GatewayFilters

@RefreshScope
@Component
public class AuthenticationFilter implements GatewayFilter {

    final Logger LOGGER = LoggerFactory.getLogger(AuthenticationFilter.class);

    @Override
    public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
        ServerHttpRequest request = exchange.getRequest();

// Make your business logic, this is a simple sample.


        if (!request.getHeaders().containsKey("x-api-key")) {
            return this.onError(exchange,"api-key missing",HttpStatus.FORBIDDEN);
        }

        return chain.filter(exchange); // Forward to route
    }

    private Mono<Void> onError(ServerWebExchange exchange, String err, HttpStatus httpStatus)  {
        ServerHttpResponse response = exchange.getResponse();
        response.setStatusCode(httpStatus);
        return response.setComplete();
    }
Thoughtful Tern