https://github.com/ecostanzi/spring-rate-limiter
an AOP based spring rate limiter
https://github.com/ecostanzi/spring-rate-limiter
aop rate-limits redis spring
Last synced: about 2 months ago
JSON representation
an AOP based spring rate limiter
- Host: GitHub
- URL: https://github.com/ecostanzi/spring-rate-limiter
- Owner: ecostanzi
- License: apache-2.0
- Created: 2015-12-12T18:47:30.000Z (over 10 years ago)
- Default Branch: master
- Last Pushed: 2018-01-27T13:07:26.000Z (over 8 years ago)
- Last Synced: 2025-06-13T06:42:59.702Z (12 months ago)
- Topics: aop, rate-limits, redis, spring
- Language: Java
- Homepage:
- Size: 33.2 KB
- Stars: 1
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
Spring Rate Limiter
===
[](https://travis-ci.org/encos/flydown)
**A Spring rate limiter**
### The Goal
Flydown provides a rate limiter based on the AOP technology. It mainly relies on in-memory data store to efficiently rate all the potential threats for your system.
With Flydown you'll be able to limit:
* the principal obtained by the securityContextHolder
* any parameter contained in the signature of the annotated method
* any variable you want to insert in the *flydown request context*
Let's say you have to manage the public APIs of a social network. Of course you want to limit any malicious behaviour.
Add these few lines to our spring xml configuration file
```
```
#### Principal Rating
You don't want a user to insert more than 5 comments in one minute. If this behaviour is detected the user has to be stopped temporarily from inserting comments in the platform. Let's give him a 5 minutes break. Here's what you can do:
```
@RequestRate(value = FlydownIdentifier.PRINCIPAL,
max = 5, range = 60000,
suspendFor = 36000)
public void commentPost(int postId, String comment) {
// the principal does something
}
```
#### Parameter Rating
You don't want a user to receive be sent more than 1 SMS a minute if he/her forgets his credentials. The same number can't receive more than 1 sms a minute. If a second request comes into the system in this range, all the SMS to this number are blocked for 5 minutes.
```
@RequestRate(value = FlydownIdentifier.PARAM, paramIndex = 0,
max = 1, range = 60000,
suspendFor = 36000))
public void sendSms(String phoneNumber){
//send an sms to the phone number
}
```
#### Flydown Context Rating
Let's say you don't want to learn how to use nginx and you want to set up a (temporary) IP rating limiting the access to one of you APIs.
```
@Autowired
IRateCache rateCache;
@RequestRate(value = FlydownIdentifier.CONTEXT_VAR, contextKey = "IP")
public void doSomething(HttpRequest request) {
String currentIp = MyUtils.getIp(request);
rateCache.addToContext("IP", currentIp);
//do something
}
```
#### Rating Exception
Requests might not be the only thing you want to limit. A malicious behaviour can be detected and announced also by a java exception.
```
@ExceptionRate(value = FlydownIdentifier.PRINCIPAL,
max = 1, range = 60000,
suspendFor = 36000, exception=BadLanguageException.class)
public void commentPost(int postId, String comment) {
// the principal does something
}
```
#### Default values
You might also want to set default values for most of your Request/Exception Rate, this can be done through the flydown properties:
```
10
10000
36000
```
So that your annotations become more readable:
```
@RequestRate(value = FlydownIdentifier.PRINCIPAL)
public void commentPost(int postId, String comment) {
// the principal does something
}
```
### Available Caches
* InMemoryRateCache is a dummy implementation of a key/value store
* RedisRatingCache the cache implementation relying on redis
To be implemented
* EhCacheRatingCache the cache implementation relying on ehcache
Any others? There's just an interface to implement :)
### What's missing?
Mainly *time*! Any help or suggestions are welcome!