
API gateway for REST and SOAP written in Java.

Primary LanguageJava

Membrane Service Proxy

GitHub release Hex.pm

Reverse HTTP proxy (framework) written in Java, that can be used

  • as an API gateway
  • as a security proxy
  • for HTTP based integration
  • as a WebSockets and STOMP router

Get Started

Download the binary.


Start service-proxy.sh or service-proxy.bat.

Have a look at the main configuration file conf/proxies.xml. Changes to this file are instantly deployed.

Run the samples in the examples folder, follow the REST or SOAP tutorials, see the Documentation or the FAQ.



Routing requests from localhost:80 to localhost:8080 :

<serviceProxy port="80">
    <target host="localhost" port="8080" />

Routing only requests with path /foo :

<serviceProxy port="80">
    <target host="localhost" port="8080" />


SOAP proxies configure themselves by analysing WSDL:

<soapProxy wsdl="http://thomas-bayer.com/axis2/services/BLZService?wsdl">

Add features like logging or XML Schema validation against a WSDL document:

<soapProxy wsdl="http://thomas-bayer.com/axis2/services/BLZService?wsdl">
	<validator />
	<log />

Limit the number of requests in a given time frame:

<serviceProxy port="80">
    <rateLimiter requestLimit="3" requestLimitDuration="PT30S"/>
    <target host="localhost" port="8080" />

Rewrite URLs:

<serviceProxy port="2000">
    	<map from="^/goodlookingpath/(.*)" to="/backendpath/$1" />
    <target host="my.backend.server" port="80" />

Monitor HTTP traffic:

<serviceProxy port="2000">
    <target host="localhost" port="8080" />

Monitoring and manipulation

Dynamically manipulate and monitor messages with Groovy and JavaScript (Nashorn):

<serviceProxy port="2000">
    	exc.request.header.add("X-Groovy", "Hello from Groovy")
	<target host="localhost" port="8080" />
<serviceProxy port="2000">
    	exc.getRequest().getHeader().add("X-Javascript", "Hello from JavaScript");
	<target host="localhost" port="8080" />

Route and intercept WebSocket traffic:

<serviceProxy port="2000">
        <webSocket url="http://my.websocket.server:1234">
    <target port="8080" host="localhost"/>

(Find an example on membrane-soa.org)


Use the widely adopted OAuth2/OpenID Framework to secure endpoints:

<serviceProxy name="Resource Service" port="2001">
        <membrane src="https://accounts.google.com" clientId="INSERT_CLIENT_ID" clientSecret="INSERT_CLIENT_SECRET" scope="email profile" subject="sub"/>
        def oauth2 = exc.properties.oauth2
    <target host="thomas-bayer.com" port="80"/>

(Find an example on membrane-soa.org)

Operate your own OAuth2/OpenID AuthorizationServer/Identity Provider:

<serviceProxy name="Authorization Server" port="2000">
    <oauth2authserver location="logindialog" issuer="http://localhost:2000" consentFile="consentFile.json">
        	<user username="john" password="password" email="john@predic8.de" />
        <client clientId="abc" clientSecret="def" callbackUrl="http://localhost:2001/oauth2callback" />
        <claims value="aud email iss sub username">
        	<scope id="username" claims="username"/>
        	<scope id="profile" claims="username email password"/>

(Find an example on membrane-soa.org)

Secure an endpoint with basic authentication:

<serviceProxy port="2000">
        <user name="bob" password="secret" />
    <target host="localhost" port="8080" />

Route to SSL/TLS secured endpoints:

<serviceProxy port="8080">
	<target host="www.predic8.de" port="443">

Secure endpoints with SSL/TLS:

<serviceProxy port="443">
		<keystore location="membrane.jks" password="secret" keyPassword="secret" />
		<truststore location="membrane.jks" password="secret" />
	<target host="localhost" port="8080"  />

Limit the number of incoming requests:

<serviceProxy port="2000">
    <rateLimiter requestLimit="3" requestLimitDuration="PT30S"/>
    <target host="localhost" port="8080" />


Distribute your workload to multiple nodes:

<serviceProxy name="Balancer" port="8080">
    <balancer name="balancer">
            <cluster name="Default">
                <node host="my.backend.service-1" port="4000"/>
                <node host="my.backend.service-2" port="4000"/>
                <node host="my.backend.service-3" port="4000"/>

See configuration reference for much more.