hhtps:HTTPS(全称:Hyper Text Transfer Protocol over Secure Socket Layer),是以安全为目标的 HTTP通道,简单讲是HTTP的安全版,即HTTP下加入SSL层,HTTPS的安全基础是SSL,因此加密的详细内容就需要SSL。一般用于解决信任主机、通讯过程中的数据的泄密和被篡改等问题。
http:全称是Hypertext Transfer Protocol Vertion (超文本传输协议),说通俗点就是用网络链接传输文本信息的协议,
所以http和https之间的区别就在于其传输的内容是否加密和是否是开发性的内容。
HTTPS和HTTP的区别:
https协议需要到ca申请证书,一般免费证书很少,需要交费。
http是超文本传输协议,信息是明文传输,https 则是具有安全性的ssl加密传输协议。
http和https使用的是完全不同的连接方式用的端口也不一样,前者是80,后者是443。
http的连接很简单,是无状态的。
HTTPS协议是由SSL+HTTP协议构建的可进行加密传输、身份认证的网络协议,要比http协议安全。
相关详细信息参考:https://blog.csdn.net/zmx729618/article/details/51372659
XmlManager.java
import java.io.BufferedReader;import java.io.BufferedWriter;import java.io.DataOutputStream;import java.io.File;import java.io.FileInputStream;import java.io.FileWriter;import java.io.FilenameFilter;import java.io.IOException;import java.io.InputStream;import java.io.InputStreamReader;import java.io.PrintWriter;import java.net.URL;import java.util.ArrayList;import java.util.Date;import java.util.HashMap;import java.util.List;import java.util.Map;import javax.net.ssl.HostnameVerifier;import javax.net.ssl.SSLContext;import javax.net.ssl.SSLSession;import javax.net.ssl.SSLSocketFactory;import javax.net.ssl.TrustManager;import javax.net.ssl.HttpsURLConnection;import net.sf.json.JSONObject;public class XmlManager {public static String httpurlconnection(Map map,String httpurls){try {//创建SSLContextSSLContext sslContext=SSLContext.getInstance("SSL");TrustManager[] tm={new MyX509TrustManager()};//初始化 sslContext.init(null, tm, new java.security.SecureRandom());//获取SSLSocketFactory对象SSLSocketFactory ssf=sslContext.getSocketFactory();URL url=new URL(httpurls);HttpsURLConnection conn=(HttpsURLConnection) url.openConnection();//设置是否进行主机名确认(类中类)conn.setHostnameVerifier(new TrustAnyHostnameVerifier());//设置当前实例使用的SSLSocketFactory ?conn.setSSLSocketFactory(ssf);conn.setRequestMethod("POST");//连接方式为postconn.setDoOutput(true);//设置是否向urlConn输出,因为是post请求,参数要放在http正文内,因此需要设置为true,默认情况下为falseconn.setDoInput(true);//设置是否从urlConn读入,默认情况下为true conn.setRequestProperty("Content-Type","application/json;charset=UTF-8");//设置参数格式conn.setUseCaches(false);conn.connect();//往服务器写内容if(null!=map){DataOutputStream os=new DataOutputStream(conn.getOutputStream());JSONObject json=JSONObject.fromObject(map);os.writeBytes(json.toString());System.err.println("json.toString()"+json.toString());os.flush();os.close();}//读取服务器端返回的内容InputStream is=conn.getInputStream();InputStreamReader isr=new InputStreamReader(is, "utf-8");BufferedReader br=new BufferedReader(isr);String json=br.readLine();return json;} catch (Exception e) {System.err.println(e.getMessage());// TODO: handle exceptionreturn null;}}//类中类 作用:是否进行主机名确认。True 通过,false不通过public static class TrustAnyHostnameVerifier implements HostnameVerifier{public boolean verify(String arg0, SSLSession arg1) {// TODO Auto-generated method stub
//设置为true,相当于不进行主机确认,具有一定的不安全性return true;}}}MyX509TrustManager.java
import java.security.cert.CertificateException;import java.security.cert.X509Certificate;import javax.net.ssl.X509TrustManager;public class MyX509TrustManager implements X509TrustManager{public void checkClientTrusted(X509Certificate[] arg0, String arg1)throws CertificateException {// TODO Auto-generated method stub}public void checkServerTrusted(X509Certificate[] arg0, String arg1)throws CertificateException {// TODO Auto-generated method stub}public X509Certificate[] getAcceptedIssuers() {// TODO Auto-generated method stubreturn null;}}
HTTPS请求
原文地址:https://www.cnblogs.com/ttqi/p/10437240.html