1

In my understanding, Spring Cloud Gateway must implement a HTTP client to make the reverse proxy requests. Spring framework provides just that, the WebClient. I don't know if Spring Cloud Gateway actually uses it internally.

If so, is possible to have access to the WebClient instance? This will allow to configure the client's attributes. One of the possibilities is to provide an OAuth2 authorized client to configure the requests with the Authorization header, like in here:

WebClient webClient;
@RegisteredOAuth2AuthorizedClient("client-id") OAuth2AuthorizedClient authorizedClient;

this.webClient
            .get()
            .uri(this.uri)
            .attributes(oauth2AuthorizedClient(authorizedClient));

The need to do this is to integrate with the password authorization grant type, Spring doesn't provide a way to do this smoothly. Here you can find more about this scenario.

rigon
  • 1,310
  • 4
  • 15
  • 37
  • 2
    It does not currently use `WebClient`. That said, you can access the request via `ServerWebExchange` in a filter to add/modify/remove request headers. – spencergibb Jan 13 '20 at 17:36
  • I am facing similar issue.. I need to set a proxy on the webClient instance depends on the route. Any solution ? – jfk Jul 07 '22 at 09:40

1 Answers1

1

In fact, there is no need to intercept your calls manually. There are plenty of tutorials telling the ways of how to enable OAuth2 authorisation on Spring Cloud Gateway. You can follow this part of the official tutorial. You can find something useful on this Okta related guideline page. Or here is the code that I used to use:

/**
 * OAuth2.0 authorization filter setup.
 *
 * @param http
 * @return security filter
 */
@Bean
@ConditionalOnMissingBean
public SecurityWebFilterChain springSecurityFilterChainWithAuth(ServerHttpSecurity http) {
    http
            .authorizeExchange()
            .anyExchange().authenticated()
            .and()
            .oauth2ResourceServer()
            .jwt();
    return http.build();
}

Additional configuration in properties file:

spring:
  security:
    oauth2:
      resourceserver:
        jwt:
          issuer-uri: [your_uri_here]
Stepan Tsybulski
  • 1,121
  • 8
  • 18
  • Thanks for your answer. Actually I tried your scenario a couple of times and it is very easy to setup. I forgot to mention that I'm trying to use the password authorization grant type (my bad, I will update the question). With that, I cannot find any way possible to set it up. If can provide some ideas about what I'm doing wrong, I will be very pleased. Here you will find more details about: https://stackoverflow.com/questions/59643201/create-route-in-spring-cloud-gateway-with-oauth2-resource-owner-password-grant-t – rigon Jan 13 '20 at 19:23
  • @rigon, now I got your issue. I've never been required to have a password authorisation grant type so unfortunately I can't help you. I see that you did a deep investigation and if there is no configuration out of the box available right now then you solution is a good one. It doesn't look so messy actually. I think you can live with it for now and replace it once a better approach comes with a future release. – Stepan Tsybulski Jan 13 '20 at 20:24