HTTP can be defined as the basic application level protocol that is used on the internet in order to load webpages and links. It is used to transfer information between two machines (mostly in a client-server paradigm. An HTTP connection works on the basis of a request and response, typically a communication between a client and server goes by a client requests a webpage using an HTTP request while the server fetches and loads it using a secure method.
HTTP INTERCEPTOR
An angular HTTP interceptor is a service that intercepts each HTTP incoming and outgoing request on the host machine. The interceptor acts as an intermediate layer between the client and the server and intercepts all of the requests and response communication between the client and the server. HTTP interceptors are capable of reading the contents of the HTTP request and can also modify the requests and responses. The main reason we require the assistance of an Http interceptor is that it provides a location where all of the network functionalities can be applied simultaneously. The main reason Http interceptor can be useful is the following.
Interception
The requests to and from a server or a client can be monitored and controlled, plugins based on machine learning can be applied on the interceptor that would allow the user to monitor malicious requests for a denial of service attack or any other form of the scanning method. Using the HttpHandler function we can modify requests and responses of the Auth headers.
The HTTP responses can also be intercepted that are directed towards the host PC, using the pipe function we can flag any particular type of request coming from a malicious source when it gets marked, these responses would automatically get blocked. Furthermore, using the interceptor we can also convert the return XML data into JSON so that all of the data stays consistent.
Authentication
We can create an authentication service using the interception, it would allow the user to log in and out of the system and would retrieve a JSON token stored on the client’s system to determine whether the user can be authenticated or not. This can be done using the angular2-jwt. The authentication and the logging in the system are usually user-defined while the angular Interceptor is lodged in the backend of the system.
Unauthorized Responses
The interceptor can be used to handle multiple different types of token expiration responses, whenever a token gets expired or the user has to log in again, a 401 unauthorized response is generated from the server. This would enlighten the user to log back in again. The frequent refreshes of the web application are also done using the intercept method, in order to handle multiple different responses and send the appropriate response back.
Access Management
An interceptor can also be placed to restrict the access of users, if the application developed has multiple different roles, and has access to different data, identity access management can be done using the interceptor. By applying IAM on the web application the overall application-level data security can be enhanced.