Customize requests in Spring Cloud Gateway

0
votes

In my understanding, Spring Cloud Gateway must implement a HTTP client to make the reverse proxy requests. Spring framework provides just that, the WebClient. I don't know if Spring Cloud Gateway actually uses it internally.

If so, is possible to have access to the WebClient instance? This will allow to configure the client's attributes. One of the possibilities is to provide an OAuth2 authorized client to configure the requests with the Authorization header, like in here:

WebClient webClient;
@RegisteredOAuth2AuthorizedClient("client-id") OAuth2AuthorizedClient authorizedClient;

this.webClient
            .get()
            .uri(this.uri)
            .attributes(oauth2AuthorizedClient(authorizedClient));

The need to do this is to integrate with the password authorization grant type, Spring doesn't provide a way to do this smoothly. Here you can find more about this scenario.

1
springspring-bootspring-cloudspring-cloud-gateway
It does not currently use WebClient. That said, you can access the request via ServerWebExchange in a filter to add/modify/remove request headers.spencergibb

1 Answers

1
votes

In fact, there is no need to intercept your calls manually. There are plenty of tutorials telling the ways of how to enable OAuth2 authorisation on Spring Cloud Gateway. You can follow this part of the official tutorial. You can find something useful on this Okta related guideline page. Or here is the code that I used to use:

/**
 * OAuth2.0 authorization filter setup.
 *
 * @param http
 * @return security filter
 */
@Bean
@ConditionalOnMissingBean
public SecurityWebFilterChain springSecurityFilterChainWithAuth(ServerHttpSecurity http) {
    http
            .authorizeExchange()
            .anyExchange().authenticated()
            .and()
            .oauth2ResourceServer()
            .jwt();
    return http.build();
}

Additional configuration in properties file:

spring:
  security:
    oauth2:
      resourceserver:
        jwt:
          issuer-uri: [your_uri_here]