses
16-Jun-15 HTTP Hypertext Transfer Protocol. 2 HTTP messages HTTP is the language that web clients and web servers use to talk to each other HTTP is largely.
HTTP Hypertext Transfer Protocol. HTTP messages HTTP is the language that web clients and web servers use to talk to each other –HTTP is largely “under.
How the web works: HTTP and CGI explained
1 Web Search Interfaces. 2 Web Search Interface Web search engines of course need a web-based interface. Search page must accept a query string and submit.
Web, HTTP and Web Caching
1 CS6320 – Servlet Request and Response L. Grewe.
HTTP Overview Vijayan Sugumaran School of Business Administration Oakland University.
2/9/2004 Web and HTTP February 9, /9/2004 Assignments Due – Reading and Warmup Work on Message of the Day.
Hypertext Transport Protocol CS Dick Steflik.
Client, Server, HTTP, IP Address, Domain Name. Client-Server Model Client Bob Yahoo Server yahoo.com/finance.html A text file named finance.html.
CSC 2720 Building Web Applications Servlet – Getting and Setting HTTP Headers.
PL-IV- Group A HTTP Request & Response Header
Definition Servlet: Servlet is a java class which extends the functionality of web server by dynamically generating web pages. Web server: It is a server.
Network Protocols: Design and Analysis Polly Huang EE NTU
Web technologies and programming cse hypermedia and multimedia technology Fanis Tsandilas April 3, 2007.
COMP3016 Web Technologies Introduction and Discussion What is the Web?
Java Technology and Applications
HTTP Protocol Specification
FTP (File Transfer Protocol) & Telnet
HTTP Reading: Section and COS 461: Computer Networks Spring
CSC 2720 Building Web Applications Getting and Setting HTTP Headers (With PHP Examples)
1 Lecture #7-8 HTTP – HyperText Transfer Protocol HAIT Summer 2005 Shimrit Tzur-David.
CP476 Internet Computing Lecture 5 : HTTP, WWW and URL 1 Lecture 5. WWW, HTTP and URL Objective: to review the concepts of WWW to understand how HTTP works.
TCP/IP Protocol Suite 1 Chapter 22 Upon completion you will be able to: World Wide Web: HTTP Understand the components of a browser and a server Understand.
2: Application Layer1 CS 4244: Internet Software Development Dr. Eli Tilevich.
Rensselaer Polytechnic Institute Shivkumar Kalvanaraman, Biplab Sikdar 1 The Web: the http protocol http: hypertext transfer protocol Web’s application.
Maryam Elahi University of Calgary – CPSC 441.  HTTP stands for Hypertext Transfer Protocol.  Used to deliver virtually all files and other data (collectively.
© Janice Regan, CMPT 128, Jan 2007 CMPT 371 Data Communications and Networking HTTP 0.
J2EE training: 1 Course Material Usage Rules PowerPoint slides for use only in full-semester, for-credit courses at degree-granting.
Chapter 5 HTTP Request Headers. Content 1.Request headers 2.Reading Request Headers 3.Making a Table of All Request Headers 4.Sending Compressed Web Pages.
CS320 Web and Internet Programming Handling HTTP Requests Chengyu Sun California State University, Los Angeles.
1 Introductory material. This module illustrates the interactions of the protocols of the TCP/IP protocol suite with the help of an example. The example.
HTTP1 Hypertext Transfer Protocol (HTTP) After this lecture, you should be able to:  Know how Web Browsers and Web Servers communicate via HTTP Protocol.
CIS679: Lecture 13 r Review of Last Lecture r More on HTTP.
A Little Bit About Cookies Fort Collins, CO Copyright © XTR Systems, LLC A Little Bit About Cookies Instructor: Joseph DiVerdi, Ph.D., M.B.A.
1-1 HTTP request message GET /somedir/page.html HTTP/1.1 Host: User-agent: Mozilla/4.0 Connection: close Accept-language:fr request.
1 Handling the Client Request: HTTP Request Headers.
WWW: an Internet application Bill Chu. © Bei-Tseng Chu Aug 2000 WWW Web and HTTP WWW web is an interconnected information servers each server maintains.
2: Application Layer 1 Chapter 2: Application layer r 2.1 Principles of network applications  app architectures  app requirements r 2.2 Web and HTTP.
CITA 310 Section 2 HTTP (Selected Topics from Textbook Chapter 6)
HTTP How the Internet servers and clients communicate.
JS (Java Servlets). Internet evolution [1] The internet Internet started of as a static content dispersal and delivery mechanism, where files residing.
HTTP Here, we examine the hypertext transfer protocol (http) – originally introduced around 1990 but not standardized until 1997 (version 1.0) – protocol.
Summer 2007 Florida Atlantic University Department of Computer Science & Engineering COP 4814 – Web Services Dr. Roy Levow Part 1 – Introducing Ajax.
5 th ed: Chapter 17 4 th ed: Chapter 21
Servlets 4 Lec 30 Web Design and Development. Looking Back… Response Redirection  Sending a standard redirect  Sending a redirect to an error page Request.
Overview of Servlets and JSP
HTTP protocol Java Servlets. HTTP protocol Web system communicates with end-user via HTTP protocol HTTP protocol methods: GET, POST, HEAD, PUT, OPTIONS,
LURP Details. LURP Lab Details  1.Given a GET … call a proxy CGI script in the same way you would for a normal CGI request  2.This UDP perl.
Data Communications and Computer Networks Chapter 2 CS 3830 Lecture 7 Omar Meqdadi Department of Computer Science and Software Engineering University of.
COMP2322 Lab 2 HTTP Steven Lee Jan. 29, HTTP Hypertext Transfer Protocol Web’s application layer protocol Client/server model – Client (browser):
The OWASP Foundation OWASP Education Computer based training The Basics Nishi Kumar IT Architect Specialist, FIS Chair, Software Security.
© Janice Regan, CMPT 128, Jan 2007 CMPT 371 Data Communications and Networking HTTP 0.
Hypertext Transfer Protocol (HTTP) COMP6218 Web Architecture Dr Nicholas Gibbins –
Servlets: HTTP Request Header Contents and Responses
Web Development Web Servers.
HTTP Protocol Specification
HTTP Protocol.
HTTP request message two types of HTTP messages: request, response
Generating the Server Response: HTTP Status Codes
Servlets: Servlet / Web Browser Communication II
CS320 Web and Internet Programming Cookies and Session Tracking
Kevin Harville Source: Webmaster in a Nutshell, O'Rielly Books
CSCI-351 Data communication and Networks
Presentation transcript:

HTTP Requests & Responses1 Servlets: HTTP Request Header Contents and Responses

HTTP Requests & Responses2 Road Map Recap and Overview Reading HTTP Request Headers Generating the Server Response Case Study 1: Search Engines Case Study 2: Basic Web Security Restricting by User Name/Password

HTTP Requests & Responses3 Recap and Overview

HTTP Requests & Responses4 Overview Interaction between browser and web server. Web Browser Web Server Request Response

HTTP Requests & Responses5 Client Request Data When a user submits a browser request to a web server, it sends two categories of data: Form Data: Data that the user explicitly typed into an HTML form. For example: registration information. HTTP Request Header Data: Data that is automatically appended to the HTTP Request from the client. For example: cookies, browser type, etc,

HTTP Requests & Responses6 Reading HTTP Request Headers

HTTP Requests & Responses7 Sample HTTP Request A sample HTTP Request to Yahoo.com GET / HTTP/1.1 Accept: */* Accept-Language: en-us Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt) Host: Connection: Keep-Alive Cookie: B=2td79o0sjlf5r&b=2 Tip: Check out:

HTTP Requests & Responses8 Accessing HTTP Headers As in the SnoopServlet Example: To access any of these Headers, use the HTTPServletRequest getHeader() method. For example: String connection = req.getHeader(“Connection”); To retrieve a list of all the Header Names, use the getHeaderNames() method. getHeaderNames() returns an Enumeration object. For example: Enumeration enum = req.getHeaderNames();

HTTP Requests & Responses9 Additional HTTP Information getMethod() Indicates the request method, e.g. GET or POST. getRequestURI() Returns the part of the URL that comes after the host and port. For example, for the URL: the request URI would be /servlet/search. getProtocol() Returns the protocol version, e.g. HTTP/1.0 or HTTP/1.1

HTTP Requests & Responses10 Reading Browser Types The User-Agent HTTP header indicates the browser and operating system. For example: user-agent Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) You can use this header to differentiate browser types or simply log browser requests.

HTTP Requests & Responses11 Example User-Agents Internet Explorer: user-agent Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Mozilla Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/ For strange historical reasons, IE identifies itself as “Mozilla”

HTTP Requests & Responses12 Generating the Server Response

HTTP Requests & Responses13 Sample HTTP Response As a refresher, here’s a sample HTTP response: HTTP/ OK Date: Mon, 06 Dec :54:26 GMT Server: Apache/1.3.6 (Unix) Last-Modified: Fri, 04 Oct :06:11 GMT Content-length: 327 Connection: close Content-type: text/html Sample Homepage Welcome Hi there, this is a simple web page. Granted, it may…

HTTP Requests & Responses14 Generating Responses Servlets can return any HTTP response they want. Useful for lots of scenarios: Redirecting to another web site. Restricting access to approved users. Specifying content-type other than text/html. Return images instead of HTML.

HTTP Requests & Responses15 Setting the HTTP Status Code Normally, your Servlet will return an HTTP Status code of: 200 OK to indicate that everything went fine. To return a different status code, use the setStatus() method of the HttpServletResponse object. Be sure to set the status code before sending any document content to the client.

HTTP Requests & Responses16 Using setStatus() setStatus takes an integer value. But, it’s best to use the predefined integers in the HttpServletResponse. Here are a few: SC_BAD_REQUEST Status code (400) indicating the request sent by the client was syntactically incorrect. SC_FORBIDDEN Status code (403) indicating the server understood the request but refused to fulfill it. SC_INTERNAL_SERVER_ERROR Status code (500) indicating an error inside the HTTP server which prevented it from fulfilling the request. SC_NOT_FOUND Status code (404) indicating that the requested resource is not available.

HTTP Requests & Responses17 Sending Redirects You can redirect the browser to a different URL by issuing a Moved Temporarily Status Code: SC_MOVED_TEMPORARILY: Status code (302) indicating that the resource has temporarily moved to another location. SC_MOVED_TEMPORARILY Because this is so common, the HttpServletResponse interface also has a sendRedirect() method. Example: res.sendRedirect( “

HTTP Requests & Responses18 Example: Search Engines

HTTP Requests & Responses19 Multiple Search Engines SearchEngines Servlet Enables users to submit a search query to one of four search engines. Google AllTheWeb Yahoo AltaVista, etc. The code exploits the HTTP Response Header to redirect the user to the correct search engine.

HTTP Requests & Responses20 Architecture Web Browser SearchEngines Servlet “I want to search for Bill Gates on Google” “Go to Google” Google “I want to search for Bill Gates on Google” “Your results…”

HTTP Requests & Responses21 SearchSpec.java The SearchSpec object contains information about connecting to a specific search engine public String makeURL (String searchString, String numResults) You provide this method with a search string and the number of results, and it returns the URL and search query specific to Google, Yahoo, HotBot, etc. Class is contained in SearchEngines.java on acad

HTTP Requests & Responses22 SearchUtilities.java The SearchUtilities.java code has an array of SearchSpec objects: one for Google, one for Yahoo, etc. It also provides a makeUrl method…

HTTP Requests & Responses23 SearchEngines.java The main servlet code. This code: Extracts the searchEngine parameter. If no such parameter exists, it sends an HTTP Error. Otherwise, it calls SearchUtilities to construct the correct URL. Finally, it redirects the user to this new URL.

HTTP Requests & Responses24 Example: Basic Web Security

HTTP Requests & Responses25 HTTP Authentication The HTTP Protocol Includes a built-in authentication mechanism. Useful for protecting web pages or servlets that require user name / password access. First, let’s examine the basic mechanism and the HTTP Headers involved. Then, let’s figure out how to build a servlet that exploits this mechanism.

HTTP Requests & Responses26 Basic Authentication 1) If a web page is protected, the Web Server will issue an authentication “challenge”: HTTP/ Authorization Required Date: Sun, 27 Aug :51:25 GMT Server: Apache/ (Unix) ApacheJServ/1.1 PHP/4.0.0 mod_ssl/2.6.6 OpenSSL/0.9.5a WWW-Authenticate: BASIC realm="privileged-few" Keep-Alive: timeout=90, max=150 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html

HTTP Requests & Responses27 WWW-Authenticate: BASIC realm=“realm" When you issue a return status code of 401, “Authorization Required”, you need to tell the browser what type of authentication is required. You do this via the WWW-Authenticate Header. This header has two parameters: BASIC: Basic authorization requiring user name and password. Realm: you can create multiple “realms” of authentication for different users, e.g. “Admin”, “User”, “Super_User”, etc. WWW-Authenticate

HTTP Requests & Responses28 Basic Authentication Cont. 2) Upon receiving an authentication challenge, the browser will prompt the user with a pop-up box requesting the user name and password. 3) Browser takes the “username:password” from the user and encrypts it using the Base 64 Encoding Algorithm. For example: if the string is “marty:martypd”, the Base 64 string is “bWFydHk6bWFydHlwdw==” We will not cover the details of Base 64, but remember that Base 64 is easy to decode. Therefore, even if your page is protected, someone can easily intercept your Base 64 string and decode it.

HTTP Requests & Responses29 Basic Authentication Cont. 4) The browser reissues the request for the page. In the HTTP request, the browser indicates the Authorization string: GET /servlet/coreservlets.ProtectedPage HTTP/1.1 Accept: image/gif, */* Accept-Language: en-us Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt) Host: Connection: Keep-Alive Authorization: Basic bWFydHk6bWFydHlwdw==

HTTP Requests & Responses30 Basic Authentication Cont. 5. Web Server checks the user name and password. If User Name/Password is correct, web server displays the protected page. If the User Name/Password is incorrect, web server issues a second authentication challenge.

HTTP Requests & Responses31 Almost there… Before we examine the actual servlet code, there are two pieces of Java coding we need to examine: sun.misc.BASE64Decoder. java.util.Properties

HTTP Requests & Responses32 Base 64 Encoding Sun provides a class called: sun.misc.BASE64Decoder. You can use the decodeBuffer() method to decode the Base 64 String sent from the user: String userInfo = “bWFydHk6bWFydHlwdw==” BASE64Decoder decoder = new BASE64Decoder(); String nameAndPassword = new String(decoder.decodeBuffer(userInfo)); After this code, nameAndPassword will be set to “marty:martypd”

HTTP Requests & Responses33 java.util.Properties A utility class for reading in property files. For example, suppose you have the following password.properties file: #Passwords #Sat Aug 26 11:15:42 EDT 2000 nathan=nathanpw marty=martypw lindsay=lindsaypw bj=bjpw

HTTP Requests & Responses34 java.util.Properties You can easily and automatically load the password file and parse its contents: passwordFile = "passwords.properties"; passwords = new Properties(); passwords.load(new FileInputStream(passwordFile)); Then, you can extract the password for a specific user name: String password = properties.getProperty ("marty“);

HTTP Requests & Responses35 ProtectedPage.java Here’s how the Servlet Works: 1)Initialization: Read in a Password file of valid user names and passwords. 2)Check for the HTTP Authorization Header. 3)Decode the Authorization Header using Base 64 to obtain user name and password. 4)Check the User Name and Password against the valid names list. If valid, show protected page. Else, issue another authentication challenge.

HTTP Requests & Responses36 Form Authentication System BASE64 not secure Need secure solution! Use HTML form Example: FormAuthenticate Access of servlet attempts to access protected data User redirected to login form web page Example takes any combination Once authenticated, redirected to desired page Session object used to store desired destination during login diversion

HTTP Requests & Responses37 Summary Lots of hidden HTTP data, including headers and cookies are sent from browser to the server. HTTP Header data can also be sent from server to the browser, e.g. error codes, redirection codes, etc.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.