Sparkyservice contains a proxy features which forwards request to an underlying microservice. The proxy will handle each request except the requested address is one of the core features addresses.

Setup

This is typically done by the system administrator

1. Define a service

Set zuul.routes.CUSTOMROUTE.url in the server properties and replace all CUSTOMROUTE with the desired path.

zuul.routes.CUSTOMROUTE.url = https://google.com

Replace CUSTOMROUTE with the desired route. https://google.comwill be accessible under this path. For example example.com/customroute/ will proxy the request to google.com.

2. Setup accounts

Theoretically all user accounts can be used in step 3 for ACL but it is recommended to use "SERVICE" accounts according to User management :

• Set role of an account to SERVICE
• Authenticate one time to get the JWT token
  • This token has the same validity as the whole account
  • There is no limit of possible tokens
• Safe a generated token and use this for authentication later

3. Define ACL

The proxy can protect specific paths and only redirect allowed users. An user must be a user as described in User management . A single user must set in the following format: username@usersRealm

zuul.routes.CUSTOMROUTE.acl = test1@LDAP, service2@LOCAL

Only the "service" from "LOCAL" and "test1" from "LDAP" are allowed to access now.

• When no ACL field is set, no authentication is required.
• When ACL is set to "none", no authentication is required.

Usage

1. Authentication

To authenticate as users which were setup in Setup>Step3, use the JWT token from Setup>Step2 and put them into Proxy-Authorization header.