A Multi-threaded HTTP/1.1 server built from scratch using low-level Java socket programming. This project demonstrates a deep understanding of the HTTP protocol, concurrent programming, and network security fundamentals.
- βοΈ Multi-threaded Architecture: Utilizes a fixed-size thread pool to handle multiple concurrent client connections efficiently.
- π HTTP/1.1 Protocol Support: Parses and handles
GETandPOSTrequests, with proper error handling for other methods (405 Method Not Allowed). - π Static & Binary File Serving: Serves
.htmlfiles for in-browser rendering and other types (.png,.jpg,.txt) as downloadable binaries. - π JSON Data Processing: Accepts
POSTrequests withapplication/json, validates the payload, and saves it to a file, returning a201 Createdresponse. - π‘οΈ Security Hardening: Implements Path Traversal protection and mandatory Host header validation.
- π Connection Management: Supports persistent connections via
Connection: keep-alivewith idle timeouts and request limits. - π Comprehensive Logging: Detailed, timestamped logs for all server activities, managed by a dedicated
Loggerclass. - π§ͺ Interactive Test Suite: Built-in web interface for testing all server endpoints and features.
The project is organized into a standard Maven layout, separating application logic, resources, and tests.
Http_server/
βββ pom.xml
βββ src/
β βββ main/
β β βββ java/
β β β βββ dto/
β β β β βββ HttpRequest.java # Data Transfer Object for requests
β β β βββ enums/
β β β β βββ Method.java # Enum for HTTP methods
β β β βββ handlers/
β β β β βββ ClientHandler.java # Handles individual client connections
β β β β βββ RequestHandler.java # Parses and validates requests
β β β β βββ ResponseHandler.java # Constructs and sends HTTP responses
β β β βββ helpers/
β β β β βββ Client.java # Wrapper for client socket and streams
β β β β βββ Logger.java # Centralized logging utility
β β β βββ server/
β β β β βββ Server.java # Main server loop and thread pool management
β β β βββ Main.java # Application entry point
β β βββ resources/
β β βββ uploads/ # Directory for POST uploads
β β βββ about.html # Sample HTML page
β β βββ contact.html # Sample HTML page
β β βββ index.html # Default home page
β β βββ test.html # Interactive test suite
β β βββ logo.png # Sample PNG image
β β βββ photo.jpg # Sample JPEG image
β β βββ sample.txt # Sample text file
β βββ test/
β βββ test_server.ps1 # PowerShell test script
βββ logs/ # Server logs directory
βββ README.md
- Java Development Kit (JDK) 11 or newer
- Apache Maven
- Git
-
Clone the repository:
git clone https://github.com/yamiSukehiro2907/Http_server.git cd Http_server -
Build the project using Maven: This command compiles the source code and packages it into a runnable JAR.
mvn clean package
-
Run the server:
- To run with default settings (
127.0.0.1:8080, 10 threads):java -cp target/myartifactid-0.0-SNAPSHOT.jar Main
- To run with custom settings (e.g., port 8000, any host, 20 threads):
java -cp target/myartifactid-0.0-SNAPSHOT.jar Main 8000 0.0.0.0 20
- To run with default settings (
Once the server is running, you can interact with it using multiple methods.
The easiest way to test all server features is through the built-in web interface:
-
Start the server:
java -cp target/myartifactid-0.0-SNAPSHOT.jar Main
-
Open your browser and navigate to:
http://127.0.0.1:8080/test.html -
Interactive Test Suite Features:
- β GET Requests: Test HTML pages, image downloads, and text files
- β POST Requests: Upload JSON data with editable text areas
- β Error Cases: Test 404, 405, 415, and 400 error responses
- π Security Tests: Verify path traversal protection
- π Live Response Display: View status codes, headers, and response bodies in real-time
The test interface provides a beautiful, user-friendly way to verify that all server features are working correctly.
For command-line testing, you can use curl:
-
Get HTML page:
curl -v http://localhost:8080/index.html
-
Download a binary file:
curl -v http://localhost:8080/logo.png --output downloaded_logo.png
-
Send a POST request with JSON data:
curl -v -X POST http://localhost:8080/upload \ -H "Content-Type: application/json" \ -H "Host: localhost:8080" \ -d '{"message": "Testing POST request"}'
-
Test path traversal protection:
curl -v http://localhost:8080/../etc/passwd
-
Test unsupported method:
curl -v -X PUT http://localhost:8080/index.html
Use Apache Bench (ab) to simulate concurrent connections and test server performance:
ab -n 1000 -c 50 http://localhost:8080/index.htmlThis command sends 1000 requests with 50 concurrent connections.
You can also use the test_server.ps1 PowerShell script located in the src/test directory for automated testing
scenarios.
The Server.java class initializes a fixed-size thread pool using ExecutorService. It runs an infinite loop to accept
incoming TCP
connections. Each accepted client Socket is wrapped in a Client object and added to a LinkedBlockingQueue. A
separate queue processor thread continuously dequeues clients and submits them to the thread pool for processing.
Key Design Benefits:
- Decouples connection acceptance from request processing
- Prevents thread exhaustion through pool size limits
- Graceful handling of connection spikes through request queuing
- Efficient resource utilization with thread reuse
For each client connection, a ClientHandler instance is executed by a worker thread. The process is as follows:
- Read & Parse:
ClientHandlerreads the raw HTTP request from the socket's input stream using aBufferedReader. - Validation:
RequestHandlerparses the raw string into a structuredHttpRequestDTO. It validates:- Request format and HTTP version
- HTTP method (GET/POST only)
- Required headers (especially
Host) - Path safety (prevents directory traversal)
- Content-Type for POST requests
- Dispatch: Based on the HTTP method,
ClientHandlerproceeds:- GET: Serves static HTML files or binary files (images, text) from the
resourcesdirectory - POST: Validates JSON payload, generates unique filename, and saves to
uploadsdirectory
- GET: Serves static HTML files or binary files (images, text) from the
- Response:
ResponseHandlerconstructs the appropriate HTTP response with proper status codes:200 OK- Successful GET201 Created- Successful POST400 Bad Request- Malformed request or invalid JSON403 Forbidden- Path traversal or host mismatch404 Not Found- Resource doesn't exist405 Method Not Allowed- Unsupported HTTP method415 Unsupported Media Type- Wrong Content-Type or file type500 Internal Server Error- Server-side errors
-
Path Traversal Protection:
RequestHandlervalidates all requested paths before file access:- Blocks
..,./,//, and URL-encoded variants - Canonicalizes paths using Java's
Path.normalize() - Ensures resolved paths stay within
resourcesdirectory - Returns
403 Forbiddenfor any violations
- Blocks
-
Host Header Validation:
- All HTTP/1.1 requests must include a valid
Hostheader - Server validates the header matches its own address
- Accepts
localhost,127.0.0.1, or0.0.0.0variations - Returns
400 Bad Requestif missing,403 Forbiddenif mismatched
- All HTTP/1.1 requests must include a valid
-
Request Size Limiting:
- Maximum request size enforced at 8192 bytes
- Prevents memory exhaustion attacks
-
Input Validation:
- JSON validation using Google's Gson library
- File type restrictions (only HTML, TXT, PNG, JPG/JPEG)
- Content-Type verification for POST requests
The server can be configured via command-line arguments:
java -cp target/myartifactid-0.0-SNAPSHOT.jar Main [port] [host] [thread_pool_size]Parameters:
port: The port number to bind to. (Default:8080)host: The host address to bind to. (Default:127.0.0.1)thread_pool_size: The number of worker threads. (Default:10)
Examples:
# Default configuration
java -cp target/myartifactid-0.0-SNAPSHOT.jar Main
# Custom port
java -cp target/myartifactid-0.0-SNAPSHOT.jar Main 9000
# Bind to all interfaces
java -cp target/myartifactid-0.0-SNAPSHOT.jar Main 8080 0.0.0.0
# Custom port, host, and 20 threads
java -cp target/myartifactid-0.0-SNAPSHOT.jar Main 8000 0.0.0.0 20Use the interactive test interface at http://127.0.0.1:8080/test.html to verify:
- β GET / β Serves index.html
- β GET /about.html β Serves HTML page
- β GET /logo.png β Downloads PNG as binary
- β GET /photo.jpg β Downloads JPEG as binary
- β GET /sample.txt β Downloads text file as binary
- β POST /upload (JSON) β Creates file, returns 201
- β GET /nonexistent.html β Returns 404
- β PUT /index.html β Returns 405
- β DELETE /file.txt β Returns 405
- β POST /upload (XML) β Returns 415
- β POST /upload (invalid JSON) β Returns 400
- β GET /document.pdf β Returns 415
- π GET /../etc/passwd β Returns 403
- π GET /../../sensitive.txt β Returns 403
- π GET //etc/hosts β Returns 403
Vimal Kumar
- GitHub: @yamiSukehiro2907
This project was built as part of a Computer Networks assignment to demonstrate understanding of:
- Low-level socket programming
- HTTP/1.1 protocol implementation
- Multi-threaded server architecture
- Network security best practices
- Concurrent programming patterns