To build a Java-based API gateway, using Spring Cloud Gateway is an efficient and scalable solution. 1. Create a project through Spring Initializr and introduce WebFlux, Gateway, Eureka Client and Actuator dependencies; 2. Configure routing rules in application.yml to support static URI or Eureka-based service discovery dynamic routing; 3. Add global filters to implement JWT authentication, implement current limiting through Redis, limiting 10 requests per second per IP and 20 bursts; 4. Integrate Resilience4j to implement circuit breakers, configure fallback downgrade logic to enhance system flexibility; finally enable Actuator monitoring and SSL and CORS policies to build a complete API gateway with routing, security, current limiting and fault tolerance. The solution is based on a responsive programming model, with excellent performance and easy to scale.
Building an API Gateway with Java and Spring Cloud Gateway is a practical and scalable way to manage microservices communication in a distributed system. Rather than exposing services directly to clients, an API Gateway sits between the client and a collection of backend services, handling routing, authentication, rate limiting, and monitoring in a centralized way.
Spring Cloud Gateway is a lightweight, high-performance API gateway built on Spring Boot and Project Reactor, making it a natural choice for Java-based microservices architectures. Here's how to build one effectively.
1. Set Up the Spring Boot Project
Start by creating a new Spring Boot project using Spring Initializr . Include the following dependencies:
- Spring WebFlux (required for reactive programming)
- Spring Cloud Gateway
- Eureka Discovery Client (if using service discovery)
- Spring Boot Actuator (for monitoring and health checks)
Make sure you're using a compatible version of Spring Cloud. For example, with Spring Boot 3.x, use Spring Cloud 2023.0.0 or later.
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-gateway</artifactId>
</dependency> Also, add the Spring Cloud dependency management in your pom.xml :
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>2023.0.0</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>2. Configure Basic Routing
The core function of an API Gateway is routing requests to the appropriate microservices. You can define routes in two ways: via configuration ( application.yml ) or Java configuration.
Using application.yml :
spring:
cloud:
gateway:
routes:
- id: user-service
uri: http://localhost:8081
Predicates:
- Path=/api/users/**
filters:
- StripPrefix=1
- id: product-service
uri: http://localhost:8082
Predicates:
- Path=/api/products/**
filters:
- StripPrefix=1This configuration:
- Routes
/api/users/**to a service running on port 8081 - Removes the first part of the path (
/api) before forwarding (viaStripPrefix=1) - Same logic apply for products
You can also use service discovery (eg, Eureka) to make uri dynamic:
uri: lb://user-service # 'lb' means load-balanced
Ensure you have @EnableDiscoveryClient on your main class if using Eureka.
3. Add Common Gateway Features
An API Gateway isn't just about routing — it's also about cross-cutting concerns.
Global Filters for Authentication
Use a global filter to validate JWT tokens or API keys:
@Component
public class AuthenticationGlobalFilter implements GlobalFilter {
@Override
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
String token = exchange.getRequest().getHeaders().getFirst("Authorization");
if (token == null || !token.startsWith("Bearer ")) {
exchange.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED);
return exchange.getResponse().setComplete();
}
// Add logic to validate JWT
// If valid, continue; else, deny
return chain.filter(exchange);
}
}Rate Limiting
Use Redis-based rate limiting with Spring Cloud Gateway:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis-reactive</artifactId>
</dependency> Then configure in application.yml :
spring:
cloud:
gateway:
routes:
- id: user-service
uri: lb://user-service
Predicates:
- Path=/api/users/**
filters:
- name: RequestRateLimiter
args:
redis-rate-limiter.replenishRate: 10
redis-rate-limiter.burstCapacity: 20
key-resolver: "#{@userKeyResolver}" And define a KeyResolver bean:
@Bean
KeyResolver userKeyResolver() {
return exchange -> Mono.just(
exchange.getRequest().getRemoteAddress().getHostName()
);
}This limits each IP to 10 requests per second, with a burst of 20.
4. Enable Resilience with Circuit Breaker
Integrate resilience4j or Hystrix to prevent cascading failures.
Add dependency:
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-circuitbreaker-reactor-resilience4j</artifactId>
</dependency>Apply the filter in routing config:
filters:
- name: CircuitBreaker
args:
name: userServiceCircuitBreaker
fallbackUri: forward:/fallback/userAnd define a fallback endpoint:
@RestController
public class FallbackController {
@GetMapping("/fallback/user")
public Mono<Map<String, Object>> userServiceFallback() {
return Mono.just(Map.of(
"error", "User service is currently unavailable",
"timestamp", System.currentTimeMillis()
));
}
}Final Notes
- Logging & Monitoring : Enable Actuator endpoints (
/actuator/gateway/routes,/actuator/gateway/globalfilters) to inspect gateway state. - SSL/TLS : Terminate SSL at the gateway level for secure internal communication.
- CORS : Configure CORS policies if serving web clients.
Spring Cloud Gateway gives you a powerful, non-blocking foundation for building a robust API gateway in Java. With minimum configuration, you can handle routing, security, rate limiting, and resilience — all critical in a microservices environment.
Basically, start simple with routing, then layer in filters and resilience as needed. It's not overly complex, but easy to misconfigure if you overlook things like reactive threading or filter order.
The above is the detailed content of Building an API Gateway with Java and Spring Cloud Gateway. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
Differences Between Callable and Runnable in Java
Jul 04, 2025 am 02:50 AM
There are three main differences between Callable and Runnable in Java. First, the callable method can return the result, suitable for tasks that need to return values, such as Callable; while the run() method of Runnable has no return value, suitable for tasks that do not need to return, such as logging. Second, Callable allows to throw checked exceptions to facilitate error transmission; while Runnable must handle exceptions internally. Third, Runnable can be directly passed to Thread or ExecutorService, while Callable can only be submitted to ExecutorService and returns the Future object to
Asynchronous Programming Techniques in Modern Java
Jul 07, 2025 am 02:24 AM
Java supports asynchronous programming including the use of CompletableFuture, responsive streams (such as ProjectReactor), and virtual threads in Java19. 1.CompletableFuture improves code readability and maintenance through chain calls, and supports task orchestration and exception handling; 2. ProjectReactor provides Mono and Flux types to implement responsive programming, with backpressure mechanism and rich operators; 3. Virtual threads reduce concurrency costs, are suitable for I/O-intensive tasks, and are lighter and easier to expand than traditional platform threads. Each method has applicable scenarios, and appropriate tools should be selected according to your needs and mixed models should be avoided to maintain simplicity
Understanding Java NIO and Its Advantages
Jul 08, 2025 am 02:55 AM
JavaNIO is a new IOAPI introduced by Java 1.4. 1) is aimed at buffers and channels, 2) contains Buffer, Channel and Selector core components, 3) supports non-blocking mode, and 4) handles concurrent connections more efficiently than traditional IO. Its advantages are reflected in: 1) Non-blocking IO reduces thread overhead, 2) Buffer improves data transmission efficiency, 3) Selector realizes multiplexing, and 4) Memory mapping speeds up file reading and writing. Note when using: 1) The flip/clear operation of the Buffer is easy to be confused, 2) Incomplete data needs to be processed manually without blocking, 3) Selector registration must be canceled in time, 4) NIO is not suitable for all scenarios.
Best Practices for Using Enums in Java
Jul 07, 2025 am 02:35 AM
In Java, enums are suitable for representing fixed constant sets. Best practices include: 1. Use enum to represent fixed state or options to improve type safety and readability; 2. Add properties and methods to enums to enhance flexibility, such as defining fields, constructors, helper methods, etc.; 3. Use EnumMap and EnumSet to improve performance and type safety because they are more efficient based on arrays; 4. Avoid abuse of enums, such as dynamic values, frequent changes or complex logic scenarios, which should be replaced by other methods. Correct use of enum can improve code quality and reduce errors, but you need to pay attention to its applicable boundaries.
How Java ClassLoaders Work Internally
Jul 06, 2025 am 02:53 AM
Java's class loading mechanism is implemented through ClassLoader, and its core workflow is divided into three stages: loading, linking and initialization. During the loading phase, ClassLoader dynamically reads the bytecode of the class and creates Class objects; links include verifying the correctness of the class, allocating memory to static variables, and parsing symbol references; initialization performs static code blocks and static variable assignments. Class loading adopts the parent delegation model, and prioritizes the parent class loader to find classes, and try Bootstrap, Extension, and ApplicationClassLoader in turn to ensure that the core class library is safe and avoids duplicate loading. Developers can customize ClassLoader, such as URLClassL
Exploring Different Synchronization Mechanisms in Java
Jul 04, 2025 am 02:53 AM
Javaprovidesmultiplesynchronizationtoolsforthreadsafety.1.synchronizedblocksensuremutualexclusionbylockingmethodsorspecificcodesections.2.ReentrantLockoffersadvancedcontrol,includingtryLockandfairnesspolicies.3.Conditionvariablesallowthreadstowaitfor
Handling Common Java Exceptions Effectively
Jul 05, 2025 am 02:35 AM
The key to Java exception handling is to distinguish between checked and unchecked exceptions and use try-catch, finally and logging reasonably. 1. Checked exceptions such as IOException need to be forced to handle, which is suitable for expected external problems; 2. Unchecked exceptions such as NullPointerException are usually caused by program logic errors and are runtime errors; 3. When catching exceptions, they should be specific and clear to avoid general capture of Exception; 4. It is recommended to use try-with-resources to automatically close resources to reduce manual cleaning of code; 5. In exception handling, detailed information should be recorded in combination with log frameworks to facilitate later
How does a HashMap work internally in Java?
Jul 15, 2025 am 03:10 AM
HashMap implements key-value pair storage through hash tables in Java, and its core lies in quickly positioning data locations. 1. First use the hashCode() method of the key to generate a hash value and convert it into an array index through bit operations; 2. Different objects may generate the same hash value, resulting in conflicts. At this time, the node is mounted in the form of a linked list. After JDK8, the linked list is too long (default length 8) and it will be converted to a red and black tree to improve efficiency; 3. When using a custom class as a key, the equals() and hashCode() methods must be rewritten; 4. HashMap dynamically expands capacity. When the number of elements exceeds the capacity and multiplies by the load factor (default 0.75), expand and rehash; 5. HashMap is not thread-safe, and Concu should be used in multithreaded
