Skip to main content
The Gateway Service (sgivu-gateway) is the entry point for all client requests, handling OAuth2 authentication, session management, and routing to backend services.

Service Overview

Port

8080

Session Store

Redis

Protocol

OAuth2 / WebFlux

Role

API Gateway

Key Features

  • Reactive API Gateway built with Spring Cloud Gateway
  • OAuth2 client with authorization code flow
  • Redis-based distributed session management
  • Token relay to downstream services
  • Session revocation and logout handling
  • Service discovery integration

Base Configuration

Server Settings

server:
  port: ${PORT:8080}
  forward-headers-strategy: framework
The gateway uses reactive WebFlux for non-blocking request handling.

Session Management

The gateway uses Redis for distributed session storage: 
spring:
  session:
    store-type: redis
    timeout: 1h
    redis:
      namespace: spring:session:sgivu-gateway
  data:
    redis:
      host: ${REDIS_HOST:sgivu-redis}
      port: ${REDIS_PORT:6379}
      password: ${REDIS_PASSWORD}
  • Horizontal scaling: Multiple gateway instances can share sessions
  • Fast access: In-memory performance for session lookups
  • Automatic expiration: Redis TTL handles session cleanup
  • Persistence: Sessions survive gateway restarts
Ensure Redis has proper persistence configured (RDB or AOF) to prevent session loss on Redis restart.

OAuth2 Client Configuration

Client Registration

spring:
  security:
    oauth2:
      client:
        registration:
          sgivu-gateway:
            provider: sgivu-auth
            client-id: sgivu-gateway
            client-secret: ${SGIVU_GATEWAY_SECRET}
            client-authentication-method: client_secret_basic
            authorization-grant-type: authorization_code
            redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}"
            scope:
              - openid
              - profile
              - email
              - phone
              - address
              - offline_access
              - api
              - read
              - write
The offline_access scope enables refresh token issuance for seamless token renewal.

Provider Configuration

spring:
  security:
    oauth2:
      client:
        provider:
          sgivu-auth:
            issuer-uri: ${SGIVU_AUTH_URL:http://sgivu-auth:9000}
The issuer URI enables automatic discovery of authorization endpoints via the OpenID Connect discovery document.

Reactive Configuration

spring:
  reactor:
    context-propagation: auto
Enables automatic context propagation for reactive security and tracing.

Service Integration

Eureka Registration

eureka:
  instance:
    instance-id: ${spring.cloud.client.hostname}:${spring.application.name}:${random.value}
  client:
    service-url:
      defaultZone: ${EUREKA_URL:http://sgivu-discovery:8761/eureka}

Service Discovery Map

services:
  map:
    sgivu-auth:
      name: sgivu-auth
      url: ${SGIVU_AUTH_URL:http://sgivu-auth:9000}

Environment-Specific Configuration

angular-client:
  url: ${DEV_ANGULAR_APP_URL}

logging:
  level:
    com.sgivu.gateway.security: DEBUG
    com.sgivu.gateway.controller: DEBUG
    com.sgivu.gateway.config: DEBUG
    org.springframework.security.oauth2.client: DEBUG
    org.springframework.security.web.server.authentication: DEBUG
    org.springframework.session.web.server: DEBUG
Development Features:
  • Detailed logging for OAuth2 flow debugging
  • Token relay tracing
  • Session lifecycle visibility
  • Security filter chain logging

Observability

Actuator Endpoints

management:
  endpoints:
    web:
      exposure:
        include: health, info
  endpoint:
    health:
      show-details: never
In production, health details are hidden to prevent information disclosure.

Distributed Tracing

management:
  tracing:
    sampling:
      probability: 0.1
  zipkin:
    tracing:
      endpoint: http://sgivu-zipkin:9411/api/v2/spans

Logging Configuration

logging:
  level:
    root: INFO
    com.sgivu.gateway.security: INFO
    com.sgivu.gateway.controller: INFO
To troubleshoot OAuth2 or session issues in development, enable these loggers:
logging:
  level:
    com.sgivu.gateway: DEBUG
    org.springframework.security: DEBUG
    org.springframework.session: DEBUG
    org.springframework.security.oauth2: TRACE

API Documentation

springdoc:
  swagger-ui:
    url: /docs/gateway/v3/api-docs
    configUrl: /docs/gateway/v3/api-docs/swagger-config

Required Environment Variables

All Environments

VariableDescriptionExample
REDIS_HOSTRedis server hostsgivu-redis
REDIS_PORTRedis server port6379
REDIS_PASSWORDRedis passwordyour-redis-password
SGIVU_GATEWAY_SECRETOAuth2 client secretgateway-secret

Development

VariableDescription
DEV_ANGULAR_APP_URLAngular frontend URL

Production

VariableDescription
PROD_ANGULAR_APP_URLAngular frontend URL
OPENAPI_SERVER_URLPublic API documentation URL

Optional

VariableDescriptionDefault
PORTGateway port8080
EUREKA_URLEureka server URLhttp://sgivu-discovery:8761/eureka
SGIVU_AUTH_URLAuth service URLhttp://sgivu-auth:9000

Token Relay

The gateway automatically relays OAuth2 access tokens to downstream services. This enables:
  • Single sign-on (SSO) across services
  • Consistent user identity
  • Centralized token refresh
  • Automatic token propagation
# Token relay is configured automatically by Spring Cloud Gateway
# when OAuth2 client is present

Session Timeout

spring:
  session:
    timeout: 1h
Sessions expire after 1 hour of inactivity. Active sessions are automatically extended.

CORS Configuration

The gateway handles CORS for all backend services:
Typically allows all origins for local development:
http://localhost:4200
https://localhost:4200

Route Configuration

The gateway routes requests to backend services based on path patterns:
  • /api/auth/** → Auth Service
  • /api/users/** → User Service
  • /api/clients/** → Client Service
  • /api/vehicles/** → Vehicle Service
  • /api/purchase-sales/** → Purchase-Sale Service
Route configuration is typically defined in the gateway application code, not in external configuration.

Security Features

Session Revocation

The gateway supports logout and token revocation:
  • Local session deletion from Redis
  • Token revocation at the authorization server
  • Redirect to login page

CSRF Protection

CSRF protection is enabled for all state-changing operations.

Token Refresh

Automatic token refresh using refresh tokens prevents session interruption.

Configuration Files

  • sgivu-gateway.yml - Base configuration
  • sgivu-gateway-dev.yml - Development overrides
  • sgivu-gateway-prod.yml - Production overrides

Auth Service

OAuth2 authorization server

Discovery Service

Service registry

Build docs developers (and LLMs) love

Get started for freeTalk to us