Implementing a Spring Cloud Gateway as a Unified Authentication and Authorization Entry Point
This article demonstrates how to build a Spring Cloud Gateway microservice that serves as a centralized authentication and authorization gateway, covering Maven dependencies, YAML configuration, whitelist handling, exception processing, RestTemplate setup, and a custom global filter with code examples.
The article explains how to construct a gateway microservice using Spring Cloud Gateway to act as a unified authentication and authorization entry point for downstream services.
Configuration file : The required Maven <project> <parent>... <artifactId>ms-gateway</artifactId> <dependencies> <!-- spring cloud gateway --> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-gateway</artifactId> </dependency> <!-- eureka client --> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-netflix-eureka-client</artifactId> </dependency> <!-- commons project --> <dependency> <groupId>com.zjq</groupId> <artifactId>commons</artifactId> <version>1.0-SNAPSHOT</version> <exclusions> <exclusion> <groupId>com.battcn</groupId> <artifactId>swagger-spring-boot-starter</artifactId> </exclusion> </exclusions> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-configuration-processor</artifactId> <optional>true</optional> </dependency> </dependencies> </project> defines the necessary libraries.
YAML configuration : The application.yml sets the server port, application name, enables discovery routing, defines routes for ms-users and ms-oauth2-server , configures whitelist URLs, Eureka client details, and logging pattern.
Whitelist configuration : The secure.ignore.urls section lists paths such as /actuator/** , /auth/oauth/** , and /users/signin . A Java class IgnoreUrlsConfig annotated with @ConfigurationProperties(prefix="secure.ignore") binds these URLs to a List<String> urls field.
Exception handling : The HandleException component provides a writeError method that builds a JSON error response using ObjectMapper and writes it to the ServerHttpResponse .
REST request configuration : RestTemplateConfiguration declares a load‑balanced RestTemplate bean for remote calls.
Global filter : The AuthGlobalFilter implements GlobalFilter and Ordered . It injects the whitelist config, RestTemplate , and HandleException . The filter checks if the request matches a whitelist URL, extracts the access_token query parameter, validates the token by calling ms-oauth2-server/oauth/check_token , handles error cases via HandleException , and forwards the request when validation succeeds.
Testing verification : The article includes screenshots showing login, fetching the current user information, and logout operations to verify the gateway’s behavior.
Top Architect
Top Architect focuses on sharing practical architecture knowledge, covering enterprise, system, website, large‑scale distributed, and high‑availability architectures, plus architecture adjustments using internet technologies. We welcome idea‑driven, sharing‑oriented architects to exchange and learn together.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.