Background
I want to implement the design presented in this article.
It can be summarised by the diagram below:
What I have so far
I have most of that done using:
I have also written a Zuul PRE filter that checks for an Access Token, contacts the IDP and create a JWT. The JWT is then added to the header for the request forwarded to the downstream service.
Problem
Now my question is quite specific to Zuul and its filters. If authentication fails in the API gateway for any reason, how can I can stop the routing and respond directly with a 401 without continuing the filter chain and forwarding the call?
At the moment if authentication fails the filter won't add the JWT to the header and the 401 will come from the downstream service. I was hoping my gateway could prevent this unnecessary call.
I tried to see how I could use com.netflix.zuul.context.RequestContext
to do this but the documentation is quite poor and I couldn't find a way.
You could try setting setSendZuulResponse(false)
in the current context. This should not route the request. You could also call removeRouteHost()
from the context, which would achieve the same. You could usesetResponseStatusCode
to set the 401 status code.