generated from it-at-m/oss-repository-en-template
-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
41 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,41 @@ | ||
| # Refarch Gateway | ||
|
|
||
| ## Usage | ||
|
|
||
| - Image: TODO | ||
| - Helm-Chart: TODO | ||
|
|
||
| ### Routing | ||
|
|
||
| Routes are configured via environment variables as listed under [Configuration](#configuration). | ||
|
|
||
| By default, routes require authentication through oAuth2 and manage the session between the client and gateway using | ||
| cookies. | ||
| The gateway then maps the session cookie to a JWT before routing it. | ||
|
|
||
| Beside the default behaviour there are some special route prefixes which are handled different: | ||
|
|
||
| - `/public/**`: All `OPTIONS` and `GET` requests are routed without security. | ||
| - `/clients/**`: Uses JWT for authenticating incoming requests instead of session cookies. | ||
|
|
||
| ## Profiles | ||
|
|
||
| | Profile | Description | | ||
| |---------------|---------------------------------------------------------------------------------------------------| | ||
| | `no-security` | Disables complete security like authentication, authorization, csrf etc. Routing works as normal. | | ||
|
|
||
| ## Configuration | ||
|
|
||
| | Var | Description | Example | | ||
| |----------------------------------------------------------|----------------------------------------------------|-------------------------------------------------------------------------| | ||
| | `SSO_ISSUER_URL` | Url of the oAuth2 server used for authentication. | `https://sso.muenchen.de/auth/realms/muenchen.de` | | ||
| | `SSO_CLIENT_ID` | OAuth2 client id used for authentication. | | | ||
| | `SSO_CLIENT_SECRET` | OAuth2 client secret used for authentication. | | | ||
| | `SPRING_CLOUD_GATEWAY_ROUTES_<index>_ID` | Id of a route definition. | `backend` | | ||
| | `SPRING_CLOUD_GATEWAY_ROUTES_<index>_URI` | The uri to route to if this route matches. | `http://backend-service:8080/` | | ||
| | `SPRING_CLOUD_GATEWAY_ROUTES_<index>_PREDICATES_<index>` | Route predicates i.e. matcher. | `Path=/api/backend-service/**` | | ||
| | `SPRING_CLOUD_GATEWAY_ROUTES_<index>_FILTERS_<index>` | List of filters applied to the route. | `RewritePath=/api/backend-service/(?<urlsegments>.*), /$\{urlsegments}` | | ||
| | `ALLOWED_ORIGINS_PUBLIC` (optional) | List of urls allowed as origin for public routes. | `https://*.muenchen.de,http://localhost:*` | | ||
| | `ALLOWED_ORIGINS_CLIENTS` (optional) | List of urls allowed as origin for clients routes. | `https://*.muenchen.de,http://localhost:*` | | ||
| | `REFARCH_SECURITY_CSRFWHITELISTED_<index>` (optional) | List of routes to disable csrf protection for. | `/example/**` | | ||
| | `INFO_APPSWITCHER_URL` (optional) | App switcher url for usage in refarch frontend. | `https://appswitcher.muenchen.de` | |