Java interview HTTP and HTTPS protocols

First of all, let’s take a look at the interview questions of Alibaba and SF Express.

Alibaba interview questions: How much do you know about the HTTP protocol? What is the difference between HTTP and HTTPS? How is the security of HTTPS implemented?

SF Express Interview question: http explain

(Learning video sharing: java video tutorial)

The detailed answer is as follows:

1. Introduction to HTTP

HTTP protocol is the abbreviation of Hyper Text Transfer Protocol. The HTTP protocol works on a client-server architecture. As an HTTP client, the browser sends all requests to the HTTP server, that is, the WEB server, through the URL. The web server sends response information to the client based on the received request.
2. HTTP protocol characteristics
No connection: The meaning of no connection is to limit each connection to process only one request. After the server processes the client's request and receives the client's response, it disconnects. This method saves transmission time.
Stateless: The HTTP protocol is a stateless protocol. Stateless means that the protocol has no memory ability for transaction processing. The lack of status means that if subsequent processing requires the previous information, it must be retransmitted, which may result in an increase in the amount of data transferred per connection. On the other hand, the server responds faster when it does not need previous information.
3. HTTP status code
1xx: Instruction information – indicates that the request has been received, continue processing
2xx: Success – indicates that the request has been successfully received, Understand, accept
3xx: Redirect – further action must be taken to complete the request
4xx: Client error – the request has a syntax error or the request cannot be fulfilled
5xx: Server side error – the server failed to fulfill it Legal request
Common status codes:

200 OK                     //客户端请求成功400 Bad Request            //客户端请求有语法错误，不能被服务器所理解401 Unauthorized           //请求未经授权，这个状态代码必须和WWW-Authenticate报头域一起使用 403 Forbidden              //服务器收到请求，但是拒绝提供服务404 Not Found              //请求资源不存在，eg：输入了错误的URL500 Internal Server Error  //服务器发生不可预期的错误503 Server Unavailable     //服务器当前不能处理客户端的请求，一段时间后可能恢复正常

4. How HTTP works

The HTTP protocol defines how a Web client requests a Web page from a Web server, and how the server transmits the Web page to the client. The HTTP protocol uses a request/response model. The client sends a request message to the server. The request message contains the request method, URL, protocol version, request header and request data. The server responds with a status line that includes the protocol version, success or error code, server information, response headers, and response data.
The following are the steps for HTTP request/response:
1. Client connects to the Web server
An HTTP client, usually a browser, communicates with the Web server Establish a TCP socket connection to the server's HTTP port (80 by default). For example, http://www.baidu.con.
2. Send HTTP request
Through the TCP socket, the client sends a text request message to the Web server. A request message consists of the request line, It consists of 4 parts: request header, blank line and request data.
3. The server accepts the request and returns an HTTP response
The web server parses the request and locates the requested resource. The server writes a copy of the resource to the TCP socket, which is read by the client. A response consists of four parts: status line, response header, blank line and response data.
4. Release the connection TCP connection
If the connection mode is close, the server actively closes the TCP connection, and the client passively closes the connection and releases the TCP connection; if the connection mode is close If it is keepalive, the connection will be maintained for a period of time, and requests can continue to be received during this time;
5. The client browser parses the HTML content
Client browsing The server first parses the status line for a status code indicating whether the request was successful. Then each response header is parsed, and the response header tells the following HTML document of several bytes and the character set of the document. The client browser reads the response data HTML, formats it according to the syntax of HTML, and displays it in the browser window.
For example: type the URL in the browser address bar and press Enter, you will go through the following process:
1. The browser requests the DNS server to resolve the IP address corresponding to the domain name in the URL;
2 , after parsing the IP address, establish a TCP connection with the server based on the IP address and the default port 80;
3. The browser issues an HTTP request to read the file (the file corresponding to the part after the domain name in the URL), and the request reports The text is sent to the server as the data of the third message of the TCP three-way handshake;
4. The server responds to the browser request and sends the corresponding html text to the browser;
5. Release the TCP connection;
6. The browser will convert the html text and display the content;

(For more related interview questions, please visit: java interview questions and answers)

5. What is the difference between HTTP and HTTPS
HTTPS: It is an HTTP channel aimed at security. Simply put, it is a secure version of HTTP, that is, HTTP The SSL layer is added below. The security foundation of HTTPS is SSL, so the details of encryption require SSL.
The main functions of the HTTPS protocol can be divided into two types: one is to establish an information security channel to ensure the security of data transmission; the other is to confirm the authenticity of the website.
The main differences between HTTPS and HTTP are as follows:
1. The https protocol requires applying for a certificate from ca. Generally, there are fewer free certificates, so a certain fee is required.
2. http is a hypertext transfer protocol, and information is transmitted in plain text, while https is a secure SSL encrypted transmission protocol.
3. http and https use completely different connection methods and use different ports. The former is 80 and the latter is 443.
4. The http connection is very simple and stateless; the HTTPS protocol is a network protocol built from the SSL HTTP protocol that can perform encrypted transmission and identity authentication, and is more secure than the http protocol.
6. How is the security of HTTPS implemented?


(1) Customers use https URLs to access the web server. Requirements Establish an SSL connection with the web server.
(2) After receiving the client's request, the web server will transmit a copy of the website's certificate information (the certificate contains the public key) to the client.
(3) The client's browser and the Web server begin to negotiate the security level of the SSL connection, which is the level of information encryption.
(4) The client's browser establishes a session key based on the security level agreed by both parties, then uses the website's public key to encrypt the session key and transmits it to the website.
(5) The Web server uses its own private key to decrypt the session key.
(6) The web server uses the session key to encrypt the communication with the client.

Related recommendations: java introductory tutorial

The above is the detailed content of Java interview HTTP and HTTPS protocols. For more information, please follow other related articles on the PHP Chinese website!