Spring Cloud Gateway: Route and Mutate Request Headers

Conceal and Leverage Security Related Headers From Within.

Dev INTJ Code

Published in

Javarevisited

3 min readJul 26, 2022

Introduction

These days, it’s not unusual to see applications using token-based authorization; however, while there’s generally nothing wrong with it — it’s almost always good to limit the exposure of these tokens as much as possible.

In that case, why don’t we check out Spring Cloud Gateway? Let’s leverage its routing mechanism and handle the mutation of request headers from within.

So, without further ado — let’s get a simple gateway service up and running.

Project Setup

First, let’s suppose we have an internal API that hypothetically needs a header that must be kept secured and private — that might be an API key, client credentials, and whatnot. While it would be fun to implement any of that, in this article — we won’t be diving into those details; Instead, we’ll have a hypothetical API to focus solely on Spring Cloud Gateway.

So now, let’s have a look at the necessary dependencies in our pom.xml:

This pom.xml is almost self-explanatory; however, I’d like to point out the netty-resolver-dns-native-macos dependency — which we can use to solve netty compatibility errors in an M1 chip.

Next, through an application.yml file — let’s configure routing for a hypothetical service:

From the snippet above, we can tell that requests with a prefix of /hypothetical-path (under predicates) will get routed directly to the URI. Also, notice that we use StripPrefix under filters — which enables the routing of the request to our hypothetical service without the trailing prefix.

Lastly, let’s implement a custom GlobalFilter to include a header into the request before the request routing happens:

Up and Running

We’re almost there — so first, let’s make sure we have a running service to route the request from the gateway service. In our case, we can use our hypothetical-api.