The open-source Spring Cloud Gateway project includes a number of built-in filters for use in Gateway routes. The following commercial filters provided by Spring Cloud Gateway for VMware Tanzu can be used in addition to those included in the OSS project.
Roles
The Roles filter uses Single Sign-On for VMware Tanzu to restrict access to a route, so that only users with the specified roles can access the route.
When adding a route to a Gateway service instance, you can set the sso-enabled
parameter to true
and add the Roles
filter by including it in the list of filters
in the JSON object for the route:
$ cf bind-service cook my-gateway -c '{ "routes": [ { "path": "/cook/**", "sso-enabled": true, "filters": ["Roles=ADMIN"] } ] }'
Scopes
To cause an app to request permission scopes for a resource when authenticating a user using Spring Cloud Gateway for VMware Tanzu and Single Sign-On for VMware Tanzu, you can set the sso-enabled
parameter to true
and add the Scopes
filter by including it in the list of filters
in the JSON object for the route:
$ cf bind-service cook my-gateway -c '{ "routes": [ { "path": "/cook/**",
"sso-enabled": true, "filters": ["Scopes=menu.read"] } ] }'
SsoLogin
To cause a Spring Cloud Gateway for VMware Tanzu service instance route to incorporate a login flow using the Gateway service instance's associated Single Sign-On for VMware Tanzu service instance, you can add the SsoLogin
filter by including it in the list of filters in the JSON object for the route:
$ cf bind-service cook my-gateway -c '{ "routes": [ { "path": "/cook/**", "filters": ["SsoLogin"] } ] }'
TokenRelay
The TokenRelay
filter uses Single Sign-On for VMware Tanzu to pass a currently-authenticated user's identity token to the app when the user accesses the app's route.
When adding a route to a Gateway service instance, you can add the TokenRelay
filter by including it in the list of filters
in the JSON object for the route:
$ cf bind-service cook my-gateway -c '{ "routes": [ { "path": "/cook/**", "filters": ["SsoLogin", "TokenRelay"] } ] }'