Spring Cloud Gateway commercial route filters act on the incoming request or outgoing response matched by a predicate. You can use filters when adding an HTTP header, or when denying access based on an authorization token, for example.
Spring Cloud Gateway OSS includes a number of GatewayFilter
factories used to create filters for routes. For a complete list of these factories, see the Spring Cloud Gateway OSS documentation.
Spring Cloud Gateway for VMware Tanzu also provides a number of custom filters in addition to those included in the OSS project.
Filter | Description |
---|---|
AddRequestHeader | Adds a header to a request |
AddRequestParameter | Adds a request parameter to a request query string |
AddResponseHeader | Adds a header to a matching response |
AllowedRequestCookieCount | Determines if a matching request is allowed to proceed based on the number of cookies |
AllowedRequestHeadersCount | Determines if a matching request is allowed to proceed based on the number of headers |
AllowedRequestQueryParamsCount | Determines if a matching request is allowed to proceed based on the number of query parameters |
CircuitBreaker | Wraps routes in a circuit breaker |
ClaimHeader | Copies data from a JWT claim into an HTTP Header |
ClientCertificateHeader | Validates X-Forwarded-Client-Cert header certificate (optional fingerprint) |
DeDupeResponseHeader | Removes duplicates of certain headers |
FallbackHeaders | Adds circuit breaker exception to a header |
JsonToXml | Transforms Json body response into XML body response |
LocalResponseCache | Adds specific cache to the route. |
MapRequestHeader | Maps a header from another one |
PrefixPath | Adds a prefix to a matching request path |
PreserveHostHeader | Preserves original host header when sending a request |
RateLimit | Determines if a matching request is allowed to proceed base on volume |
RedirectTo | Redirects a matching request with certain HTTP code to a certain URL |
RemoveJsonAttributesResponseBody | Removes JSON attributes and its value from a JSON content |
RemoveRequestHeader | Removes a header from a matching request |
RemoveRequestParameter | Removes a query parameter from a matching request |
RemoveResponseHeader | Removes a header from a response |
RequestHeaderSize | Limits the size of a request header |
RequestSize | Constrains a matching request with a certain request size |
RestrictRequestHeaders | Determines if a matching request is allowed to proceed based on the headers |
Retry | Retries a matching request |
RewriteAllResponseHeaders | Removes a query parameter from a matching request |
RewriteLocationResponseHeader | Modifies the value of the location response header |
RewritePath | Similar to RewriteResponseHeader, but applies transformation to all headers |
RewriteResponseBody | Rewrites the response body from a matching request |
RewriteResponseHeader | Rewrites the response header value |
Roles | Lists authorized roles needed to access route |
SaveSession | Saves the current WebSession before executing the rest of the GatewayFilterChain |
Scopes | Lists scopes needed to access route |
SecureHeaders | Adds some headers to a response per a security recommendation |
SetPath | Manipulates a matching request path |
SetRequestHeader | Replaces the value of all headers matching the given name |
SetRequestHostHeader | Overrides host header value of a matching request |
SetResponseHeader | Replaces a certain response header |
SetStatus | Sets HTTP status of a response |
SsoLogin | Redirects to authenticate if no valid Authorization token is found. |
StripPrefix | Strips parts from a path of a matching request (default: 1) |
TokenRelay | Forwards OAuth2 access token to downstream resources |
XmlToJson | Transforms XML body response into Json body response |
AllowedRequestCookieCount
Determines if a matching request is allowed to proceed based on the number of cookies.
Configuration parameters:
amount
: number of allowed cookies AllowedRequestCookieCount=2
AllowedRequestHeadersCount
Determines if a matching request is allowed to proceed based on the number of headers.
Configuration parameters:
amount
: number of allowed headers AllowedRequestHeadersCount=4
AllowedRequestQueryParamsCount
Determines if a matching request is allowed to proceed based on the number query params.
Configuration parameters:
amount
: number of allowed parameters AllowedRequestQueryParamsCount=3
CircuitBreaker
Wraps routes in a circuit breaker.
Configuration parameters:
name
: circuit breaker namefallbackUri
: reroute url, can be a local route or external handlerstatus codes
: (optional) colon-separated list of status codes to match, in number or text formatfailure rate
: (optional) threshold above which the circuit breaker will be opened (default 50%)duration
: (optional) time to wait before closing again (default 60s) CircuitBreaker=myCircuitBreaker,forward:/inCaseOfFailureUseThis,401:NOT_FOUND:500,10,30s
ClaimHeader
Copies data from a JWT claim into an HTTP header.
Configuration parameters:
Claim name
: case sensitive name of the claim to passHeader name
: name of the HTTP header ClaimHeader=sub,X-Claim-Sub
ClientCertificateHeader
Validates X-Forwarded-Client-Cert
header certificate.
Configuration parameters:
domain pattern
: X-Forwarded-Client-Cert
valuecertificate fingerprint
: (optional) SSL certificate's fingerprint ClientCertificateHeader=*.example.com,sha-1:aa:bb:00:99
FallbackHeaders
Adds any circuit breaker exception to a header. Requires the use of the CircuitBreaker
filter in another route.
No parameters required.
FallbackHeaders
JsonToXml
Transforms JSON response body into XML response body
Configuration parameters:
wrapper
: root tag name for the XML response, default root tag is response
if an additional root tag is required to generate valid XML JsonToXml=custom-response
LocalResponseCache
Overrides local response cache configuration for specific routes if global cache is activated.
Configuration parameters:
size
: maximum allowed size of the cache entries for this route before cache eviction begins (in KB, MB and GB)timeToLive
: allowed lifespan of a cache entry before expiration (use the duration suffix s
for seconds, m
for minutes, or h
for hours) LocalResponseCache=3m,1MB
RateLimit
Determines if a matching request is allowed to proceed based on request volume.
Configuration parameters:
request limit
: maximum number of requests accepted during the windowwindow duration
: window duration in milliseconds. Alternatively the s
, m
or h
suffixes can be used to specify the duration in seconds, minutes or hourspartition source
: (optional) location of the partition key ('claim', 'header' or 'IPs')partition key
: (optional) value used to partition request counters RateLimit=1,10s
RateLimit=1,10s,{claim:client_id}
RateLimit=1,10s,{header:client_id}
RateLimit=2,10s,{IPs:2;127.0.0.1;192.168.0.1}
RemoveJsonAttributesResponseBody
Removes JSON attributes and their values from JSON response bodies.
Configuration parameters:
attribute names
: comma-separated list of the names of attributes to remove from a JSON responsedelete recursively
: (optional, boolean) configures the removal of attributes only at root level (false
), or recursively (true
) (default, false
) RemoveJsonAttributesResponseBody=origin,foo,true
RestrictRequestHeaders
Determines if a matching request is allowed to proceed based on the headers. If there are any HTTP headers that are not in the headerList
configuration (case insensitive), a response of 403 Forbidden error will be returned to client.
Configuration parameters:
headerList
: list of names of allowed headers (case insensitive) RestrictRequestHeaders=Content-Type,x-request-temp
RewriteAllResponseHeaders
Rewrite multiple response headers at once.
Configuration parameters:
pattern to match
: regular expression to match against header valuesreplacement
: replacement value RewriteAllResponseHeaders=\d,0
RewriteResponseBody
Modifies the body of a response.
Configuration parameters are organized as a comma-separated list of key-value pairs, where each pair takes the form pattern to match:replacement
:
pattern to match
: regular expression to match against text in the response bodyreplacement
: replacement value RewriteResponseBody=foo:bar,/path-one/:/path-two/
Roles
Authorizes requests whose authorization contains one of the configured roles.
Configuration parameters:
roles
: comma-separated list of authorized roles Roles=role_01,role_02
Scopes
Authorizes requests whose authorization contains one of the configured scopes.
Configuration parameters:
scopes
: comma-separated list of authorized scopes Scopes=api.read,api.write,user
SsoLogin
Redirects to authenticate if no valid Authorization token is found.
No parameters required.
SsoLogin
TokenRelay
Forwards OAuth2 access token to downstream resources.
No parameters required.
TokenRelay
XmlToJson
Transforms XML response body into JSON response body
No parameters required.
XmlToJson