NetflixOSS Zuul Filter for rejecting requests

Question

I am trying to use a ZuulFilter in a simple spring-cloud-Netflix Api gateway (reverse proxy) in order to authenticate requests against a custom authentication provider (via Rest call).

The Filter should reject unauthorized requests with a 401 and don't pass those requests further down to the proxied services.

Is that even possible for a ZuulFilter? I did not find documentation, example or something in Zuuls api.

Any suggestions?

Answer 1

I got this to work, took some digging. Make sure your request isn't cached already. Just call this method from your run() method inside your ZuulFilter.

/**
 * Reports an error message given a response body and code.
 * 
 * @param body
 * @param code
 */
private void setFailedRequest(String body, int code) {
    log.debug("Reporting error ({}): {}", code, body);
    RequestContext ctx = RequestContext.getCurrentContext();
    ctx.setResponseStatusCode(code);
    if (ctx.getResponseBody() == null) {
        ctx.setResponseBody(body);
        ctx.setSendZuulResponse(false);
    }
}

Answer 2

If you want to use authentication with the Spring Cloud then try the Spring Security Cloud project.

Answer 3

I use a pre filter to check the authentication of the request, and if the request dose not authorized, then I return 401 and do not call the back end service any more. I do it in run() function like this:

RequestContext ctx = getCurrentContext();
// do something to check the authentication
if(auth failed){
  ctx.unset();
  ctx.setResponseStatusCode(HttpStatus.UNAUTHORIZED.value());
}

ctx.unset() tell the context to stop this request, and ctx.setResponseStatusCode(HttpStatus.UNAUTHORIZED.value()); set the http code to 401

also see Netflix Zuul - block request routing