Java confidant_ 2022-06-23 18:40:16 阅读数:533
Click on the official account , Practical technical articles Know in time
Hypertext transfer protocol (Hyper Text Transfer Protocol
,HTTP) It's a simple request - Response protocol , It is based on TCP Application layer transport protocol . It specifies what messages the client may send to the server and what response it will get .
HTTP It's a kind of statelessness (stateless) agreement , HTTP The protocol itself does not persist the communication state of the sent request and response . The purpose of this is to keep HTTP The simplicity of the agreement , So that a large number of transactions can be processed quickly , Increase of efficiency .
HTTP The request body is the data sent to the server when requesting data , After all, get data from the server , First show me how to , And what you want !
HTTP Request body by : Request line 、 Request header 、 The request body consists of .
GET
: Used to request access has been URI( Uniform resource identifiers ) Identified resources , Can pass URL Pass the parameters to the server .
POST
: Used to transmit information to the server , Main functions and GET The method is similar to , But it is generally recommended to use POST The way .
PUT
: Transfer files , The message body contains the contents of the file , Save to the corresponding URI Location .
HEAD
: Get the message header , And GET The method is similar to , Just don't return the message body , Generally used to verify URI Whether it works .
DELETE
: Delete file , And PUT Contrary to the method , Delete the corresponding URI Location file .
OPTIONS
: The query corresponds to URI Supported by HTTP Method .
# Method URL Version Request line
POST /httpLearn/postRequest HTTP/1.1
# Request Header Request header
Host: 127.0.0.1:8080
User-Agent: apifox/1.0.0 (https://www.apifox.cn)
Content-Length: 126
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW
# Request Message Request body
----WebKitFormBoundary7MA4YWxkTrZu0gW
Content-Disposition: form-data; name="param"
post
----WebKitFormBoundary7MA4YWxkTrZu0gW
Get The request has no body
# Method URL Version Request line
GET /httpLearn/getRequest?param=123 HTTP/1.1
# Request Header Request header
Host: 127.0.0.1:8080
User-Agent: apifox/1.0.0 (https://www.apifox.cn)
GET And POST They are the two kinds we usually use HTTP Method, The differences between them mainly include the following five aspects :
In terms of function ,GET Generally used to get resources from the server ,POST Generally used to update resources on the server ;
from REST In terms of service ,GET Idempotent , That is, reading the same resource , Always get the same data , and POST Not idempotent , Because every request for a change to a resource is not the same ;
In terms of the request parameter form ,GET The requested data is attached URL after , Place request data in HTTP In the request header of the message , With ? Division URL And transmit data , Between parameters & Connected to a ; and POST The request will place the submitted data at yes HTTP In the request body of the request message .
From the safety point of view ,POST It's safer than GET High security , because GET The data requested to be submitted will appear in clear text at URL On , and POST request Parameters are wrapped in the request body , Relatively safer .
From the size of the request ,GET The length of the request is limited by the browser or server pair URL Length limitation , The amount of data allowed to be sent is relatively small , and POST The request has no size limit .
HTTP Response message of Is the data returned by the server , There must be a requester before a response message .
HTTP The response message is sent by : Status line 、 Response head 、 Response body
form .
1xx( Temporary response ): Information , The server receives the request , Requester is required to continue ;
2xx( success ): Operation received and processed successfully ;
3xx( Redirect ): Further action is required to complete the request ;
4xx( Client error ): The request contains a syntax error or could not be completed ;
5xx( Server error ): The server encountered an error while processing the request ;
# Version Response Code Status line
HTTP/1.1 200 OK
# Response Header Response head
Content-Type:text/plain;charset=UTF-8
Content-Length:31
Date:Wed, 19 Jan 2022 11:37:00 GMT
Keep-Alive:timeout=60
Connection:keep-alive
# Response Message Response body
post request is ok,param = post
When we're in web Enter... In the browser's address bar :
www.baidu.com
, And then go back , What happened ?
By domain name → IP Address seek IP The process of the address goes through the browser cache in turn 、 System cache 、hosts file 、 Router cache 、 Recursively search the root DNS server (DNS analysis ).
establish TCP/IP Connect ( The specific process of three handshakes ).
The browser sends a HTTP request .
Forwarding through router , Through the server's firewall , The HTTP The request reached the server .
The server handles the HTTP request , Return to one HTML file .
The browser parses the HTML file , And it's on the browser side .
Server down TCP Connect ( The specific process of four waves ).
HTTP The protocol runs in TCP above , Plaintext transmission , Neither the client nor the server can verify the identity of each other .Https It's through SSL(Secure Socket Layer
, Secure socket layer ) or TLS(Transport Layer Security
, Security layer transport protocol ) Combined use of , encryption HTTP The content of the communication . It belongs to communication encryption , That is, encrypt... In the whole communication line .
HTTPS Use shared key encryption ( symmetry ) And public key encryption ( Asymmetric ) A hybrid encryption mechanism for both . If the key can be exchanged safely , Then it is possible to consider using only public key encryption to communicate . But public key encryption is better than shared key encryption , Its processing speed is slow .
The risk of eavesdropping : The communication uses clear text ( No encryption ), Content may be bugged ;
Pretend to be a risk : Do not verify the identity of the communicating party , So there's a chance of camouflage ;
Risk of tampering : Can't prove the integrity of the message , So it may have been tampered with ;
Different ports : Http And Http Use different connections , The ports are different , The former is 80, The latter is 443;
resource consumption : and Http Communication compared with ,Https Communication will consume more due to encryption and decryption CPU And memory resources ;
expenses : Https Communication requires Certificate , And certificate needs to buy from accrediting orgnaization commonly ;
The user enters a... In the browser https website , Then connect to server Of 443 port .
use HTTPS The server of the protocol must have a set of digital certificates , You can make it yourself , You can also apply to the organization , The difference is that the certificate issued by itself needs to be verified by the client , To continue to visit , The certificate applied by the trusted company will not pop up a prompt page .
This set of certificates is actually a pair of public key and private key , Think of it as a key and a lock , Only you are the only one in the world who has this key , You can give the lock to someone else , Others can use this lock to lock up important things , And send it to you , Because you alone have the key , So only you can see what's locked up .
This certificate is actually the public key , It's just a lot of information , Such as the certification authority , Expiration time, etc .
By client TLS To complete , First, it will verify whether the public key is valid , For example, the issuing authority , Expiration time, etc . If an exception is found , A warning box will pop up , There is a problem with the certificate .
If the certificate is OK , So we're going to generate a random value , The random value is then encrypted with a certificate , As it says , Lock the random value with the lock , So unless there's a key , Otherwise, we can't see the locked content .
Random value encrypted with certificate , The purpose is to let the server get the random value , After that, the communication between the client and the server can be encrypted and decrypted through this random value .
After the server decrypts with the private key , Get the random value from the client ( Private key ), The content is then symmetrically encrypted with this value , Symmetric encryption is , Mix information and private key together by some algorithm , So unless you know the private key , Otherwise, we can't get the content , And both the client and the server know the private key , So as long as the encryption algorithm is strong enough , The private key is complex enough , Data is safe enough .
The information encrypted by the private key in the service segment , Can be restored on the client side .
The client uses the previously generated private key to decrypt the information from the service segment , So we get the decrypted content , In the whole process, even if the third party listens to the data , Can't decrypt information .
HTTPS The agreement shakes hands many times , The loading time of the page is prolonged by nearly 50%;
HTTPS Connection caching is not as good as HTTP Efficient , Will increase data overhead and power consumption ;
SSL The security algorithms involved will consume CPU resources , It consumes a lot of server resources ;
recommend
Technical involution group , Learn together !!
PS: Because the official account platform changed the push rules. , If you don't want to miss the content , Remember to click after reading “ Looking at ”, Add one “ Star standard ”, In this way, each new article push will appear in your subscription list for the first time . spot “ Looking at ” Support us !
版权声明:本文为[Java confidant_]所创,转载请带上原文链接,感谢。 https://qdmana.com/2022/174/202206231747131715.html