Config module to read clients configuration:
- Authentication
- Route access
Usual usage is:
// First read services configurations to it is then possible to validate client configuration after
HttpGatewayRemoteServicesIndex servicesIndex = HttpGatewayConfigServices.readConfig(configLoader);
HttpGatewayConfigClientAccessControl gatewayClients = HttpGatewayConfigClientAccessControl
// read clients configuration
.readConfig(
configLoader,
// limit the supported authentications to reduce vulnerabilities
List.of(HttpGatewayConfigClientAuth.KEY_AUTH)
)
.validateConfig(servicesIndex); // validate clients configuration with actual services availableSee client access control documentation(../client-access-control/) for more information about the Java objects created.
routes-groups = [
{routes-group-id = "fetching-pets", routes = ["fetch-pets", "fetch-pet"]}
]
clients = [
{
client-id = "app-zoo"
auth = {type = "key", value = "auth-zoo"}
allowed-routes = ["add-pet"]
allowed-routes-groups = ["fetching-pets"]
}
{
client-id = "other-app"
auth = {type = "key", value = "other-app-key"}
allowed-services = ["other-service"]
}
]- Route groups: This is a group of route that will be referenced in client configuration using
allowed-routes-groups - Clients: The list of clients allowed to access the API Gateway
- Route restriction: A client can access only routes he has been granted access to. These access are always cumulative: if for one client, there are multiple values for
allowed-routes,allowed-routes-groupsandallowed-services, then all the routes referenced by these access will be made available for the clients.
Default supported authentication methods are key and basic, see sample for usage.
To add a new custom authenticator:
- Create the authenticator, see the client access control module for details
- Create the
HttpGatewayAuthObjectobject that will contain the auth data described in the configuration. SeeHttpGatewayAuthBasicfor an example - Create the
HttpGatewayAuthConfigobject that contains the auth config key and the function to read the auth config value to create theHttpGatewayAuthObjectobject. SeeHttpGatewayConfigAuthfor samples - Create the
HttpGatewayClientAuthConfigthat map theHttpGatewayAuthObjectandHttpGatewayAuthConfigobjects created previously. SeeHttpGatewayConfigClientAuthfor samples - Use the newly authenticators:
HttpGatewayConfigClientAuth customAuthenticatorConfig = ... // created following the previous steps
HttpGatewayConfigClientAccessControl gatewayClients = HttpGatewayConfigClientAccessControl
.readConfig(
configLoader,
// use the custom authenticator config
List.of(customAuthenticatorConfig)
);