Spring Cloud Gateway with spring-boot-starter-web

Question

I am creating gateway for Spring Boot microservices using Spring Cloud Gateway. Gateway is also responsible for JWT authorization using Spring Security.

public class JwtAuthorizationFilter extends BasicAuthenticationFilter {

    ...

    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
            throws IOException, ServletException {

        String header = request.getHeader(JwtProperties.HEADER_STRING);

        if (header == null || !header.startsWith(JwtProperties.TOKEN_PREFIX)) {
            chain.doFilter(request, response);
            return;
        }

        Authentication authentication = getUsernamePasswordAuthentication(request);
        SecurityContextHolder.getContext().setAuthentication(authentication);

        chain.doFilter(request, response);
    }

    private Authentication getUsernamePasswordAuthentication(HttpServletRequest request) {
        String token = request.getHeader(JwtProperties.HEADER_STRING).replace(JwtProperties.TOKEN_PREFIX, "");

        DecodedJWT decodedJWT = JWT.require(Algorithm.HMAC512(JwtProperties.SECRET.getBytes())).build().verify(token);
        String username = decodedJWT.getSubject();

        if (username != null) {
            UserPrincipal principal = (UserPrincipal) userPrincipalService.loadUserByUsername(username);
            Authentication auth = new UsernamePasswordAuthenticationToken(username, null, principal.getAuthorities());
            return auth;
        }
        return null;
    }

}

This filter is registred in configure method like this:

@Configuration
@EnableWebSecurity
public class ApplicationSecurityConfig extends WebSecurityConfigurerAdapter {
    
    ...
    
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .cors()
            .and()
            .csrf().disable()
            .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and()
            .addFilter(new JwtAuthorizationFilter(authenticationManager(), userPrincipalService))
            .authorizeRequests()
            .antMatchers(HttpMethod.POST, "/login").permitAll()
            ...
            .anyRequest().authenticated();
        
    }
...
}

As you can see, Spring Security is using HttpServletRequest, HttpServletResponse, FilterChain interfaces which belong to spring-boot-starter-web. But that is main problem beacause it's incompatible with spring cloud gateway.

Spring MVC found on classpath, which is incompatible with Spring Cloud Gateway at this time. Please remove spring-boot-starter-web dependency.

Is there any way to avoid this error or any different solution for implementing jwt authorization filter on gateway? Thanks!

Answer 1

Looking at it, it seems you have not set a return type for your FutureBuilder or StreamBuilder. If you wish to access properties on snapshot.data, you should type the future or stream. For example doing

FutureBuilder<QuerySnapshot>

allows you to access methods on the QuerySnapshot class like

snapshot.data!.docs