The open-source Spring Cloud Gateway project includes a number of built-in filters for use in Gateway routes. The following commercial filters provided by Spring Cloud Gateway for VMware Tanzu can be used in addition to those included in the OSS project.
ClaimHeader
The ClaimHeader
filter allows passing a JWT claim value as an HTTP Header. It works both with and without SSO activated, with the consideration that when SSO is not activated the JWT token is expected in Authorization
Header and won't be validated.
This filter is useful in scenarios where the target service does not handle JWT authorization, but still needs some piece of information from the JWT token.
The ClaimHeader
filter configuration requires 2 parameters:
The following configurations shows how to extract the claim Subject and pass in an HTTP Header called X-Claim-Sub
.
$ cf bind-service cook my-gateway -c '{ "routes": [ { "path": "/cook/**", "filters":["ClaimHeader=sub,X-Claim-Sub"] } ] }'
If you need to pass more than one claim, apply the filter repeatedly.
$ cf bind-service cook my-gateway -c '{ "routes": [ { "path": "/cook/**", "filters":["ClaimHeader=sub,X-Claim-Sub", "ClaimHeader=iss,X-Claim-Iss", "ClaimHeader=iat,X-Claim-Iat"] } ] }'
Note If the header is already present, the value(s) from the claim will be added to it. That is, previous values sent in the SCG request will be preserved.
RemoveJsonAttributesResponseBody
This filter provides a convenient method to apply a transformation to JSON body content from target service through the gateway. It accepts a list of attribute names to search for and an optional last parameter from the list can be a boolean to remove the attributes only at root level (default value if not present at the end of the parameter configuration, false
) or recursively (true
).
Note Applying the recursive deletion mode on a large JSON data will affect service latency.
$ cf bind-service cook my-gateway -c '{ "routes": [ { "path": "/cook/**", "filters":["RemoveJsonAttributesResponseBody=origin,foo,true"] } ] }'
In the example, the attributes origin
and foo
will be deleted from the JSON content body at any level.
RewriteAllResponseHeaders
This filter provides a convenient method to apply a transformation to all headers coming from target service through the gateway. It accepts a regular expression to search for in header values and text to replace the matching expression with.
$ cf bind-service cook my-gateway -c '{ "routes": [ { "path": "/cook/**", "filters":["RewriteAllResponseHeaders=password=[^&]+,password=***"] } ] }'
In the example, any header value containing a number (\d
matches any number from 0 to 9) will be replaced by 0.
RewriteResponseBody
This filter provides a convenient method to apply a transformation to any body content from target service through the gateway, it won't apply any transformation to response headers. It accepts a list of regular expressions (separated by commas) to search for in value and text to replace the matching expression with (separated by colon).
$ cf bind-service cook my-gateway -c '{ "routes": [ { "path": "/cook/**", "filters":["RewriteResponseBody=foo:bar,/path-one/:/path-two/"] } ] }'
In the example, in a body content of any type:
foo
will be replaced by bar
/path-one/
will be replaced by /path-two/