Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Engr. Abdul-Rahman MahmoodMS, PMP, MCP, QMR(ISO9001:2000)
[email protected] [email protected]
alphapeeler.sf.net/pubkeys/pkey.htm http://alphapeeler.sourceforge.net
pk.linkedin.com/in/armahmood http://alphapeeler.tumblr.com
www.twitter.com/alphapeeler [email protected]
www.facebook.com/alphapeeler [email protected]
abdulmahmood-sss alphasecure mahmood_cubix 48660186
[email protected] [email protected]
http://alphapeeler.sf.net/me http://alphapeeler.sf.net/acms/
Networks Programming
VC++, VB, ASP
Communicating with Server-Side Programs Through GET The URL class makes it easy for Java applets and
applications to communicate with serverside programs such as CGIs, servlets, PHP pages, and others that use the GET method.
Server-side programs that use the POST method require the URLConnection class (will be discussed later)
HTML form input The method the form uses should be the value of the
METHOD attribute of the FORM element.
URL that precedes the query string is given by the value of the ACTION attribute of the FORM element.
Finally, the names in the name-value pairs are simply the values of the NAME attributes of the INPUT elements.
Example: The program that processes the form
is accessed via the URL http://www.google.com/search. It has four separate name-value pairs, three of which have default values.
<form name="search" action="http://www.google.com/search" method="get">
<input name="q" />
<input type="hidden" value="cafeconleche.org" name="domains" />
<input type="hidden" name="sitesearch" value="cafeconleche.org" />
<input type="hidden" name="sitesearch2" value="cafeconleche.org" />
<br />
<input type="image" height="22" width="55“ src="images/search_blue.gif" alt="search" border="0“ name="search-image" />
</form>
The UI for the Open Directory
The UI for the Open Directory<form class="center mb1em" action="search" method="GET">
<input style="*vertical-align:middle;" size="45" name="q" value="" class="qN">
<input style="*vertical-align:middle; *padding-top:1px;" value="Search"
class="btn" type="submit">
<a href="search?type=advanced"><span class="advN">advanced</span></a>
</form>
There are only two input fields in this form: the Submit button and a text field named q. Thus, to submit a search request to the Open Directory, you just need to append q=searchTerm to http://www.dmoz.org/search.
Open Directory search program
Accessing Password-Protected Sites The Authenticator Class
The java.net package : Authenticator class you can use to provide a username and password for sites that protect themselves using HTTP authentication:
public abstract class Authenticator extends Object
Since Authenticator is an abstract class, you must subclass it.
To make the URL class use the subclass, install it as the default authenticator by passing
it to the static Authenticator.setDefault() method:
public static void setDefault(Authenticator a)
For example, if you’ve written an Authenticator subclass named DialogAuthenticator, you’d install it like this:
Authenticator.setDefault(new DialogAuthenticator());
The Authenticator Class The HTTP server provides the prompt. It’s typically the
name of the realm for which authentication is required. (Some large web servers such as www.ibiblio.org have multiple realms, each of which requires different usernames and passwords.)
Untrusted applets are not allowed to ask the user for a name and password. Trusted applets can do so, but only if they possess requestPasswordAuthentication
getPasswordAuthentication(), collect username /password from the user or some other source
protected PasswordAuthentication getPasswordAuthentication()
The Authenticator Class Usernames and passwords are cached within the same virtual machine
session. Once you set the correct password for a realm, you shouldn’t be asked for it again unless you’ve explicitly deleted the password by zeroing out the char array that contains it.
You can get more details about the request by invoking any of these methods inherited
from the Authenticator superclass:
protected final InetAddress getRequestingSite()
protected final int getRequestingPort()
protected final String getRequestingProtocol()
protected final String getRequestingPrompt()
protected final String getRequestingScheme()
protected final String getRequestingHost()
protected final String getRequestingURL()
protected Authenticator.RequestorType getRequestorType()
The Authenticator Class requestPasswordAuthentication() or return null if that
information is not available. (If the port isn’t available, getRequestingPort() returns -1.)
The PasswordAuthentication Class public PasswordAuthentication(String userName,
char[] password)
Each is accessed via a getter method:
public String getUserName()
public char[] getPassword()
JPasswordField Class : Swing public class JPasswordField extends JTextField
JPasswordField also stores the passwords as a char array so that when you’re done with the password you can overwrite it with zeros. It provides the getPassword() method to return this:
public char[] getPassword()
Otherwise, you mostly use the methods it inherits from the JTextField superclass.
download password-protected web pages
HTTP HTTP) is a standard that defines how a web client talks to a
server and how data is transferred from the server back to the client.
HTTP is application-level protocol & uses (TCP) as a transport mechanism.
Most prolific network application protocol in the short history of the Internet.
HTTP request/response cycle For each request (client - server), there is a sequence of 4
steps: Client opens a TCP connection to server on port 80 (default). Client sends a message to server requesting the resource at a
specified path. Request includes a header, and optionally a blank line
followed by data for the request. Server sends a response to client which begins with a response
code, a header full of metadata, a blank line, and the requested document or an error message.
Server closes the connection.
HTTP request/response cycle
request / response format Each request and response has the same basic form: a
header line, an HTTP header containing metadata, a blank line, and then a message body.
A typical client request looks something like this:GET /index.html HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0)
Gecko/20100101 Firefox/20.0
Host: en.wikipedia.org
Connection: keep-alive
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
GET requests like this one do not contain a message body, so the request ends with a blank line.
HTTP request The first line is called the request line, and includes a
method, a path to a resource, and the version of HTTP.
Lines in the header are terminated by a carriage-return linefeed pair.
User-Agent, tells server what browser is being used.
The following line says that the request comes from version 2.4 of the Lynx browser:
User-Agent: Lynx/2.4 libwww/2.1.4
oldest first-generation browsers also include a Hostfield specifying the server’s name, which allows web servers to distinguish between different named hosts served from the same IP address:
Host: www.cafeaulait.org
HTTP request Keyword Accept, tells the server the types of data the
client can handle (though servers often ignore this).
For example, the following line says that the client can handle four MIME media types, corresponding to HTML documents, plain text, and JPEG and GIF images:Accept: text/html, text/plain, image/gif, image/jpeg
MIME (Multi-Purpose Internet Mail Extensions)
MIME types are classified at two levels: a type and a subtype.
Finally, the request is terminated with a blank line—that is, two carriage return/linefeed
pairs, \r\n\r\n.
MIME types Eight top-level types have been defined:
text/* for human-readable words
image/* for pictures
model/* for 3D models such as VRML files
audio/* for sound
video/* for moving pictures, possibly including sound
application/* for binary data
message/* for protocol-specific envelopes such as email messages and HTTP responses
multipart/* for containers of multiple documents and resources
MIME types – RFC 1341 The Content-Type field for multipart entities requires
one parameter, "boundary", which is used to specify the encapsulation boundary.Content-Type: multipart/mixed; boundary=gc0p4Jq0M2Yt08jU534c0p
This indicates that the entity consists of several parts, and that the parts are each preceded by the line
--gc0p4Jq0M2Yt08jU534c0p
Encapsulation boundaries must > 70 characters. Current list of registered MIME types is available from
http://www.iana.org/ assignments/media-types/ In addition, nonstandard custom types and subtypes
can be freely defined as long as they begin with x-. For example, Flash files are commonly assigned the type application/x-shockwave-flash.
MIME multipart exampleFrom: Nathaniel Borenstein <[email protected]> To: Ned Freed <[email protected]> Subject: Sample message MIME-Version: 1.0 Content-type: multipart/mixed; boundary="simple boundary"
This is the preamble. It is to be ignored, though it is a handy place for mail composers to include an explanatory note to non-MIME compliant readers. --simple boundary
This is implicitly typed plain ASCII text. It does NOT end with a linebreak. --simple boundary Content-type: text/plain; charset=us-ascii
This is explicitly typed plain ASCII text. It DOES end with a linebreak.
--simple boundary--This is the epilogue. It is also to be ignored.
HTTP response Server sees blank line; it sends response over the same connection.
Response: a status line, a header (name: value syntax), a blank line, and the requested resource:HTTP/1.1 200 OKDate: Sun, 21 Apr 2013 15:12:46 GMTServer: ApacheConnection: closeContent-Type: text/html; charset=ISO-8859-1Content-length: 115
<html><head><title>A Sample HTML file</title></head><body>The rest of the document goes here</body></html>
HTTP response The first line indicates the protocol the server is using
(HTTP/1.1), followed by a response code. 200 OK is the most common response code.
1XX Informational100 continue
101 Switching Protocols
2XX Successful Request succeeded. 200 OK
201 Created
202 Accepted
3XX Redirection Relocation301 Moved Permanently
301 Moved Temporarily
305 Use Proxy
4XX Client error.400 Bad Request
401 Unauthorized
402 Payment Required
403 Forbidden
404 Not Found
405 Method Not Allowed
406 Not Acceptable
407 Proxy Authentication Required
5XX Server error.500 Internal Server Error
502 Bad Gateway
503 Service Unavailable
4 main HTTP Methods GET
retrieves a representation of a resource.
side effect free
can be repeated without concern if it fails. (idempotent)
its output is often cached, (though it can be controlled with the right headers)
GET requests can be bookmarked.
PUT
uploads representation of a resource to server at a known URL.
side effect free
can be repeated without concern if it fails. (idempotent)
4 main HTTP Methods DELETE
removes a resource from a specified URL.
side effect free
can be repeated without concern if it fails. (idempotent)
POST
POST is the most general method.
It too uploads a representation of a resource to a server at a known URL.
POST should be used for unsafe operations that should not be repeated, such as making a purchase.
When to use GET or POST GET is intended for noncommital actions, like
browsing a static web page, adding an item to a shopping cart
POST : for actions that commit to something, like placing the order.
Misconception: reason for preferring POST over GET is when forms require large amounts of input.
Today all major browsers are good up to URL lengths of at least 2,000 characters. If you have more form data to submit than that, you may indeed need to support POST;
Other HTTP methods HEAD: which acts like a GET except it only returns the
header for the resource, not the actual data.
Used to check modification date of a file
To see that a copy stored in local cache is still valid.
Opening URLConnections A program that uses the URLConnection class directly
follows this basic sequence of steps:
1. Construct a URL object.
2. Invoke the URL object’s openConnection() method to retrieve a URLConnection object for that URL.
3. Configure the URLConnection.
4. Read the header fields.
5. Get an input stream and read data.
6. Get an output stream and write data.
7. Close the connection.
Reading Data from a Server 1. Construct a URL object.
2. Invoke the URL object’s openConnection() method to retrieve a URLConnection object for that URL.
3. Invoke the URLConnection’s getInputStream() method.
4. Read from the input stream using the usual stream API.
The differences between URL and URLConnection :
URLConnection provides access to the HTTP header.
URLConnection can configure the request parameters sent to the server.
URLConnection can write data to the server as well as read data from the server.
Download web page with a URLConnection
http://alphapeeler.sf.net/index.htm
Reading the Header Retrieving Specific Header Fields The first six methods request specific, particularly common fields from the
header. These are:
• Content-type
• Content-length
• Content-encoding
• Date
• Last-modified
• Expires
public String getContentType() The getContentType() method returns the MIME
media type of the response body. It relies on the web server to send a valid content type. It throws no exceptions and returns null if the content type isn’t available.
Examples: text/html, text/plain, image/gif, application/xml, image/jpeg.
If the content type is some form of text, this header may also contain a character set part:
Content-type: text/html; charset=UTF-8
Content-Type: application/xml; charset=iso-2022-jp
Download a web page with the correct character sethttp://alphapeeler.sf.net/index.htm
public int getContentLength() Java 7 adds a getContentLengthLong() method that
works just like getContentLength() except that it returns a long instead of an int and thus can handle much larger resources:
public int getContentLengthLong() // Java 7
http
://alp
ha
pee
ler.s
ourc
efo
rge.n
et/s
cre
ensho
ts_
files/im
ag
e0
01
.gif
Downloading a binary file from a website and saving it to disk
public String getContentEncoding() returns a String that tells you how the content is
encoded.
With HTTP servers, content is unencoded, and method returns null
It throws no exceptions.
commonly used content encoding is x-gzip, which can be straightforwardly decoded using a java.util.zip.GZipInputStream
Character encoding vs Content encoding :
Character encoding is determined by the Content-type header; specifies how characters are encoded in bytes.
Content encoding specifies how the bytes are encoded in other bytes.
public long getDate() returns a long that tells when document was sent, in milliseconds since 12 AM,
January 1, 1970. [Linux epoch] You can convert it to a java.util.Date. For example: Date documentSent = new Date(uc.getDate());
Ex: Return the header
Retrieving Arbitrary Header Fields Use these methods to get header fields that Java’s designers
did not plan for. If the requested header is found, it is returned. Otherwise, the method returns null.
public String getHeaderField(String name)
The getHeaderField() method returns the value of a named header field. The name of the header is not case sensitive
String contentType = uc.getHeaderField("content-type");String contentEncoding = uc.getHeaderField("content-encoding"));String data = uc.getHeaderField("date");String expires = uc.getHeaderField("expires");String contentLength = uc.getHeaderField("Content-length");
public String getHeaderFieldKey(int n) returns the key (i.e., the field name) of the nth header field public String getHeaderField(int n) returns the value of the nth header field. public int getHeaderFieldInt(String name, int default) This method retrieves the value of the header field name int contentLength = uc.getHeaderFieldInt("content-length", -1);
returns –1 if the Content-length header isn’t present.
Print the entire HTTP header
Authenticator class