This post provides a working example of using Spring Cloud Gateway to decrypt an incoming request from the client, send the decrypted contents to the target service, receive the response and encrypt the response before sending it to the client.

To get hold of the code referred to in this article please visit the repository @ https://github.com/sumantrana/SpringGatewayCustomFilter.git

Introduction

One of the advantages of using a gateway is that it can be used to handle common functionality that affects multiple routes passing through it e.g. authentication, metrics, encryption/decryption.

Instead of having these common concerns scattered across multiple micro-services, we can consolidate them at the gateway. This provides the following set of advantages:

• Reduction in the amount of effort required to develop/change them (as and when required). Since the code is centrally located, it can be changed at one place only and would require less time to test and deploy.
• Better clarity and understanding of the code (for the same reasons as above)
• Separation of concerns. The team developing micro-services does not need to know the details of how incoming requests are authenticated, encrypted etc. They can concentrate on the business logic only.

In this article we will dive deeper into the encryption/decryption aspect. There are a couple of ways in which this functionality can be accomplished:

• Create an external service and delegate the responsibility of encryption decryption to that service. Call this service from the gateway for each incoming request and again for each outgoing response.
• Create a custom filter in the gateway which will intercept each request, decrypt it and correspondingly intercept each response and encrypt it before sending it either ways.

The following sections explain the latter approach in detail.

#spring-boot #spring-cloud