Martin Kruliš 30. 4. 2015 by Martin Kruliš (v1.0)1.

Slides:



Advertisements
Similar presentations
Hypertext Transfer PROTOCOL ----HTTP Sen Wang CSE5232 Network Programming.
Advertisements

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 22 World Wide Web and HTTP.
CCNA – Network Fundamentals
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Rensselaer Polytechnic Institute CSCI-4220 – Network Programming David Goldschmidt, Ph.D.
Hypertext Transfer Protocol Kyle Roth Mark Hoover.
Definitions, Definitions, Definitions Lead to Understanding.
Gursharan Singh Tatla Transport Layer 16-May
Chapter 6 DOJO TOOLKITS. Objectives Discuss XML DOM Discuss JSON Discuss Ajax Response in XML, HTML, JSON, and Other Data Type.
Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.
Process-to-Process Delivery:
CIS679: RTP and RTCP r Review of Last Lecture r Streaming from Web Server r RTP and RTCP.
Martin Kruliš by Martin Kruliš (v1.0)1.
WebSockets [intro].
Rensselaer Polytechnic Institute CSCI-4220 – Network Programming David Goldschmidt, Ph.D.
Ajax (Asynchronous JavaScript and XML). AJAX  Enable asynchronous communication between a web client and a server.  A client is not blocked when an.
10 May 2007 HTTP - - User data via HTTP(S) Andrew McNab University of Manchester.
Comp2513 Forms and CGI Server Applications Daniel L. Silver, Ph.D.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
CSCI 6962: Server-side Design and Programming Introduction to AJAX.
Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 12 Electronic Mail.
ASP.NET + Ajax Jesper Tørresø ITNET2 F08. Ajax Ajax (Asynchronous JavaScript and XML) A group of interrelated web development techniques used for creating.
 TCP/IP is the communication protocol for the Internet  TCP/IP defines how electronic devices should be connected to the Internet, and how data should.
Simple Web Services. Internet Basics The Internet is based on a communication protocol named TCP (Transmission Control Protocol) TCP allows programs running.
JavaScript, Fourth Edition Chapter 12 Updating Web Pages with AJAX.
JavaScript, Fourth Edition
Web HTTP Hypertext Transfer Protocol. Web Terminology ◘Message: The basic unit of HTTP communication, consisting of structured sequence of octets matching.
Electronic Mail. Client Software and Mail Hosts –Client PC has client software that communicates with user’s mail host –Mail hosts deliver.
Chapter 8 Cookies And Security JavaScript, Third Edition.
TCP/IP Transport and Application (Topic 6)
Internet Protocol B Bhupendra Ratha, Lecturer School of Library and Information Science Devi Ahilya University, Indore
1 Welcome to CSC 301 Web Programming Charles Frank.
1 82 nd IETF meeting NETCONF over WebSocket ( ) Tomoyuki Iijima, (Hitachi) Hiroyasu Kimura,
HTML5 Websockets Norman White Websockets The HTTP protocol is not designed for a continuous connection between the client and the server, but rather.
CS 3830 Day 9 Introduction 1-1. Announcements r Quiz #2 this Friday r Demo prog1 and prog2 together starting this Wednesday 2: Application Layer 2.
TCP/IP (Transmission Control Protocol / Internet Protocol)
Operating Systems Lesson 12. HTTP vs HTML HTML: hypertext markup language ◦ Definitions of tags that are added to Web documents to control their appearance.
Web Technologies Lecture 1 The Internet and HTTP.
Front end (user interfaces) Facilitating the user‘s interaction with the SandS services and processes I. Mlakar, D. Ceric, A. Lipaj Valladolid, 17/12/2014.
ISDS 4120 Project 1 DWAYNE CARRAL JR 3/27/15. There are seven layers which make up the OSI (Open Systems Interconnection Model) which is the model for.
ASP-2-1 SERVER AND CLIENT SIDE SCRITPING Colorado Technical University IT420 Tim Peterson.
Overview of Servlets and JSP
Computer Network Architecture Lecture 6: OSI Model Layers Examples 1 20/12/2012.
Web Technology (NCS-504) Prepared By Mr. Abhishek Kesharwani Assistant Professor,UCER Naini,Allahabad.
Simple Web Services. Internet Basics The Internet is based on a communication protocol named TCP (Transmission Control Protocol) TCP allows programs running.
JavaScript, Sixth Edition Chapter 11 Updating Web Pages with Ajax.
JavaScript and Ajax Week 10 Web site:
Keith Telle Lead Software Engineer Bit Wizards Behind the Magic: SignalR Demystified.
National College of Science & Information Technology.
Research of Web Real-Time Communication Based on WebSocket
Chapter 3 outline 3.1 Transport-layer services
How HTTP Works Made by Manish Kushwaha.
CS5220 Advanced Topics in Web Programming Introduction to WebSocket
Hypertext Transfer Protocol
Not a Language but a series of techniques
World Wide Web policy.
Advanced Communication in Web Technologies
Websocket Application
XMLHttp Object.
WebSocket: Full-Duplex Solution for the Web
WEB API.
Building real-time web apps with HTML5 WebSockets
CSE 154 Lecture 22: AJAX.
Process-to-Process Delivery:
Introduction to HTML5 and WebSockets.
Web Socket Server (using node.js)
JavaScript & jQuery AJAX.
Chengyu Sun California State University, Los Angeles
Chengyu Sun California State University, Los Angeles
Part II Application Layer.
Presentation transcript:

Martin Kruliš by Martin Kruliš (v1.0)1

 Hyper-Text Transfer Protocol ◦ Simple textual-based protocol ◦ Designed for data retrieval  Also allows data uploads and modification requests ◦ Completely stateless  Each request treated independently  Cookies extension allows limited session management ◦ Client initiated  Server cannot push data to the clients by Martin Kruliš (v1.0)2

 Asynchronous JavaScript and XML ◦ A technique that combines three technologies  JavaScript  Asynchronous HTTP client API integrated in browser  XML or other semi-structured data format ◦ Script invokes HTTP transfer and provide callbacks  Both GET and POST requests are supported ◦ The callback is invoked asynchronously  At the conclusion of the HTTP transfer  It may process the returned data (e.g., update the contents of the web page) by Martin Kruliš (v1.0)3

 XMLHttpRequest Object var httpReq = new XMLHttpRequest(); httpReq.open("GET", "index.php?ajax=1", true); httpReq.onreadystatechange = function() { if (httpReq.readyState != 4) return; if (httpReq.status == 200) processResponse(httpReq.responseText); else handleError(httpReq.status); } httpReq.send(); by Martin Kruliš (v1.0)4

 More Advanced Features ◦ Managing headers  setRequestHeader(), getResponseHeader() ◦ Advanced response representation  Support for array buffers, blobs, and JSON data ◦ Easier way to send request content  Support for blobs  Special FormData API  Assembling a form-like request (including file uploads) ◦ Events  onload, onerror, onabort, ontimeout, onloadend, … by Martin Kruliš (v1.0)5

 Same Origin Security Policy ◦ Safety precaution implemented by browsers  AJAX requests must target the same domain ◦ Sometimes accessing other domains is required  Cross-Origin Requests ◦ Browser adds Origin header to the request ◦ If the request is allowed, the server adds header Access-Control-Allow-Origin in response by Martin Kruliš (v1.0)6

 Comet by Martin Kruliš (v1.0)7 Client (Browser) Web Server timeout event Client starts asynchronous HTTP Request Server postpones the response if there is nothing to report After timeout, an empty response is sent Client immediately issues a new request Reportable event occurs Event notification is sent Client processes the event and issues another request …

 Server Messages ◦ Extension of the idea implemented by Comet ◦ Special protocol  HTTP response with text/event-stream content type  Continuous stream containing separate events data: transmitted data event: custom-event data: data for the custom event ◦ Simple client API var evSource = new EventSource("msg.php"); evtSource.onmessage = function(e) { e.data … } by Martin Kruliš (v1.0)8 Example 1

 Extension of HTTP(S) Protocols ◦ Two way communication ◦ Persistent connections ◦ Layered over TCP or SSL/TLS connection  Protocol Properties ◦ Defined in detail in RFC 6455 ◦ Handshake is compatible with HTTP handshake ◦ Simple message-based communication  User can specify custom sub-protocols (i.e., the contents and semantics of the messages) by Martin Kruliš (v1.0)9

 Handshake ◦ The connection is initiated by a HTTP request, which is a HTTP-upgrade request GET /chat HTTP/1.1 Host: server.example.com Upgrade: websocket Connection: Upgrade Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ== Origin: Sec-WebSocket-Protocol: chat, superchat Sec-WebSocket-Version: by Martin Kruliš (v1.0)10 The “upgrade” request Security things WebSocket specific information

 Handshake ◦ The server may respond by any HTTP-valid code  E.g. 404 if the URI is not valid or by 3xx redirection  It may also include things like auth-tokens, cookies… ◦ Upgrade acceptation looks as follows HTTP/ Switching Protocols Upgrade: websocket Connection: Upgrade Sec-WebSocket-Accept: s3pPLMBiTxaQ9kYGz... Sec-WebSocket-Protocol: chat by Martin Kruliš (v1.0)11 Upgrade confirmation Security verification Accepted subprotocol

 Frame Format by Martin Kruliš (v1.0)12 Ctrl. bitsOp. Code LengthExtended Length (if length > 125) Payload Data Mask Extended Length (if length == 127) Masking Key (if mask == 1) Masking Key (continuation)

 Frame Format by Martin Kruliš (v1.0)13 Ctrl. bitsOp. Code LengthExtended Length (if length > 125) Payload Data Mask Extended Length (if length == 127) Masking Key (if mask == 1) Masking Key (continuation) Control Bits 0. – Final fragment of a message Reserved (set to 0) Control Bits 0. – Final fragment of a message Reserved (set to 0) Opcode (type of payload) x0 – Continuation frame x1 - Text Frame (UTF8) x2 – Binary Frame x3-x7 – Reserved (non control) x8 – Connection Close x9 – Ping xA – Pong xB-xF – Reserved (control) Opcode (type of payload) x0 – Continuation frame x1 - Text Frame (UTF8) x2 – Binary Frame x3-x7 – Reserved (non control) x8 – Connection Close x9 – Ping xA – Pong xB-xF – Reserved (control)

 Frame Format by Martin Kruliš (v1.0)14 Ctrl. bitsOp. Code LengthExtended Length (if length > 125) Payload Data Mask Extended Length (if length == 127) Masking Key (if mask == 1) Masking Key (continuation) Whether payload is masked Payload length (in bytes). If length == 126/127, extended 16/64 bit length is used. Payload length (in bytes). If length == 126/127, extended 16/64 bit length is used. Randomly selected 32 bit key used for XOR masking of the payload.

 Data Frames ◦ Messages may be fragmented  First frame defines the type, other frames are defined as continuation frames  Last frame has the appropriate control bit set ◦ Text messages must be in UTF8, binary messages are interpreted only by the application  Control Frames ◦ Close frame initiates graceful connection shutdown ◦ Ping/pong frames verify the connection is still alive by Martin Kruliš (v1.0)15

 Security ◦ The connection may be established on a SSL/TLS channel instead of TCP  In the same way HTTP and HTTPS works ◦ The client sends an origin that refers to a domain from which the client script was downloaded ◦ The server must correctly transform given security key to verify it is really a WebSocket server ◦ The client may use frame masking to defend against a specific cache-poisoning attack  When the attacker constructs frames that look like a HTTP request by Martin Kruliš (v1.0)16

 Client Side (JavaScript) ◦ Encapsulated in window.WebSocket object ◦ We can check the functionality by if (!"WebSocket" in window) { // Do plan B; we do not have WebSockets } ◦ A new connection is initiated by constructing new WebSocket object var ws = new WebSocket('ws://domain/', 'proto'); by Martin Kruliš (v1.0)17

 WebSocket Object ◦ Properties  readyState – state of the connection (0 – connecting, 1 – connnected, 2 – closing, 3 – closed)  protocol – selected subprotocol  bufferedAmmount – number of bytes buffered by send but not yet transmitted over the network ◦ Methods  send(data) – send a data message (the type of the message is selected by the type of the data object)  close([code, [reason]]) – gracefully terminate the connection by Martin Kruliš (v1.0)18

 WebSocket Object ◦ Events  onopen() – when the connection is established  onmessage(e) – reports an incoming message (defragmented) in e.data field (string for text and Blob or ArrayBuffer for binary messages)  onerror() – if connection was terminated by an error  onclose(e) – when the connection is terminated  e.wasClean – whether the shutdown was graceful  e.code – termination code  e.reason – string with termination reason by Martin Kruliš (v1.0)19

 Server Side ◦ Current HTTP servers (e.g., Apache) do not natively support WebSockets  Similar problem as with Comet and Server Events  Applications often use two servers (HTTP and WS) ◦ Alternatives  Standalone application/script that implements HTTP and WS on its own  Specialized solutions like Node.js  Contains ready to use libraries for HTTP and WS which embrace event based programming by Martin Kruliš (v1.0)20 Example 2

 Web Real-Time Communication ◦ API for direct p2p communication between browsers ◦ Originally designed for audiovisual data (videophone) by Martin Kruliš (v1.0)21 Signaling channel (AJAX, WS, …) is required for establishing the connection RTC data are then passed directly or via TURN servers

 Web RTC API ◦ MediaStream  API that exposes camera or microphone as streams of multimedia data ◦ RTCPeerConnection  Manages the established connection  Multiple channels may be attached ◦ RTCDataChannel  Special channel type for script-managed data transfers  Channel API is based on WebSocket API by Martin Kruliš (v1.0)22

by Martin Kruliš (v1.0)23

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.