DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports
Events Video Library
Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
View Events Video Library
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

Modern Digital Website Security: Prepare to face any form of malicious web activity and enable your sites to optimally serve your customers.

Containers Trend Report: Explore the current state of containers, containerization strategies, and modernizing architecture.

Low-Code Development: Learn the concepts of low code, features + use cases for professional devs, and the low-code implementation process.

E-Commerce Development Essentials: Considering starting or working on an e-commerce business? Learn how to create a backend that scales.

Related

  • API Gateway to the Rescue
  • NGINX With Eureka Instead of Spring Cloud Gateway or Zuul
  • Dynamic Routing Through Zuul With a REST API and Spring Boot Without Spring Config — Sub-Domain to Subpath Router
  • Ensuring API Resilience in Spring Microservices Using Retry and Fallback Mechanisms

Trending

  • KubeAdmiral: Next-Generation Multi-Cluster Orchestration Engine Based on Kubernetes
  • Securing REST APIs With Nest.js: A Step-by-Step Guide
  • Understanding the New SEC Rules for Disclosing Cybersecurity Incidents
  • The Top 5 Tools for Automated Front-End Testing
  1. DZone
  2. Data Engineering
  3. Databases
  4. Microservices - Part 5: Spring Cloud Zuul Proxy as API Gateway

Microservices - Part 5: Spring Cloud Zuul Proxy as API Gateway

In this tutorial, we'll learn how to use Spring Cloud Zuul Proxy as an API gateway, an essential component of microservice architecture.

Siva Prasad Reddy Katamreddy user avatar by
Siva Prasad Reddy Katamreddy
·
Mar. 16, 18 · Tutorial
Like (15)
Save
Tweet
Share
57.3K Views

Join the DZone community and get the full member experience.

Join For Free

In microservices architecture, there could be a number of API services and few UI components that are talking to APIs. As of now, many microservices based applications still use monolithic front-ends where the entire UI is built as a single module. You may choose to go with micro-frontends where the UI is also decomposed into multiple microservices talking to APIs to get the relevant data. Instead of letting the UI know about all our microservices details, we can provide a unified proxy interface that will delegate the calls to various microservices based on a URL pattern. In this post, we will learn how to create an API Gateway using Spring Cloud Zuul Proxy.

In this post we are going to learn:
  • Why do we need an API Gateway?
  • Implementing an API Gateway using Spring Cloud Zuul Proxy
  • Using Zuul Filters for cross-cutting concerns

An API Gateway, aka Edge Service, provides a unified interface for a set of microservices so that clients no need to know about all the details of microservices internals. However, there are some pros and cons of using the API Gateway pattern in microservices architecture.

Pros:
  • Provides an easier interface to clients.
  • Can be used to prevent exposing the internal microservices structure to clients.
  • Allows refactoring of microservices without forcing the clients to refactor the consuming logic.
  • Can centralize cross-cutting concerns like security, monitoring, rate limiting, etc.
Cons:
  • It could become a single point of failure if the proper measures are not taken to make it highly available.
  • Knowledge of various microservice APIs may creep into the API Gateway.

Spring Cloud provides Zuul proxy, similar to Nginx, that can be used to create the API Gateway.

Let us create a front-end UI module "shoppingcart-ui" as a Spring Boot application which also acts as Zuul proxy. Create a SpringBoot project with Web, Config Client, Eureka Discovery, Zuul starters and annotate the main entry-point class with @EnableZuulProxy.

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.cloud</groupId>
    <artifactId>spring-cloud-starter-config</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.cloud</groupId>
    <artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.cloud</groupId>
    <artifactId>spring-cloud-starter-netflix-zuul</artifactId>
</dependency>
ShoppingcartUiApplication.java
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.cloud.netflix.zuul.EnableZuulProxy;

@EnableZuulProxy
@SpringBootApplication
public class ShoppingcartUiApplication {
    public static void main(String[] args) {
        SpringApplication.run(ShoppingcartUiApplication.class, args);
    }
}

As we are using Eureka Discovery; also, requests from the proxy with the URL patterns /service-id/** will be routed to the service registered in Eureka Server with service id "service-id."

For example, from UI application if we make a request to http://localhost:8080/ catalog-service/products then it will lookup in Service Registry for ServiceID "catalog-service" and send the request with URL /products to one of the available catalog-service instances.

To make it happen we need to register "shoppingcart-ui" with Eureka Service Registry.

bootstrap.properties
spring.application.name=shoppingcart-ui
server.port=8080
eureka.client.service-url.defaultZone=http://localhost:8761/eureka/

With this configuration now we can fetch product information from catalog-service using jQuery as follows:

$.ajax({
    url: '/catalog-service/products'
})
.done(function(data) {
    this.products = data;
}.bind(this));

Here, from our UI application, we are making a call to http://localhost:8080/catalog-service/products. Assuming catalog-service is registered with ServiceID "catalog-service" and running on port 8181, this request will be forwarded to http://host:8181/products. But the UI is completely unaware of where the actual catalog-service is running and its hostname, port number, etc.

We can also use a common prefix for URLs, like "/api," for which we want Zuul to proxy by setting the zuul.prefix property.

zuul.prefix=/api

Now, from the UI, we can make a request to fetch products at http://localhost:8080/api/catalog-service/products. By default, Zuul will strip the prefix and forward the request.

You can also customize the path mappings of a service as follows:

zuul.routes.catalogservice.path=/catalog/**
zuul.routes.catalogservice.serviceId=catalog-service

With this configuration, you can use URL http://localhost:8080/api/catalog/products which will be forwarded to the service with serviceId catalog-service.

By default, all the services registered with Eureka Server will be exposed. You can use zuul.ignored-services property to disable this behavior and expose only the explicitly configured services.

zuul.ignored-services=*

zuul.routes.catalogservice.path=/catalog/**
zuul.routes.catalogservice.serviceId=catalog-service

zuul.routes.orderservice.path=/orders/**
zuul.routes.orderservice.serviceId=order-service

With this configuration, only catalog-service, order-service are exposed through Zuul proxy but not inventory-service.

As Zuul act as a proxy to all our microservices, we can use Zuul service to implement some cross-cutting concerns like security, rate limiting, etc. One common use case is forwarding the Authentication headers to all the downstream services.

Typically in microservices, we will use OAuth service for authentication and authorization. Once the client is authenticated OAuth service will generate a token which should be included in the requests making to other microservices so that client need not be authenticated for every service separately. We can use Zuul filter to implement features like this.

import com.netflix.zuul.ZuulFilter;
import com.netflix.zuul.context.RequestContext;
import com.netflix.zuul.exception.ZuulException;
import javax.servlet.http.HttpServletRequest;
import java.util.UUID;
import static org.springframework.cloud.netflix.zuul.filters.support.FilterConstants.PRE_TYPE;

public class AuthHeaderFilter extends ZuulFilter {
    @Override
    public String filterType() {
        return PRE_TYPE;
    }

    @Override
    public int filterOrder() {
        return 0;
    }

    @Override
    public boolean shouldFilter() {
        return true;
    }

    @Override
    public Object run() throws ZuulException {
        RequestContext ctx = RequestContext.getCurrentContext();
        HttpServletRequest request = ctx.getRequest();

        if (request.getAttribute("AUTH_HEADER") == null) {
            //generate or get AUTH_TOKEN, ex from Spring Session repository
            String sessionId = UUID.randomUUID().toString();

            ctx.addZuulRequestHeader("AUTH_HEADER", sessionId);
        }
        return null;
    }
}

We are adding AUTH_HEADER as a request header using RequestContext.addZuulRequestHeader() which will be forwarded to downstream services. We need to register it as a Spring bean.

@Bean
AuthHeaderFilter authHeaderFilter() {
    return new AuthHeaderFilter();
}

You can find the source code for this article at https://github.com/sivaprasadreddy/spring-boot-microservices-series.

API Spring Framework microservice Spring Cloud zuul

Published at DZone with permission of Siva Prasad Reddy Katamreddy, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Related

  • API Gateway to the Rescue
  • NGINX With Eureka Instead of Spring Cloud Gateway or Zuul
  • Dynamic Routing Through Zuul With a REST API and Spring Boot Without Spring Config — Sub-Domain to Subpath Router
  • Ensuring API Resilience in Spring Microservices Using Retry and Fallback Mechanisms

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Core Program
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • support@dzone.com

Let's be friends: