This is proof-of-concept setup for a single-page-application with a secured gateway.
It consists of:
- a minimal vuejs-powered single-page-application
- a cloud gateway with secured routes and persisted sessions
- a minimal microservice that retrieves user information when requests are forwarded from the microservice
- node 14+
- java 11
- docker
- docker-compose
The frontend single-page application is setup with
- vuejs
- typescript
- bootstrap-vue (for layout)
The frontend has a secure/logged-in route and other logged-out routes. When accessing a logged-in route the navigation guard kicks in and navigates the user to to the login page.
The secure route performs a request to the cloud-gateway, which forwards it to the microservice. The answer of the microservice is shown on the page.
Install the dependencies
cd vue-frontend
npm installRun the frontend
npm run serve
Access the frontend in the browser under http://localhost:8080
Note: the gateway and the microservice need to be started as well for full functionality
A spring-boot based service that uses spring-cloud-gateway for routing requests and spring-security for securing routes.
Libraries used are:
- spring-boot
- spring-cloud-gateway
- spring-security
- spring-session-data-mongodb
- spring-boot-starter-data-mongodb-reactive
All routes beginning with /api/ are considered secure.
Credentials are hard-coded as user / password.
Securty configuration is done in CustomSecurityConfig
In the same file the session persistence in mongodb is activated via the annotation @EnableMongoWebSession. This means that sessions survive a restart of the application and that multiple instances of the same application can share the same session, which means that logged-in users can be routed to any instance of the application without any special considerations. They will be considered logged-in on all instances.
Only a single route is configured /api/hello, which leads to the other sub-projects microservice. Routing is configured in the application.yml
The gateway has a global filter configured that takes the user information on logged-in routes an forwards the username in the header X-Authenticated-User (see ForwardUserHeaderFilter)
Bootup of the session store (mongodb)
cd spring-gateway-security-spa
docker-compose up -dRunning the gateway application
./mvnw spring-boot:runThe application listens on port 8180.
A minimal microservice with a single route /hello.
The HelloWorldController takes the username from the header X-Authenticated-User and creates a greeting for the user.
The application shows how user information can be forwarded without the receiving application implementing any security. Of course, in more complex and/or critical applications implementing security as well is a good idea.
Run the application
cd simple-microservice
./mvnw spring-boot:runThe application listens on port 8280.