Authentication as Zuul filter or Servlet filter?
Recently, one of the projects I have been working on needed to introduce a manual authentication mechanism — did not use Spring Security, rather manually handled JWT token validation and so on. For this purpose, what I had to do is to intercept requests to validate their authenticity before serving them.
As I was already using Zuul for routing requests, I introduced a Zuul pre-filter which basically intercepted requests to authenticate them before forwarding them inwards. It worked well as expected. But the problem arose when I sent requests using the APIs in the component(API Gateway layer component) where Zuul was configured rather than those of other ones. As Zuul was not routing these requests, these were not intercepted by my previously written Zuul pre-filter.
What I came to know later is that in Spring Boot 2, the zuul servlet responsible for routing is placed after the dispatcher servlet in the whole request path flow. So basically dispatcher servlet is the only front door for every request that is to be routed to another component or to be processed in the component where Zuul is configured.
So I relocated the previously written filter logic responsible for authentication before dispatcher servlet and voila!. It worked. However, this new filter is no more a zuul filter rather a servlet filter. How interesting is that!
