1 httpcore, cookies managing data on the world wide-web elad kravi
TRANSCRIPT
1
HTTPCore, Cookies
Managing Data on the World Wide-Web
Elad Kravi
2
Overview
HttpCore – handlers4
HttpCore - connections2
HttpCore - basics1
HttpCore - demo5
6 Cookies
HttpCore - processors3
3
• Apache Software Foundation
• HttpCore is a set of components implementing the most fundamental aspects of the HTTP protocol that are nonetheless sufficient to develop full-featured client-side and server-side HTTP services with a minimal footprint.
• blocking I/O model and and non-blocking I/O.
HttpCore - Intro
4
• Manipulate http properties:– Client– Server– Proxy– 236369 home work…
• My example of downloading data from the web– Messages from Social Networks (Twitter)
When would you use HttpCore
5
Generic-message = start-line *(message-header CRLF) CRLF [ message-body ]
Start-line = Request-Line | Status-Line
Request = Request-Line *(( general-header | request-header | entity-
header ) CRLF) CRLF [ message-body ]
Response = Status-Line *(( general-header | response-header | entity-
header ) CRLF) CRLF [ message-body ]
HttpMessage, HttpRequest, HttpResponse
6
• AbstractHttpMessage – base class– Handle headers: setHeader, getHeaders, etc..– More elegant – use Interceptors (in the following)
• BasicHttpRequest HttpRequest request = new BasicHttpRequest("GET", "/",
HttpVersion.HTTP_1_1);
• BasicHttpResponseHttpRequest request = new BasicHttpRequest("GET", "/",
HttpVersion.HTTP_1_1);
AbstractHttpMessage, BasicHttpRequest, BasicHttpResponse
7
• Setting a headerresponse.addHeader("Set-Cookie", "c1=a; path=/; domain=localhost");
• Reading the headers1) Header h1 = response.getFirstHeader("Set-Cookie");2) HeaderIterator it = response.headerIterator("Set-Cookie");
while (it.hasNext()) { System.out.println(it.next());
}
• HTTP headers can be tokenized into individual header elements.– Header elements are properties of the header, e.g.
response.addHeader("Set-Cookie", "c2=b; path=\"/\", c3=c; domain=\"localhost\"");– Parameters can be parsed as name-value pairs.
Setting headers - explicitly
8
• HTTP messages can carry a content entity associated with the request or response. – Responses are usually expected to enclose a content entity
• Repeatable Entity - its content can be read more than once– only possible with self contained entities (ByteArrayEntity &
StringEntity)
• Streamed Entity: The content is received from a stream, or generated on the fly.
Http Entities - message payload
9
Http Entities (cont)
Http entities that stream out their content from the input stream of the underlying connection, must ensure that the content of the message body is fully consumed for that connection to be potentially re-usable
10
• BasicHttpEntity - A generic streamed, non-repeatable entity that obtains its content from an InputStream.
• ByteArrayEntity - A self contained, repeatable entity that obtains its content from a byte array
String myData = "Hello world on the other side!!";ByteArrayEntity myEntity = new ByteArrayEntity(myData.getBytes());
• StringEntity - A self contained, repeatable entity that obtains its
content from java.lang.String object• FileEntity - a self contained, repeatable entity that obtains its content
from a file– for instance, sending a zip file with content type application/zipHttpEntity entity = new FileEntity(staticFile,
"application/java-archive");
(Some) Types of Entities
11
Overview
HttpCore – handlers4
HttpCore - connections2
HttpCore - basics1
HttpCore - demo5
6 Cookies
HttpCore - processors3
HttpCore - connections
12
• A generic HTTP connection, useful on client and server side.– AbstractHttpClientConnection
• sendRequestHeader, sendRequestEntity, receiveResponseHeader, flush
– AbstractHttpServerConnection• receiveRequestHeader, receiveRequestEntity, sendResponseHeader,
sendResponseEntity, flush
– Which kind a proxy should have?
• Concrete types define ‘bind’ method to bind a socket.
HttpConnection (extends closable)
13
• Terminating HTTP connections– Gracefully by calling HttpConnection#close()– Forcibly by calling HttpConnection#shutdown()
• HTTP exception handling– IOException in case of an I/O failure such as socket timeout or an
socket reset– HttpException that signals an Http failure such as a violation of the
Http protocol
Closing connection and Exceptions
14
Overview
HttpCore – handlers4
HttpCore - connections2
HttpCore - basics1
HttpCore - demo5
6 Cookies
HttpCore - processors3
15
• A routine that implements a specific aspect of the Http protocol using protocol interceptors– protocol interceptors act upon specific header(s) of the incoming or
outgoing message.– http protocol processor is a collection of protocol interceptors that
implements the 'Chain of Responsibility' pattern• each individual protocol interceptor is expected to work on the particular
aspect of the Http protocol it is responsible for.
– If the interceptors must be executed in a particular order, they should be added to the processor in the same sequence.
HttpProcessor
void process(HttpRequest request, HttpContext context) throws HttpException, IOException
16
• RequestContent / ResponseContent – important interceptors for outgoing requests / responses. – Responsible for delimiting content length by adding Content-Length
or Transfer-Content headers based on the properties of the enclosed entity and the protocol version.
• RequestConnControl / ResponseConnControl –– responsible for adding Connection header to the outgoing requests /
responses.
• RequestTargetHost – required for client side protocol– responsible for adding Host header
• RequestUserAgent – recommended for client side protocol– responsible for adding User-Agent header
(Some) Protocol interceptors
e.g. Connection : close
content-length, content-type…
17
Using Protocol Processors
Send the request to the target host and get a response.
18
• Protocol interceptors collaborate by sharing information such as processing state through an Http execution context.– HttpContext is a structure that can be used to map an attribute
name to an attribute value.
Http Context
19
Overview
HttpCore – handlers4
HttpCore - connections2
HttpCore - basics1
HttpCore - demo5
6 Cookies
HttpCore - processors3
HttpCore - handlers
20
• a client side HTTP protocol handler based on the blocking I/O model
• relies on HttpProcessor to generate mandatory protocol headers for all outgoing messages
• apply common, cross-cutting message transformations to all incoming and outgoing messages
HttpRequestExecutor httpexecutor = new HttpRequestExecutor();…httpexecutor.preProcess(request, httpproc, context);HttpResponse response = httpexecutor.execute(request, conn, context);…httpexecutor.postProcess(response, httpproc, context);
HttpRequestExecutor
21
• a server side HTTP protocol handler based on the blocking I/O model
• relies on HttpProcessor to generate mandatory protocol headers for all outgoing messages
• apply common, cross-cutting message transformations to all incoming and outgoing messages– whereas individual HttpRequestHandlers are expected to take care
of application specific content generation and processing– relies on HttpRequestHandler to resolve matching request handler
for a particular request URI of an incoming HTTP request
HttpService
22
Overview
HttpCore – c & s handlers4
HttpCore - headers2
HttpCore - basics1
HttpCore - demo5
6 Cookies
HttpCore - entities3
23
• A client implemented using HttpCore– Configuration
• HttpRequestExecutor• HttpProcessor• HttpContext• HttpRequest
– Main logic – “GET” some files from the server• Using HttpRequestExecutor
– preProcess, execute and postProcess
• Print some usefull information from the response
What we will see in this example?
24
• A server implemented using HttpCore– Configuration
• HttpService• HttpProcessor• HttpContext• HttpRequest
What we will see in this example?
sd Sequence
RequestListenerThread
WorkerThread
loop ForEveryNewRequest
configurations()
.(HttpService, Socket)
handle(request, response, context)
– Main logic – Upon receiving a new request• Create a working thread
– Handles the request
• Wait for the next request
25
• HttpClient is a HTTP/1.1 compliant Http agent implementation based on HttpCore. It also provides reusable components for client-side authentication, Http state management, and Http connection management.– e.g., parsing cookies
• Self learning
HttpClient
26
Overview
HttpCore – c & s handlers4
HttpCore - headers2
HttpCore - basics1
HttpCore - demo5
6 Cookies
HttpCore - entities3
27
• An Http cookie is a token or short packet of state information that the Http agent (e.g. browser) and the target server can exchange to maintain a session.
• In its simplest form an Http cookie is merely a name / value pair.– Usually a cookie also contains a number of
attributes such as: version, a domain for which is valid, a path that specifies the subset of URLs on the origin server to which this cookie applies, and the maximum period of time for which the cookie is valid
Http Cookies
28
• Cookies allow to save state using stateless http protocol.
• Usefull scenario: a shopping cart• Privacy hazzard:
– Consider the following scenario:• A cookie is set on the user’s browser• Every site the user visits the cookie is sent to the server
• Cookies can help monitoring your browsing history
Are they really ‘fortune cookies’?