Working example of Spring Cloud Gateway with Redis session management?

Question

Can you please point out any written or video tutorial of working example of spring-cloud-starter-gateway? Using spring-session-data-redis, Spring Boot 2 and possibly related libraries e.g. spring security?

Basically, I want to use the Spring Clouting Gateway server in a microservices environment. I also want to use a Spring Boot 2.X. The whole system is based on reactive principles.

I found lot of examples how to set up spring-cloud-starter-gateway server with Redis rate limiter. I have a working version of the gateway server but it is not using Redis based session management. When I place the Redis for sessions in picture, then I face various exceptions. So, any working example would be very much appreciated.

Answer 1

The key with the Spring Gateway is reactivity as you mention. So, by recommendation, cross-concern (filters) should be implemented reactively. Here's an Example with what else I've seen usually people implement (Security, Resiliency, and Router). This example takes advantage of auto-configuration, means in case of the filters that need redis, it'll search if there is already a Bean to manage redis connections, such as a ReactiveRedisConnectionFactory (LettuceConnectionFactory - non blocking, meets with reactivity).

In the case of session management, just need:

@Configuration
@EnableRedisWebSession

In the case of security, just need (where ServerHttpSecurity is the builder to webflux, can build to your requirements: oauth2.0, etc.):

@Bean
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {...}

In the case of rate limiter, just need:

@Bean
public RedisRateLimiter redisRateLimiter() {
    return new RedisRateLimiter(5, 7); // replenishRate, burstCapacity
}

@Bean
public RouteLocator appRouteLocator(RouteLocatorBuilder builder, RedisRateLimiter redisRateLimiter) {
  ... .requestRateLimiter(rl -> rl.setRateLimiter(redisRateLimiter)) // see example
}

At the end, both Spring security and gateway deal with filters (Chain of Responsibility) You can also configure it via the configuration file (properties/yaml). Below is a very abstract diagram of filters and their relationship to redis.

For the example I used a redis in docker. This is the trace of a call to a Gateway route.

1653227794.371458 [0 lua] "TIME"
1653227794.371488 [0 lua] "get" "request_rate_limiter.{user}.tokens"
1653227794.371550 [0 lua] "get" "request_rate_limiter.{user}.timestamp"
1653227794.371610 [0 lua] "setex" "request_rate_limiter.{user}.tokens" "2" "6"
1653227794.371653 [0 lua] "setex" "request_rate_limiter.{user}.timestamp" "2" "1653227794"
1653227802.789329 [0 172.17.0.1:37156] "EXISTS" "spring:session:sessions:64050a1e-eaf5-4b4f-9a82-12a008389dd9"
1653227802.792697 [0 172.17.0.1:37156] "HSET" "spring:session:sessions:64050a1e-eaf5-4b4f-9a82-12a008389dd9" "lastAccessedTime" "\xac\xed\x00\x05sr\x00\x0ejava.lang.Long;\x8b\xe4\x90\xcc\x8f#\xdf\x02\x00\x01J\x00\x05valuexr\x00\x10java.lang.Number\x86\xac\x95\x1d\x0b\x94\xe0\x8b\x02\x00\x00xp\x00\x00\x01\x80\xec\x0e/\xbc"
1653227802.794683 [0 172.17.0.1:37156] "EXPIRE" "spring:session:sessions:64050a1e-eaf5-4b4f-9a82-12a008389dd9" "1800"