Where are we now?

: DAW

Desarrollo de aplicaciones web

HTTP

Prof. Ing. Carmen Vaca

ESPOL - FIEC

Reference

• Computer networking, Jim Kurose, Keith Ross

Addison-Wesley, July 2004.
• David Matuszek slides, Programming Languages,
University of Pensylvania
Desarrollo de aplicaciones web

HTTP

Prof. Ing. Carmen Vaca

ESPOL - FIEC

1
 HTTP overview HTTP message

HTTP: hypertext transfer • HTTP message

protocol – Request or Response
• Web’s application layer
protocol PC running
• client/server model Explorer • Each HTTP message, whether a request or a
– client: browser that response has three parts:
response,
requests, receives,
“displays” Web objects Server
1. The request or the response line
– server: Web server running 2. A header section
sends objects in Apache Web
response to requests
server 3. The body of the message
• HTTP 1.0: RFC 1945 Mac running
• HTTP 1.1: RFC 2068 Navigator

Prof. Ing. Carmen Vaca Prof. Ing. Carmen Vaca

ESPOL - FIEC ESPOL - FIEC

HTTP message: Header section HTTP Request message: 1st line, headers, body
• Principal HTTP Methods for HTTP request
• HTTP uses same format for requests and – GET
responses. – POST
• One line for each header.
– Header-Name: value • HTTP request message:
– ASCII (human-readable format)
request line
l
• No case-sensitive (GET, POST,
HEAD commands)
GET /somedir/page.html HTTP/1.1
– Header1: value 1, value 2 Host: www.someschool.edu
User-agent: Mozilla/4.0
– HEADER1: value 1, value 2 header Connection: close
lines
Accept-language:fr

Carriage return,
line feed (extra carriage return, line feed)
indicates end
of message
Prof. Ing. Carmen Vaca Prof. Ing. Carmen Vaca
ESPOL - FIEC ESPOL - FIEC

2
 Parameters for HTTP Request HTTP and HTML Forms

• Query string • <form>

– ?param1=value1&param2=value2&... – action – URL of the server-side program that
process the submitted form data
– method – GET or POST
– enctype
• Form data • multipart/form-data
lti t/f d t
– for file uploading
Give me some space!
– require POST
In most HTTP requests, the escape sequence %20 is used to
represent a single space.
So the text "Live Together, Die Alone"
is sent over HTTP as
Live%20Together,%20Die%20Alone

Prof. Ing. Carmen Vaca Prof. Ing. Carmen Vaca

ESPOL - FIEC ESPOL - FIEC

Request Message Headers HTTP Response message: 1st line, headers, body

• Accept: type/subtype, type/subtype, ...

– Specifies media types that the client prefers to accept status line
(protocol
• Accept-Language: en, fr, de status code HTTP/1.1 200 OK
– Preferred language (For example: English, French, status phrase) Connection close
German) Date: Thu, 06 Aug 1998 12:00:15 GMT
Server: Apache/1.3.0 (Unix)
• User-Agent:
g string
g header
Last-Modified:
Last Modified: Mon
Mon, 22 Jun 1998 …...
li
lines
– The browser or other client program sending the request Content-Length: 6821
Content-Type: text/html
• From: dave@acm.org
– Email address of user of client program data, e.g., data data data data data ...
requested
• Cookie: name=value HTML file
– Information about a cookie for that URL
– Multiple cookies can be separated by commas

Prof. Ing. Carmen Vaca Prof. Ing. Carmen Vaca

ESPOL - FIEC ESPOL - FIEC

3
 HTTP response status codes (common) Common HTTP 1.1 Response Headers
• 200 OK
– Everything worked, here’s the data
• Cache-Control (1.1) and Pragma (1.0)
• 301 Moved Permanently
– URI was moved, but here’s the new address for your records – A no-cache value prevents browsers from caching page.
• 302 Moved temporarily • Content-Disposition
– URL temporarily out of service, keep the old one but use this one
for now – Lets you request that the browser ask the user to save the
response to disk in a file of the given name
Content-Disposition: attachment; filename=file-
• 400 Bad Request name
– There is a syntax error in your request
• 403 Forbidden
• Content-Encoding
– You can’t do this, and we won’t tell you why – The way document is encoded. See earlier compression
• 404 Not Found example
– No such document • Content-Length
• 408 Request Time-out, 504 Gateway Time-out
– Request took too long to fulfill for some reason
– The number of bytes in the response.

Prof. Ing. Carmen Vaca Prof. Ing. Carmen Vaca

ESPOL - FIEC ESPOL - FIEC

Common HTTP 1.1 Response Headers (Continued) HTTP: Request-Response (together)

• Content-Type
– The MIME type of the document being returned.
– Use setContentType to set this header.

• Expires
– The time at which document should be considered out-of-
date and thus should no longer be cached.
– Use setDateHeader to set this header.

• Last-Modified
– The time document was last changed.

Prof. Ing. Carmen Vaca Prof. Ing. Carmen Vaca

ESPOL - FIEC ESPOL - FIEC

4
 A Servlet That Redirects Users
HTTP Request/Response (together) to Browser-Specific Pages

• Another one
public class WrongDestination extends HttpServlet {
public void doGet(HttpServletRequest request,
GET /index.html HTTP/1.0 HTTP/1.0 200 OK HttpServletResponse response)
Host: www.anyhost.com Last-Modified: Mon, 20 Dec 1999 … throws ServletException, IOException {
Date: Tue
Tue, 11 Jan 2002 … String
g userAgent
g = request.getHeader("User-Agent");
q g ( g );
User-Agent : Mozilla/4.5 [en] (WinNT; I)
if ((userAgent != null) &&
Status: 200
Accept : image/gif, image/jpeg, */* (userAgent.indexOf("MSIE") != -1)) {
Content-Type: text/html
Accept-language : en response.sendRedirect("http://www.sun.com");
Servlet-Engine: Tomcat Web Server } else {
Accept-charset : iso-8859-1, *, utf-8 Content-Length: 59 response.sendRedirect("http://www.microsoft.com");
}
<html> }
… }
</html>
Prof. Ing. Carmen Vaca Prof. Ing. Carmen Vaca
ESPOL - FIEC ESPOL - FIEC

Problems Cookies

• HTTP is connectionless • Mechanism to store and retrieve information in

• Stateless client side.
• No user-tracking

• State information
Compras: item seleccionados
• Alternatives – Example?
– Cookies Preferencias del usuario

– HTTP-Authentication
– Hidden fields • It can be send with headers HTTP, so that the
client can store it.

Prof. Ing. Carmen Vaca Prof. Ing. Carmen Vaca

ESPOL - FIEC ESPOL - FIEC

5
 Cookies (cont.) Cookies (cont.)

• Any future requests should transmit the current • Sintaxis del header HTTP Set-Cookie
state. Set-Cookie: NAME=VALUE; expires=DATE;
path=PATH; domain=DOMAIN_NAME; secure

• Set-Cookie header

Prof. Ing. Carmen Vaca Prof. Ing. Carmen Vaca

ESPOL - FIEC ESPOL - FIEC

Setting Status Codes ( in a servlet !)

Would you use request or response ?

• response.setStatus(int statusCode)
– Use a constant for the code, not an explicit int.
– Constants are in HttpServletResponse
– Names derived from standard message.
Desarrollo de aplicaciones web E.g., SC_OK, SC_NOT_FOUND, etc.

• response.sendError(int code, String message)

– Wraps message inside small HTML document
HTTP headers fo real work
• response.sendRedirect(String url)
– Sets status code to 302
– Sets Location response header also

Prof. Ing. Carmen Vaca

ESPOL - FIEC

6
 Setting Response Headers Common MIME Types
Type Meaning
• response.setHeader(String headerName, application/msword Microsoft Word document
String headerValue) application/octet-stream Unrecognized or binary data
application/pdf Acrobat (.pdf) file
– Sets an arbitrary header application/postscript PostScript file
application/vnd.ms-excel Excel spreadsheet
application/vnd.ms-powerpoint Powerpoint presentation
application/x-gzip Gzip archive
application/x-java-archive JAR file
application/x-java-vm Java bytecode (.class) file
application/zip Zip archive
audio/basic Sound file in .au or .snd format
audio/x-aiff
di / iff AIFF sound d file
fil
audio/x-wav Microsoft Windows sound file
audio/midi MIDI sound file
text/css HTML cascading style sheet
text/html HTML document
text/plain Plain text
text/xml XML document
image/gif GIF image
image/jpeg JPEG image
image/png PNG image
image/tiff TIFF image
video/mpeg MPEG video clip
video/quicktime QuickTime video clip

Prof. Ing. Carmen Vaca Prof. Ing. Carmen Vaca

ESPOL - FIEC ESPOL - FIEC

Building Excel Spreadsheets Building Excel Spreadsheets

public class ApplesAndOranges extends HttpServlet {

public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
response.setContentType
("application/vnd.ms-excel");
PrintWriter out = response.getWriter();
out.println("\tQ1\tQ2\tQ3\tQ4\tTotal");
out.println
("Apples\t78\t87\t92\t29\t=SUM(B2:E2)");
out.println
("Oranges\t77\t86\t93\t30\t=SUM(B3:E3)");
}
}
Prof. Ing. Carmen Vaca Prof. Ing. Carmen Vaca
ESPOL - FIEC ESPOL - FIEC

7
 Same Origin policy Cache control

• The Same Origin Policy • Cache Control

• An origin is considered a single domain, such as – Browser cache
www.wrox.com, accessed through a single
protocol, most often HTTP.
• Header Cache-Control: no-cache
g policy
• The same origin p y states that any
yppage
g – Data coming
g from the specific
p URL.
loaded from this origin may access, download,
and interact with (using JavaScript) any other
resource from the same origin.

• Server-side proxy to handle the communication

Prof. Ing. Carmen Vaca Prof. Ing. Carmen Vaca

ESPOL - FIEC ESPOL - FIEC

Tarea: Deben mostrarla como parte del proyecto

• Genere información para Excel. Su programa debe

usar headers HTTP como:
– Content-disposition

• R
Referencia
f i
• http://www.javaworld.com/javaworld/javatips/jw-
javatip94.html
• Pueden usar ASP.Net
– Article ASP.Net 2.0: Export GridView to Excel
By Dipal Choksi November 06, 2006

Prof. Ing. Carmen Vaca

ESPOL - FIEC