I am trying to set up a new server that acts as a gateway (using spring-cloud-gateway as a base) and I need to be able to authenticate users via a remote LDAP server before actually forwarding any subsequent requests. How would I go about implementing this (packages, configuration, etc)?
Asked
Active
Viewed 1,262 times
1 Answers
-1
This should be fairly straight forward to explain. There are two concerns here:
- Spring Cloud Gateway
- Spring Security (LDAP)
Think of the gateway segment is like any other part of a web-application. Don't so much worry about that part.
As far as getting spring-security + LDAP, you'll have to get that part worked out and configured as per your requirements then just make sure that the spring-cloud-gateway functionality is caught underneath the authentication filter.
If you're using spring-boot, probably would need the starters for sgc and spring-security. They should be fairly well documented and straight forward to configure.
The LDAP functionality in spring-security is very mature and should be easy enough to configure with little effort. Most of the functionality underpinning that (LDAP) is all implemented via the JRE.
Dave G
- 9,639
- 36
- 41
-
1You should also read this [Don't allow direct calls to Microservices. Only allow through API Gateway](https://stackoverflow.com/questions/41262716/dont-allow-direct-calls-to-microservices-only-allow-through-api-gateway) . – lafual Sep 12 '19 at 03:54
-
@Dave What is authentication filter in SpringCloudGateway? Are you talking about EnableWebFluxSecurity – user3474541 Sep 15 '20 at 19:42
-
@user3474541 I wrote this response approximately a year ago, I would have to go back and review how the Spring Cloud Gateway is secured - but in general the Spring-Security framework could support this. WebFlux is (to me) a much newer technology which I cannot speak to. – Dave G Sep 17 '20 at 01:12