Java confidant_ 2022-06-23 18:40:16 阅读数:533
Click on the official account , Practical technical articles Know in time
Hypertext transfer protocol （
Hyper Text Transfer Protocol,HTTP） It's a simple request - Response protocol , It is based on TCP Application layer transport protocol . It specifies what messages the client may send to the server and what response it will get .
HTTP It's a kind of statelessness (stateless) agreement , HTTP The protocol itself does not persist the communication state of the sent request and response . The purpose of this is to keep HTTP The simplicity of the agreement , So that a large number of transactions can be processed quickly , Increase of efficiency .
HTTP The request body is the data sent to the server when requesting data , After all, get data from the server , First show me how to , And what you want ！
HTTP Request body by ： Request line 、 Request header 、 The request body consists of .
GET： Used to request access has been URI（ Uniform resource identifiers ） Identified resources , Can pass URL Pass the parameters to the server .
POST： Used to transmit information to the server , Main functions and GET The method is similar to , But it is generally recommended to use POST The way .
PUT： Transfer files , The message body contains the contents of the file , Save to the corresponding URI Location .
HEAD： Get the message header , And GET The method is similar to , Just don't return the message body , Generally used to verify URI Whether it works .
DELETE： Delete file , And PUT Contrary to the method , Delete the corresponding URI Location file .
OPTIONS： The query corresponds to URI Supported by HTTP Method .
# Method URL Version Request line POST /httpLearn/postRequest HTTP/1.1 # Request Header Request header Host: 127.0.0.1:8080 User-Agent: apifox/1.0.0 (https://www.apifox.cn) Content-Length: 126 Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW # Request Message Request body ----WebKitFormBoundary7MA4YWxkTrZu0gW Content-Disposition: form-data; name="param" post ----WebKitFormBoundary7MA4YWxkTrZu0gW
Get The request has no body
# Method URL Version Request line GET /httpLearn/getRequest?param=123 HTTP/1.1 # Request Header Request header Host: 127.0.0.1:8080 User-Agent: apifox/1.0.0 (https://www.apifox.cn)
GET And POST They are the two kinds we usually use HTTP Method, The differences between them mainly include the following five aspects ：
In terms of function ,GET Generally used to get resources from the server ,POST Generally used to update resources on the server ;
from REST In terms of service ,GET Idempotent , That is, reading the same resource , Always get the same data , and POST Not idempotent , Because every request for a change to a resource is not the same ;
In terms of the request parameter form ,GET The requested data is attached URL after , Place request data in HTTP In the request header of the message , With ? Division URL And transmit data , Between parameters & Connected to a ; and POST The request will place the submitted data at yes HTTP In the request body of the request message .
From the safety point of view ,POST It's safer than GET High security , because GET The data requested to be submitted will appear in clear text at URL On , and POST request Parameters are wrapped in the request body , Relatively safer .
From the size of the request ,GET The length of the request is limited by the browser or server pair URL Length limitation , The amount of data allowed to be sent is relatively small , and POST The request has no size limit .
HTTP Response message of Is the data returned by the server , There must be a requester before a response message .
HTTP The response message is sent by ：
Status line 、 Response head 、 Response body form .
1xx（ Temporary response ）： Information , The server receives the request , Requester is required to continue ;
2xx（ success ）： Operation received and processed successfully ;
3xx（ Redirect ）： Further action is required to complete the request ;
4xx（ Client error ）： The request contains a syntax error or could not be completed ;
5xx（ Server error ）： The server encountered an error while processing the request ;
# Version Response Code Status line HTTP/1.1 200 OK # Response Header Response head Content-Type:text/plain;charset=UTF-8 Content-Length:31 Date:Wed, 19 Jan 2022 11:37:00 GMT Keep-Alive:timeout=60 Connection:keep-alive # Response Message Response body post request is ok,param = post
When we're in web Enter... In the browser's address bar ：
www.baidu.com, And then go back , What happened ？
By domain name → IP Address seek IP The process of the address goes through the browser cache in turn 、 System cache 、hosts file 、 Router cache 、 Recursively search the root DNS server （DNS analysis ）.
establish TCP/IP Connect （ The specific process of three handshakes ）.
The browser sends a HTTP request .
Forwarding through router , Through the server's firewall , The HTTP The request reached the server .
The server handles the HTTP request , Return to one HTML file .
The browser parses the HTML file , And it's on the browser side .
Server down TCP Connect （ The specific process of four waves ）.
HTTP The protocol runs in TCP above , Plaintext transmission , Neither the client nor the server can verify the identity of each other .Https It's through SSL(
Secure Socket Layer, Secure socket layer ) or TLS(
Transport Layer Security, Security layer transport protocol ) Combined use of , encryption HTTP The content of the communication . It belongs to communication encryption , That is, encrypt... In the whole communication line .
HTTPS Use shared key encryption （ symmetry ） And public key encryption （ Asymmetric ） A hybrid encryption mechanism for both . If the key can be exchanged safely , Then it is possible to consider using only public key encryption to communicate . But public key encryption is better than shared key encryption , Its processing speed is slow .
The risk of eavesdropping ： The communication uses clear text ( No encryption ), Content may be bugged ;
Pretend to be a risk ： Do not verify the identity of the communicating party , So there's a chance of camouflage ;
Risk of tampering ： Can't prove the integrity of the message , So it may have been tampered with ;
Different ports ： Http And Http Use different connections , The ports are different , The former is 80, The latter is 443;
resource consumption ： and Http Communication compared with ,Https Communication will consume more due to encryption and decryption CPU And memory resources ;
expenses ： Https Communication requires Certificate , And certificate needs to buy from accrediting orgnaization commonly ;
The user enters a... In the browser https website , Then connect to server Of 443 port .
use HTTPS The server of the protocol must have a set of digital certificates , You can make it yourself , You can also apply to the organization , The difference is that the certificate issued by itself needs to be verified by the client , To continue to visit , The certificate applied by the trusted company will not pop up a prompt page .
This set of certificates is actually a pair of public key and private key , Think of it as a key and a lock , Only you are the only one in the world who has this key , You can give the lock to someone else , Others can use this lock to lock up important things , And send it to you , Because you alone have the key , So only you can see what's locked up .
This certificate is actually the public key , It's just a lot of information , Such as the certification authority , Expiration time, etc .
By client TLS To complete , First, it will verify whether the public key is valid , For example, the issuing authority , Expiration time, etc . If an exception is found , A warning box will pop up , There is a problem with the certificate .
If the certificate is OK , So we're going to generate a random value , The random value is then encrypted with a certificate , As it says , Lock the random value with the lock , So unless there's a key , Otherwise, we can't see the locked content .
Random value encrypted with certificate , The purpose is to let the server get the random value , After that, the communication between the client and the server can be encrypted and decrypted through this random value .
After the server decrypts with the private key , Get the random value from the client ( Private key ), The content is then symmetrically encrypted with this value , Symmetric encryption is , Mix information and private key together by some algorithm , So unless you know the private key , Otherwise, we can't get the content , And both the client and the server know the private key , So as long as the encryption algorithm is strong enough , The private key is complex enough , Data is safe enough .
The information encrypted by the private key in the service segment , Can be restored on the client side .
The client uses the previously generated private key to decrypt the information from the service segment , So we get the decrypted content , In the whole process, even if the third party listens to the data , Can't decrypt information .
HTTPS The agreement shakes hands many times , The loading time of the page is prolonged by nearly 50%;
HTTPS Connection caching is not as good as HTTP Efficient , Will increase data overhead and power consumption ;
SSL The security algorithms involved will consume CPU resources , It consumes a lot of server resources ;
PS： Because the official account platform changed the push rules. , If you don't want to miss the content , Remember to click after reading “ Looking at ”, Add one “ Star standard ”, In this way, each new article push will appear in your subscription list for the first time . spot “ Looking at ” Support us ！
版权声明：本文为[Java confidant_]所创，转载请带上原文链接，感谢。 https://qdmana.com/2022/174/202206231747131715.html