Spring Cloud Gateway — Request filtering and redirection

So what is an API Gateway anyway?

What does a reverse proxy do?

Reverse proxy diagram


  • Single point of entry
  • Unique protocol for all clients
  • Clients don’t need to know about multiple server addresses
  • Unique response for multiple clients
  • Changes on backend services can be hidden from clients
  • Multiple platforms
  • Services are not exposed
  • Load balancing
  • Caching
  • Monitoring

Spring Cloud Gateway

How does it work?

  • Route — contain URL of the service to which request will be forwarded, ad the predicates and filters for the request
  • Predicate — some set of criteria that needs to match for the incoming request predicates: — Cookie=chocolate, ch.p
  • Filter — components where you can manipulate incoming and outgoing requests and responses
Gateway request flow
  • The request comes in to the GatewayHandler
  • GatewayHandler decides, based on URI and predicates, it the request matches route
  • GatewayHandler moves request to the Gateway Web Handler
  • Gateway Web Handler passes the request to the appropriate filter in the filter chain
  • The request is proxied to the service

Gateway filters


  • An API with two routes
  • Client is redirected to either route based on the value received in headers

The Gateway application

Project structure

  • configuration — I’ll be showing how you can also configure your gateway routes through Java code instead of using YAML files.
  • filter — This is where our request and response filters will be, we have 4 filters. “BeforeRedirectionFilter” demonstrates ordering and some basic request manipulation that will happen before the “RedirectionFilter”. LoggingGlobalFilter will log all of our requests (Global filter).
    The “PrePost” filter shows how to act on changes after the request has been sent and there is a response received, and the “RedirectionFilter” will do the request manipulation and redirect the request to a different route.
  • util — Because we’ll be reading some data from YAML files in our filters, I’ve created some classes to map the values and parse YAML data to POJOs


Routes configuration

  • Path predicate says that, I’ll match this route with the request only if it starts with /portal/** (wildcard — I don’t care what’s after).
  • Header — your request headers must contain a header called X-Org-Id with the following regex match which is capital letters and numbers only.
    There is another header that says that it also must come with a header named X-Portal with the value of client-portal, as I’ll use this to fetch this route by ID when reading from the configuration.
  • Metadata — I can put anything I want in metadata and read it in our filters later.


Redirection Filter

Testing the app

  • Performance issues since it is a central point of handling all the traffic
  • Security issues
  • Single point of failure
  • Complexity
  • Additional network hop




Software Developer

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Test-Driven Development — What, How, and Why?

Spring Core Application without MVC

Smart Cross-Country Price Recommendation Project

Discovery DTC’s India Development Centre

ONLYOFFICE Groups for hosting providers

Game x Metaverse Studio (2022)

BDL Accelerate Hackathon in Beirut, Lebanon

Python Pro Tip: Use Iterators, Generators, and Generator Expressions

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Haris Zujo

Haris Zujo

Software Developer

More from Medium

Spring Boot secrets encryption using Jasypt

Spring boot with Jasypt for secrets encryption and decryption

Spring Boot: Configure multiple databases

Obfuscate Spring Boot Applications with Proguard Maven Plugin

Reactive Programming Using Spring Webflux