Engr. Abdul-Rahman MahmoodMS, PMP, MCP, QMR(ISO9001:2000)

armahmood786@yahoo.com alphasecure@gmail.com

alphapeeler.sf.net/pubkeys/pkey.htm http://alphapeeler.sourceforge.net

pk.linkedin.com/in/armahmood http://alphapeeler.tumblr.com

www.twitter.com/alphapeeler armahmood786@jabber.org

www.facebook.com/alphapeeler alphapeeler@aim.com

abdulmahmood-sss alphasecure mahmood_cubix 48660186

armahmood786@hotmail.com alphapeeler@icloud.com

http://alphapeeler.sf.net/me http://alphapeeler.sf.net/acms/

Networks Programming

VC++, VB, ASP

Communicating with Server-Side Programs Through GET The URL class makes it easy for Java applets and

applications to communicate with serverside programs such as CGIs, servlets, PHP pages, and others that use the GET method.

Server-side programs that use the POST method require the URLConnection class (will be discussed later)

HTML form input The method the form uses should be the value of the

METHOD attribute of the FORM element.

URL that precedes the query string is given by the value of the ACTION attribute of the FORM element.

Finally, the names in the name-value pairs are simply the values of the NAME attributes of the INPUT elements.

Example: The program that processes the form

is accessed via the URL http://www.google.com/search. It has four separate name-value pairs, three of which have default values.

<form name="search" action="http://www.google.com/search" method="get">

<input name="q" />

<input type="hidden" value="cafeconleche.org" name="domains" />

<input type="hidden" name="sitesearch" value="cafeconleche.org" />

<input type="hidden" name="sitesearch2" value="cafeconleche.org" />

<br />

<input type="image" height="22" width="55“ src="images/search_blue.gif" alt="search" border="0“ name="search-image" />

</form>

The UI for the Open Directory

The UI for the Open Directory<form class="center mb1em" action="search" method="GET">

<input style="*vertical-align:middle;" size="45" name="q" value="" class="qN">

<input style="*vertical-align:middle; *padding-top:1px;" value="Search"

class="btn" type="submit">

<a href="search?type=advanced"><span class="advN">advanced</span></a>

</form>

There are only two input fields in this form: the Submit button and a text field named q. Thus, to submit a search request to the Open Directory, you just need to append q=searchTerm to http://www.dmoz.org/search.

Open Directory search program

Accessing Password-Protected Sites The Authenticator Class

The java.net package : Authenticator class you can use to provide a username and password for sites that protect themselves using HTTP authentication:

public abstract class Authenticator extends Object

Since Authenticator is an abstract class, you must subclass it.

To make the URL class use the subclass, install it as the default authenticator by passing

it to the static Authenticator.setDefault() method:

public static void setDefault(Authenticator a)

For example, if you’ve written an Authenticator subclass named DialogAuthenticator, you’d install it like this:

Authenticator.setDefault(new DialogAuthenticator());

The Authenticator Class The HTTP server provides the prompt. It’s typically the

name of the realm for which authentication is required. (Some large web servers such as www.ibiblio.org have multiple realms, each of which requires different usernames and passwords.)

Untrusted applets are not allowed to ask the user for a name and password. Trusted applets can do so, but only if they possess requestPasswordAuthentication

getPasswordAuthentication(), collect username /password from the user or some other source

protected PasswordAuthentication getPasswordAuthentication()

The Authenticator Class Usernames and passwords are cached within the same virtual machine

session. Once you set the correct password for a realm, you shouldn’t be asked for it again unless you’ve explicitly deleted the password by zeroing out the char array that contains it.

You can get more details about the request by invoking any of these methods inherited

from the Authenticator superclass:

protected final InetAddress getRequestingSite()

protected final int getRequestingPort()

protected final String getRequestingProtocol()

protected final String getRequestingPrompt()

protected final String getRequestingScheme()

protected final String getRequestingHost()

protected final String getRequestingURL()

protected Authenticator.RequestorType getRequestorType()

The Authenticator Class requestPasswordAuthentication() or return null if that

information is not available. (If the port isn’t available, getRequestingPort() returns -1.)

The PasswordAuthentication Class public PasswordAuthentication(String userName,

char[] password)

Each is accessed via a getter method:

public String getUserName()

public char[] getPassword()

JPasswordField Class : Swing public class JPasswordField extends JTextField

JPasswordField also stores the passwords as a char array so that when you’re done with the password you can overwrite it with zeros. It provides the getPassword() method to return this:

public char[] getPassword()

Otherwise, you mostly use the methods it inherits from the JTextField superclass.

download password-protected web pages

HTTP HTTP) is a standard that defines how a web client talks to a

server and how data is transferred from the server back to the client.

HTTP is application-level protocol & uses (TCP) as a transport mechanism.

Most prolific network application protocol in the short history of the Internet.

HTTP request/response cycle For each request (client - server), there is a sequence of 4

steps: Client opens a TCP connection to server on port 80 (default). Client sends a message to server requesting the resource at a

specified path. Request includes a header, and optionally a blank line

followed by data for the request. Server sends a response to client which begins with a response

code, a header full of metadata, a blank line, and the requested document or an error message.

Server closes the connection.

HTTP request/response cycle

request / response format Each request and response has the same basic form: a

header line, an HTTP header containing metadata, a blank line, and then a message body.

A typical client request looks something like this:GET /index.html HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0)

Gecko/20100101 Firefox/20.0

Host: en.wikipedia.org

Connection: keep-alive

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

GET requests like this one do not contain a message body, so the request ends with a blank line.

HTTP request The first line is called the request line, and includes a

method, a path to a resource, and the version of HTTP.

Lines in the header are terminated by a carriage-return linefeed pair.

User-Agent, tells server what browser is being used.

The following line says that the request comes from version 2.4 of the Lynx browser:

User-Agent: Lynx/2.4 libwww/2.1.4

oldest first-generation browsers also include a Hostfield specifying the server’s name, which allows web servers to distinguish between different named hosts served from the same IP address:

Host: www.cafeaulait.org

HTTP request Keyword Accept, tells the server the types of data the

client can handle (though servers often ignore this).

For example, the following line says that the client can handle four MIME media types, corresponding to HTML documents, plain text, and JPEG and GIF images:Accept: text/html, text/plain, image/gif, image/jpeg

MIME (Multi-Purpose Internet Mail Extensions)

MIME types are classified at two levels: a type and a subtype.

Finally, the request is terminated with a blank line—that is, two carriage return/linefeed

pairs, \r\n\r\n.

MIME types Eight top-level types have been defined:

text/* for human-readable words

image/* for pictures

model/* for 3D models such as VRML files

audio/* for sound

video/* for moving pictures, possibly including sound

application/* for binary data

message/* for protocol-specific envelopes such as email messages and HTTP responses

multipart/* for containers of multiple documents and resources

MIME types – RFC 1341 The Content-Type field for multipart entities requires

one parameter, "boundary", which is used to specify the encapsulation boundary.Content-Type: multipart/mixed; boundary=gc0p4Jq0M2Yt08jU534c0p

This indicates that the entity consists of several parts, and that the parts are each preceded by the line

--gc0p4Jq0M2Yt08jU534c0p

Encapsulation boundaries must > 70 characters. Current list of registered MIME types is available from

http://www.iana.org/ assignments/media-types/ In addition, nonstandard custom types and subtypes

can be freely defined as long as they begin with x-. For example, Flash files are commonly assigned the type application/x-shockwave-flash.

MIME multipart exampleFrom: Nathaniel Borenstein <nsb@bellcore.com> To: Ned Freed <ned@innosoft.com> Subject: Sample message MIME-Version: 1.0 Content-type: multipart/mixed; boundary="simple boundary"

This is the preamble. It is to be ignored, though it is a handy place for mail composers to include an explanatory note to non-MIME compliant readers. --simple boundary

This is implicitly typed plain ASCII text. It does NOT end with a linebreak. --simple boundary Content-type: text/plain; charset=us-ascii

This is explicitly typed plain ASCII text. It DOES end with a linebreak.

--simple boundary--This is the epilogue. It is also to be ignored.

HTTP response Server sees blank line; it sends response over the same connection.

Response: a status line, a header (name: value syntax), a blank line, and the requested resource:HTTP/1.1 200 OKDate: Sun, 21 Apr 2013 15:12:46 GMTServer: ApacheConnection: closeContent-Type: text/html; charset=ISO-8859-1Content-length: 115

<html><head><title>A Sample HTML file</title></head><body>The rest of the document goes here</body></html>

HTTP response The first line indicates the protocol the server is using

(HTTP/1.1), followed by a response code. 200 OK is the most common response code.

1XX Informational100 continue

101 Switching Protocols

2XX Successful Request succeeded. 200 OK

201 Created

202 Accepted

3XX Redirection Relocation301 Moved Permanently

301 Moved Temporarily

305 Use Proxy

4XX Client error.400 Bad Request

401 Unauthorized

402 Payment Required

403 Forbidden

404 Not Found

405 Method Not Allowed

406 Not Acceptable

407 Proxy Authentication Required

5XX Server error.500 Internal Server Error

502 Bad Gateway

503 Service Unavailable

4 main HTTP Methods GET

retrieves a representation of a resource.

side effect free

can be repeated without concern if it fails. (idempotent)

its output is often cached, (though it can be controlled with the right headers)

GET requests can be bookmarked.

PUT

uploads representation of a resource to server at a known URL.

side effect free

can be repeated without concern if it fails. (idempotent)

4 main HTTP Methods DELETE

removes a resource from a specified URL.

side effect free

can be repeated without concern if it fails. (idempotent)

POST

POST is the most general method.

It too uploads a representation of a resource to a server at a known URL.

POST should be used for unsafe operations that should not be repeated, such as making a purchase.

When to use GET or POST GET is intended for noncommital actions, like

browsing a static web page, adding an item to a shopping cart

POST : for actions that commit to something, like placing the order.

Misconception: reason for preferring POST over GET is when forms require large amounts of input.

Today all major browsers are good up to URL lengths of at least 2,000 characters. If you have more form data to submit than that, you may indeed need to support POST;

Other HTTP methods HEAD: which acts like a GET except it only returns the

header for the resource, not the actual data.

Used to check modification date of a file

To see that a copy stored in local cache is still valid.

Opening URLConnections A program that uses the URLConnection class directly

follows this basic sequence of steps:

1. Construct a URL object.

2. Invoke the URL object’s openConnection() method to retrieve a URLConnection object for that URL.

3. Configure the URLConnection.

4. Read the header fields.

5. Get an input stream and read data.

6. Get an output stream and write data.

7. Close the connection.

Reading Data from a Server 1. Construct a URL object.

2. Invoke the URL object’s openConnection() method to retrieve a URLConnection object for that URL.

3. Invoke the URLConnection’s getInputStream() method.

4. Read from the input stream using the usual stream API.

The differences between URL and URLConnection :

URLConnection provides access to the HTTP header.

URLConnection can configure the request parameters sent to the server.

URLConnection can write data to the server as well as read data from the server.

Download web page with a URLConnection

http://alphapeeler.sf.net/index.htm

Reading the Header Retrieving Specific Header Fields The first six methods request specific, particularly common fields from the

header. These are:

• Content-type

• Content-length

• Content-encoding

• Date

• Last-modified

• Expires

public String getContentType() The getContentType() method returns the MIME

media type of the response body. It relies on the web server to send a valid content type. It throws no exceptions and returns null if the content type isn’t available.

Examples: text/html, text/plain, image/gif, application/xml, image/jpeg.

If the content type is some form of text, this header may also contain a character set part:

Content-type: text/html; charset=UTF-8

Content-Type: application/xml; charset=iso-2022-jp

Download a web page with the correct character sethttp://alphapeeler.sf.net/index.htm

public int getContentLength() Java 7 adds a getContentLengthLong() method that

works just like getContentLength() except that it returns a long instead of an int and thus can handle much larger resources:

public int getContentLengthLong() // Java 7

http

://alp

ha

pee

ler.s

ourc

efo

rge.n

et/s

cre

ensho

ts_

files/im

ag

e0

01

.gif

Downloading a binary file from a website and saving it to disk

public String getContentEncoding() returns a String that tells you how the content is

encoded.

With HTTP servers, content is unencoded, and method returns null

It throws no exceptions.

commonly used content encoding is x-gzip, which can be straightforwardly decoded using a java.util.zip.GZipInputStream

Character encoding vs Content encoding :

Character encoding is determined by the Content-type header; specifies how characters are encoded in bytes.

Content encoding specifies how the bytes are encoded in other bytes.

public long getDate() returns a long that tells when document was sent, in milliseconds since 12 AM,

January 1, 1970. [Linux epoch] You can convert it to a java.util.Date. For example: Date documentSent = new Date(uc.getDate());

Ex: Return the header

Retrieving Arbitrary Header Fields Use these methods to get header fields that Java’s designers

did not plan for. If the requested header is found, it is returned. Otherwise, the method returns null.

public String getHeaderField(String name)

The getHeaderField() method returns the value of a named header field. The name of the header is not case sensitive

String contentType = uc.getHeaderField("content-type");String contentEncoding = uc.getHeaderField("content-encoding"));String data = uc.getHeaderField("date");String expires = uc.getHeaderField("expires");String contentLength = uc.getHeaderField("Content-length");

public String getHeaderFieldKey(int n) returns the key (i.e., the field name) of the nth header field public String getHeaderField(int n) returns the value of the nth header field. public int getHeaderFieldInt(String name, int default) This method retrieves the value of the header field name int contentLength = uc.getHeaderFieldInt("content-length", -1);

returns –1 if the Content-length header isn’t present.

Print the entire HTTP header

Authenticator class