HTTP 6-1
HTTP Web Web RFC2616 HTTP/1.1 Web Apache Tomcat (Servlet ) XML Xindice Tomcat 6-2
HTTP ( ) ( ) (GET, POST ) (Host ) Tomcat Servlet Examples / Request Headers ( ) (200, 404 ) (Content-Type ) 6-3
Web CGI : Perl Servlet : Java JavaScript, Java Applet, Flash Ajax Web Service 6-4
HTTP Tomcat HTTP GET POST HTTP/1.1 Cookie 6-5
GET Servlet Examples / Hello World $ telnet localhost 8080 GET /servlets-examples/servlet/helloworldexample HTTP/1.0 HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Content-Type: text/html;charset=iso-8859-1 Content-Length: 359 Date: Tue, 10 May 2005 15:17:23 GMT Connection: close <html> <head> <title>hello World!</title> </head> <body bgcolor="white">... <h1>hello World!</h1> </body> </html> 6-6
GET ( ) JSP Examples / JSP 2.0 Examples / Functions? foo=jsp+2.0 $ telnet localhost 8080 GET /jsp-examples/jsp2/el/functions.jsp?foo=jsp+2.0 HTTP/1.0 HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Set-Cookie: JSESSIONID=B80F0DBAA37E4A36A4BB043C3B0A69D8; Path=/jsp-examples Content-Type: text/html;charset=iso-8859-1 Content-Length: 1803 Date: Tue, 10 May 2005 15:33:48 GMT Connection: close... <html> <head> <title>jsp 2.0 Expression Language - Functions</title>... </html> 6-7
POST Servlet Examples / Request Parameters Content-Type, Content-Length $ telnet localhost 8080 POST /servlets-examples/servlet/requestparamexample HTTP/1.0 Content-Type: application/x-www-form-urlencoded Content-Length: 24 firstname=ab&lastname=cd HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Content-Type: text/html;charset=iso-8859-1 Content-Length: 675 Date: Tue, 10 May 2005 14:53:00 GMT Connection: close <html>... </html> 6-8
HTTP/1.1 $ telnet localhost 8080 GET /servlets-examples/servlet/helloworldexample HTTP/1.1 Host: localhost:8080 <-- (HTTP/1.1 ) Connection: close <-- ( Keep-Alive) HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Content-Type: text/html;charset=iso-8859-1 Content-Length: 359 Date: Tue, 10 May 2005 15:17:23 GMT Connection: close <html> <head> <title>hello World!</title> </head> <body bgcolor="white">... <h1>hello World!</h1> </body> </html> 6-9
GET <form method="get" action="http://localhost:8080/jsp-examples/jsp2/el/functions.jsp"> foo <input type="text" name="foo"> <input type="submit" value="submit"> </form> Web JSP 2.0 Submit GET /jsp-examples/jsp2/el/functions.jsp?foo=jsp+2.0 HTTP/1.1 Host: localhost:8080... 6-10
POST <form method="post" action="http://localhost:8080/servlets-examples/servlet/requestparamexample"> firstname <input type="text" name="firstname"> lastname <input type="text" name="lastname"> <input type="submit" value="submit"> </form> Web ab, cd Submit POST /servlets-examples/servlet/requestparamexample HTTP/1.1 Host: localhost:8080... Content-Type: application/x-www-form-urlencoded Content-Length: 24 firstname=ab&lastname=cd... 6-11
Cookie Web Web (RFC2109, RFC2965 ) Cookie 4KB 20 Cookie Cookie (1) (2) Set-Cookie Cookie (3) Cookie ( ) (4) ( ) Cookie Cookie 6-12
Cookie ( ) Set-Cookie NAME=VALUE : Cookie expires : Cookie ( ) domain : Cookie path : Cookie secure : https Cookie NAME=VALUE : Cookie 6-13
Apache httpd.conf.htaccess IP Order deny,allow Deny from all Allow from 133.30 Allow from 150.84 Tomcat server.xml context.xml IP <Context path="/xindice" docbase="xindice" debug="0" reloadable="true"> <Valve classname="org.apache.catalina.valves.remoteaddrvalve" allow="^127\.0\.0\.1$"/> </Context> 6-14
HTTP Basic Digest (RFC2617) Basic HTTP ID (BASE64) SSL (https) Digest Web 6-15
Basic WWW-Authenticate WWW-Authenticate: Basic realm=" " ID ID BASE64 Authorization Web Authorization 6-16
Digest WWW-Authenticate WWW-Authenticate (nonce ) ID (cnonce) nonce, cnonce, MD5 cnonce, Authorization nonce, cnonce, Web 6-17
REFERER REFERER URI REFERER HTML XSS ( ) 6-18
Tomcat Web telnet XSS 6-19