Created
April 11, 2021 21:57
-
-
Save wsandin/016c8d43fe4c4a3a27ac2671f967e7b4 to your computer and use it in GitHub Desktop.
SimpleWebServer.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/*********************************************************************** | |
SimpleWebServer.java | |
This toy web server is used to illustrate security vulnerabilities. | |
This web server only supports extremely simple HTTP GET requests. | |
This file is also available at http://www.learnsecurity.com/ntk | |
***********************************************************************/ | |
import java.io.*; | |
import java.net.*; | |
import java.util.*; | |
public class SimpleWebServer { | |
/* Run the HTTP server on this TCP port. */ | |
private static int PORT = 8080; | |
/* The socket used to process incoming connections | |
from web clients */ | |
private static ServerSocket dServerSocket; | |
public SimpleWebServer () throws Exception { | |
dServerSocket = new ServerSocket (PORT); | |
} | |
public void run() throws Exception { | |
while (true) { | |
/* wait for a connection from a client */ | |
Socket s = dServerSocket.accept(); | |
/* then process the client's request */ | |
processRequest(s); | |
} | |
} | |
/* Reads the HTTP request from the client, and | |
responds with the file the user requested or | |
a HTTP error code. */ | |
public void processRequest(Socket s) throws Exception { | |
/* used to read data from the client */ | |
BufferedReader br = | |
new BufferedReader ( | |
new InputStreamReader (s.getInputStream())); | |
/* used to write data to the client */ | |
OutputStreamWriter osw = | |
new OutputStreamWriter (s.getOutputStream()); | |
/* read the HTTP request from the client */ | |
String request = br.readLine(); | |
String command = null; | |
String pathname = null; | |
/* parse the HTTP request */ | |
StringTokenizer st = | |
new StringTokenizer (request, " "); | |
command = st.nextToken(); | |
pathname = st.nextToken(); | |
if (command.equals("GET")) { | |
/* if the request is a GET | |
try to respond with the file | |
the user is requesting */ | |
serveFile (osw,pathname); | |
} | |
if (command.equals("PUT")) { | |
storeFile (br,osw,pathname); | |
} | |
else { | |
/* if the request is a NOT a GET, | |
return an error saying this server | |
does not implement the requested command */ | |
osw.write ("HTTP/1.0 501 Not Implemented\n\n"); | |
} | |
/* close the connection to the client */ | |
osw.close(); | |
} | |
public void serveFile (OutputStreamWriter osw, | |
String pathname) throws Exception { | |
FileReader fr=null; | |
int c=-1; | |
StringBuffer sb = new StringBuffer(); | |
/* remove the initial slash at the beginning | |
of the pathname in the request */ | |
if (pathname.charAt(0)=='/') | |
pathname=pathname.substring(1); | |
/* if there was no filename specified by the | |
client, serve the "index.html" file */ | |
if (pathname.equals("")) | |
pathname="index.html"; | |
/* try to open file specified by pathname */ | |
try { | |
fr = new FileReader (pathname); | |
c = fr.read(); | |
} | |
catch (Exception e) { | |
/* if the file is not found,return the | |
appropriate HTTP response code */ | |
osw.write ("HTTP/1.0 404 Not Found\n\n"); | |
return; | |
} | |
/* if the requested file can be successfully opened | |
and read, then return an OK response code and | |
send the contents of the file */ | |
osw.write ("HTTP/1.0 200 OK\n\n"); | |
while (c != -1) { | |
sb.append((char)c); | |
c = fr.read(); | |
} | |
osw.write (sb.toString()); | |
} | |
public void storeFile(BufferedReader br, | |
OutputStreamWriter osw, | |
String pathname) throws Exception { | |
FileWriter fw = null; | |
try { | |
fw = new FileWriter (pathname); | |
String s = br.readLine(); | |
while (s != null) { | |
fw.write (s); | |
s = br.readLine(); | |
} | |
fw.close(); | |
osw.write("HTTP/1.0 201 Created"); | |
} | |
catch (Exception e) { | |
osw.write ("HTTP/1.0 500 Internal Server Error"); | |
return; | |
} | |
} | |
/* This method is called when the program is run from | |
the command line. */ | |
public static void main (String argv[]) throws Exception { | |
int port = Integer.parseInt(argv[0]); | |
PORT = port; | |
/* Create a SimpleWebServer object, and run it */ | |
SimpleWebServer sws = new SimpleWebServer(); | |
sws.run(); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment