Colm Cooney
Reputation: 145
Spring Cloud Gateway Use predicate to check header authorization
Is it possible to use the predicate section of the spring cloud gateway config to check the header authorization, my goal is to have some basic auth on one or more endpoints
I'm using application.yml for route configuration
cloud:
gateway:
routes:
- id: serviceRoute
uri: http://service:8000
predicates:
- Path=/service/
**- Header= ??**
filters:
- name: CircuitBreaker
args:
name: slow
fallbackUri: forward:/fallback/service
Upvotes: 7
Views: 7422
Answers (2)
jacky-neo
Reputation: 853
The below is my sample based on spring gateway sample. If no header Authorization, access http://localhost:20000/, response code is 404. If add Authorization, reponse code is 405 which means access ok. Please change Path as your need.
main class defination
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.server.SecurityWebFilterChain;
@SpringBootApplication
public class DemogatewayApplication {
@Bean
SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception {
return http.httpBasic().and()
.csrf().disable()
.authorizeExchange()
.pathMatchers("/anything/**").authenticated()
.anyExchange().permitAll()
.and()
.build();
}
@Bean
public MapReactiveUserDetailsService reactiveUserDetailsService() {
UserDetails user = User.withDefaultPasswordEncoder().username("user").password("password").roles("USER").build();
return new MapReactiveUserDetailsService(user);
}
public static void main(String[] args) {
SpringApplication.run(DemogatewayApplication.class, args);
}
}
pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.example</groupId>
<artifactId>spring-cloud-gateway-sample</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>
<name>spring-cloud-gateway-sample</name>
<description>Demo project for Spring Cloud Gateway</description>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.2.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
<spring-cloud.version>Finchley.RC2</spring-cloud.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-webflux</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-gateway</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-netflix-hystrix</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>io.projectreactor</groupId>
<artifactId>reactor-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>${spring-cloud.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
application.yml defination
server:
port: 20000
spring:
cloud:
gateway:
routes:
- id: serviceRoute
uri: http://www.sohu.com
predicates:
- Path=/
- Header=Authorization, Bearer [0-9a-zA-Z-.]*
Upvotes: 6
Colm Cooney
Reputation: 145
Figured out the syntax, will only route to service if both conditions are met
cloud:
gateway:
routes:
- id: serviceRoute
uri: http://service:8000
predicates:
- Path=/service/
- Header=Authorization, Basic password
filters:
- name: CircuitBreaker
args:
name: slow
fallbackUri: forward:/fallback/service
Upvotes: 5
Related Questions
- Can I use Spring Cloud Gateway for role based authorization?
- Spring cloud gateway add header from authentication
- Configure Spring Gateway with Spring Authorization Server
- Forbid Unauthenticated requests in Spring Cloud Gateway
- How to check HTTP request header for certain endpoints in Spring Framework
- Spring Cloud Gateway - Remove Request Headers from All the routes but one
- How to get Request header values in Spring Cloud Gateway
- How to validate the header from incoming service in Spring cloud gateway ? I need to call 2 other REST API calls ( GET/POST) to validate the headers
- Spring HttpHeaders - get Authorization header
- Spring boot and checking HTTP header presence