The open-source Spring Cloud Gateway project includes a number of built-in filters for use in Gateway routes. The following commercial filters provided by Spring Cloud Gateway for VMware Tanzu can be used in addition to those included in the OSS project.

Roles

The Roles filter uses Single Sign-On for VMware Tanzu to restrict access to a route, so that only users with the specified roles can access the route.

When adding a route to a Gateway service instance, you can set the sso-enabled parameter to true and add the Roles filter by including it in the list of filters in the JSON object for the route:

$ cf bind-service cook my-gateway -c '{ "routes": [ { "path": "/cook/**", "sso-enabled": true, "filters": ["Roles=ADMIN"] } ] }'

Scopes

To cause an app to request permission scopes for a resource when authenticating a user using Spring Cloud Gateway for VMware Tanzu and Single Sign-On for VMware Tanzu, you can set the sso-enabled parameter to true and add the Scopes filter by including it in the list of filters in the JSON object for the route:

$ cf bind-service cook my-gateway -c '{ "routes": [ { "path": "/cook/**",
    "sso-enabled": true, "filters": ["Scopes=menu.read"] } ] }'

SsoLogin

To cause a Spring Cloud Gateway for VMware Tanzu service instance route to incorporate a login flow using the Gateway service instance's associated Single Sign-On for VMware Tanzu service instance, you can add the SsoLogin filter by including it in the list of filters in the JSON object for the route:

$ cf bind-service cook my-gateway -c '{ "routes": [ { "path": "/cook/**", "filters": ["SsoLogin"] } ] }'

TokenRelay

The TokenRelay filter uses Single Sign-On for VMware Tanzu to pass a currently-authenticated user's identity token to the app when the user accesses the app's route.

When adding a route to a Gateway service instance, you can add the TokenRelay filter by including it in the list of filters in the JSON object for the route:

$ cf bind-service cook my-gateway -c '{ "routes": [ { "path": "/cook/**", "filters": ["SsoLogin", "TokenRelay"] } ] }'
check-circle-line exclamation-circle-line close-line
Scroll to top icon