HTTP Overview



HTTP Protocol : An Overview


The Hypertext Transfer Protocol (HTTP) is an application-level protocol with the lightness and speed necessary for distributed, collaborative, hypermedia information systems. It is a generic, stateless, object-oriented protocol which can be used for many tasks, such as name servers and distributed object management systems, through extension of its request methods (commands). A feature of HTTP is the typing of data representation, allowing systems to be built independently of the data being transferred.


The HTTP is based on a request/response paradigm. A client establishes a connection with a server and sends a request to the server in the form of a request method, URL, and protocol version, followed by a MIME-like message containing request modifiers, client information, and possible body content. The server responds with a status line, including the message's protocol version and a success or error code, followed by a MIME-like message containing server information, entity maintain information, and possible body content.


WebNMS supports the development of HTTP agents which confirms to HTTP 1.0 and HTTP 1.1 version.


HTTP Basics


HTTP stands for Hypertext Transfer Protocol. It's the network protocol used to deliver virtually all files and other data (collectively called resources) on the World Wide Web, whether they're HTML files, image files, query results, or anything else. Usually, HTTP takes place through TCP/IP sockets.


A browser is an HTTP client because it sends requests to an HTTP server (Web server), which then sends responses back to the client. The standard (and default) port for HTTP servers to listen on is 80, though they can use any port.


HTTP is used to transmit resources, not just files. A resource is some chunk of information that can be identified by a URL (Uniform Resource Locator). The most common kind of resource is a file, but a resource may also be a dynamically-generated query result, the output of a CGI script, a document that is available in several languages, or something else.


Structure of HTTP Transaction


Like most network protocols, HTTP uses the client-server model. An HTTP client opens a connection and sends a request message to an HTTP server; the server then returns a response message, usually containing the resource that was requested. After delivering the response, the server closes the connection (making HTTP a stateless protocol, i.e., not maintaining any connection information between transactions).


The format of the request and response messages is similar and English-oriented. Both kinds of messages consist of:


an initial line,

zero or more header lines,

a blank line (i.e., a CRLF by itself), and

an optional message body (e.g., a file, or query data, or query output).


In other words, the format of an HTTP message is


<initial line, different for request vs. response>

Header1: value1

Header2: value2

Header3: value3

<optional message body goes here, like file contents or query data;


it can be many lines long, or even binary data $&*%@!^$@>


Initial lines and headers should end in CRLF, though you should gracefully handle lines ending in just LF. (More exactly, CR and LF here mean ASCII values 13 and 10, even though some platforms may use different characters.)


HTTP Methods


A request line has three parts, separated by spaces: a method name, the local path of the requested resource, and the version of HTTP being used. There are three HTTP Methods, namely GET, HEAD, and POST.


The GET Method


GET is the most common HTTP method; it says "give me this resource". Other Method names are always in uppercase. The GET method can also be used to submit forms. The form data are URL-encoded and appended to the request URL.

The HEAD Method


A HEAD request is just like a GET request, except it asks the server to return the response headers only, and not the actual resource (i.e., no message body). This is useful to check characteristics of a resource without actually downloading it, thus saving bandwidth. Use HEAD when you don't actually need a file's contents. The response to a HEAD request must never contain a message body, but just the status line and headers.


The POST Method


POST request is used to send data to be processed to the server in some way, such as using a CGI script. A POST request is different from a GET request in the following ways:

The HTTP response is normally program output, not a static file. The most common use of POST, by far, is to submit HTML form data to CGI scripts. In this case, the Content-Type: header is usually application/x-www-form-url encoded, and the Content-Length: header gives the length of the URL-encoded form data. You can use a POST request to send whatever data you want, not just form submissions. Just make sure the sender and the receiving program agree on the format.


Introduction to SSL


Security on the Internet has been playing an ever-increasing role of importance in the past few years. Cyber crimes, such as credit card theft and other types of theft through the Internet has been on the rise. The Secure Sockets Layer (SSL) is a solution to battle these types of problems. SSL is a security layer that exists between TCP/IP and application protocols, such as HTTP, LDAP, FTP, and Telnet.


The Secure Sockets Layer (SSL) protocol, originally developed by Netscape, has been universally accepted on the World Wide Web for authenticated and encrypted communication between clients and servers.


SSL Architecture


The Transmission Control Protocol/Internet Protocol (TCP/IP) governs the transport and routing of data over the Internet. Other protocols, such as the HyperText Transport Protocol (HTTP), Lightweight Directory Access Protocol (LDAP), or Internet Messaging Access Protocol (IMAP) run "on top of" TCP/IP in the sense that they all use TCP/IP to support typical application tasks, such as displaying Web pages or running e-mail servers.




The SSL protocol runs on top of TCP/IP and below higher-level protocols, such as HTTP, IMAP, FTP, etc. It uses TCP/IP on behalf of the higher-level protocols, and in the process allows an SSL-enabled server to authenticate itself to an SSL-enabled client, allows the client to authenticate itself to the server, and allows both machines to establish an encrypted connection.


These capabilities address fundamental concerns about "secure" communication over the Internet and other TCP/IP networks.


The SSL Protocol includes two Sub-Protocols, namely SSL Record Protocol and SSL Handshake. SSL Record Protocol defines the format used to transmit data. SSL Handshake Protocol uses SSL Record Protocol to exchange series of messages between SSL-enabled Client and SSL-enabled Server when SSL Connection is first established between them.


Features of SSL


Data Privacy


SSL Provides data privacy for all the data transmitted via the SSL and between the Web Server and Client. SSL also can detect tampering of the data transmitted, so that users on both sides of the connection know if anything was changed during the transit. This sort of tamper-proof confidentiality is a prerequisite for being able to exchange sensitive data through a network.


Ease of Use


SSL networking is just as easy as regular networking in Java. This is made possible by using JSSE.




SSL also includes Server Authentication and Client Authentication Capability. This is accomplished through the use of cryptographically signed certificates between the two sides, namely the Server and the Client.


Copyright © 2012, ZOHO Corp. All Rights Reserved.