Spring Cloud Gateway commercial route filters act on the incoming request or outgoing response matched by a predicate. You can use filters when adding an HTTP header, or when denying access based on an authorization token, for example.

Spring Cloud Gateway OSS includes a number of GatewayFilter factories used to create filters for routes. For a complete list of these factories, see the Spring Cloud Gateway OSS documentation.

Spring Cloud Gateway for VMware Tanzu also provides a number of custom filters in addition to those included in the OSS project.

Available filters

Filter Description
AddRequestHeader Adds a header to a request
AddRequestParameter Adds a request parameter to a request query string
AddResponseHeader Adds a header to a matching response
AllowedRequestCookieCount Determines if a matching request is allowed to proceed based on the number of cookies
AllowedRequestHeadersCount Determines if a matching request is allowed to proceed based on the number of headers
AllowedRequestQueryParamsCount Determines if a matching request is allowed to proceed based on the number of query parameters
CircuitBreaker Wraps routes in a circuit breaker
ClaimHeader Copies data from a JWT claim into an HTTP Header
ClientCertificateHeader Validates X-Forwarded-Client-Cert header certificate (optional fingerprint)
DeDupeResponseHeader Removes duplicates of certain headers
FallbackHeaders Adds circuit breaker exception to a header
JsonToXml Transforms Json body response into XML body response
LocalResponseCache Adds specific cache to the route.
MapRequestHeader Maps a header from another one
PrefixPath Adds a prefix to a matching request path
PreserveHostHeader Preserves original host header when sending a request
RateLimit Determines if a matching request is allowed to proceed base on volume
RedirectTo Redirects a matching request with certain HTTP code to a certain URL
RemoveJsonAttributesResponseBody Removes JSON attributes and its value from a JSON content
RemoveRequestHeader Removes a header from a matching request
RemoveRequestParameter Removes a query parameter from a matching request
RemoveResponseHeader Removes a header from a response
RequestHeaderSize Limits the size of a request header
RequestSize Constrains a matching request with a certain request size
RestrictRequestHeaders Determines if a matching request is allowed to proceed based on the headers
Retry Retries a matching request
RewriteAllResponseHeaders Removes a query parameter from a matching request
RewriteLocationResponseHeader Modifies the value of the location response header
RewritePath Similar to RewriteResponseHeader, but applies transformation to all headers
RewriteResponseBody Rewrites the response body from a matching request
RewriteResponseHeader Rewrites the response header value
Roles Lists authorized roles needed to access route
SaveSession Saves the current WebSession before executing the rest of the GatewayFilterChain
Scopes Lists scopes needed to access route
SecureHeaders Adds some headers to a response per a security recommendation
SetPath Manipulates a matching request path
SetRequestHeader Replaces the value of all headers matching the given name
SetRequestHostHeader Overrides host header value of a matching request
SetResponseHeader Replaces a certain response header
SetStatus Sets HTTP status of a response
SsoLogin Redirects to authenticate if no valid Authorization token is found.
StripPrefix Strips parts from a path of a matching request (default: 1)
TokenRelay Forwards OAuth2 access token to downstream resources
XmlToJson Transforms XML body response into Json body response

AllowedRequestCookieCount

Determines if a matching request is allowed to proceed based on the number of cookies.

Configuration parameters:

  • amount: number of allowed cookies
    AllowedRequestCookieCount=2

AllowedRequestHeadersCount

Determines if a matching request is allowed to proceed based on the number of headers.

Configuration parameters:

  • amount: number of allowed headers
    AllowedRequestHeadersCount=4

AllowedRequestQueryParamsCount

Determines if a matching request is allowed to proceed based on the number query params.

Configuration parameters:

  • amount: number of allowed parameters
    AllowedRequestQueryParamsCount=3

CircuitBreaker

Wraps routes in a circuit breaker.

Configuration parameters:

  • name: circuit breaker name
  • fallbackUri: reroute url, can be a local route or external handler
  • status codes: (optional) colon-separated list of status codes to match, in number or text format
  • failure rate: (optional) threshold above which the circuit breaker will be opened (default 50%)
  • duration: (optional) time to wait before closing again (default 60s)
    CircuitBreaker=myCircuitBreaker,forward:/inCaseOfFailureUseThis,401:NOT_FOUND:500,10,30s

ClaimHeader

Copies data from a JWT claim into an HTTP header.

Configuration parameters:

  • Claim name: case sensitive name of the claim to pass
  • Header name: name of the HTTP header
    ClaimHeader=sub,X-Claim-Sub

ClientCertificateHeader

Validates X-Forwarded-Client-Cert header certificate.

Configuration parameters:

  • domain pattern: X-Forwarded-Client-Cert value
  • certificate fingerprint: (optional) SSL certificate's fingerprint
    ClientCertificateHeader=*.example.com,sha-1:aa:bb:00:99

FallbackHeaders

Adds any circuit breaker exception to a header. Requires the use of the CircuitBreaker filter in another route.

No parameters required.

    FallbackHeaders

JsonToXml

Transforms JSON response body into XML response body

Configuration parameters:

  • wrapper: root tag name for the XML response, default root tag is response if an additional root tag is required to generate valid XML
    JsonToXml=custom-response

LocalResponseCache

Overrides local response cache configuration for specific routes if global cache is activated.

Configuration parameters:

  • size: maximum allowed size of the cache entries for this route before cache eviction begins (in KB, MB and GB)
  • timeToLive: allowed lifespan of a cache entry before expiration (use the duration suffix s for seconds, m for minutes, or h for hours)
    LocalResponseCache=3m,1MB

RateLimit

Determines if a matching request is allowed to proceed based on request volume.

Configuration parameters:

  • request limit: maximum number of requests accepted during the window
  • window duration: window duration in milliseconds. Alternatively the s, m or h suffixes can be used to specify the duration in seconds, minutes or hours
  • partition source: (optional) location of the partition key ('claim', 'header' or 'IPs')
  • partition key: (optional) value used to partition request counters
    RateLimit=1,10s
    RateLimit=1,10s,{claim:client_id}
    RateLimit=1,10s,{header:client_id}
    RateLimit=2,10s,{IPs:2;127.0.0.1;192.168.0.1}

RemoveJsonAttributesResponseBody

Removes JSON attributes and their values from JSON response bodies.

Configuration parameters:

  • attribute names: comma-separated list of the names of attributes to remove from a JSON response
  • delete recursively: (optional, boolean) configures the removal of attributes only at root level (false), or recursively (true) (default, false)
    RemoveJsonAttributesResponseBody=origin,foo,true

RestrictRequestHeaders

Determines if a matching request is allowed to proceed based on the headers. If there are any HTTP headers that are not in the headerList configuration (case insensitive), a response of 403 Forbidden error will be returned to client.

Configuration parameters:

  • headerList: list of names of allowed headers (case insensitive)
    RestrictRequestHeaders=Content-Type,x-request-temp

RewriteAllResponseHeaders

Rewrite multiple response headers at once.

Configuration parameters:

  • pattern to match: regular expression to match against header values
  • replacement: replacement value
    RewriteAllResponseHeaders=\d,0

RewriteResponseBody

Modifies the body of a response.

Configuration parameters are organized as a comma-separated list of key-value pairs, where each pair takes the form pattern to match:replacement:

  • pattern to match: regular expression to match against text in the response body
  • replacement: replacement value
    RewriteResponseBody=foo:bar,/path-one/:/path-two/

Roles

Authorizes requests whose authorization contains one of the configured roles.

Configuration parameters:

  • roles: comma-separated list of authorized roles
    Roles=role_01,role_02

Scopes

Authorizes requests whose authorization contains one of the configured scopes.

Configuration parameters:

  • scopes: comma-separated list of authorized scopes
    Scopes=api.read,api.write,user

SsoLogin

Redirects to authenticate if no valid Authorization token is found.

No parameters required.

    SsoLogin

TokenRelay

Forwards OAuth2 access token to downstream resources.

No parameters required.

    TokenRelay

XmlToJson

Transforms XML response body into JSON response body

No parameters required.

    XmlToJson
check-circle-line exclamation-circle-line close-line
Scroll to top icon