implementing a basic rate limiter in Java
up vote
0
down vote
favorite
I had a requirement of implementing a basic rate limiting for a simple api, (with max 40- 50 requests per day) in Java
requirement was:
Request from an IP should be limited to N in M seconds (eg: 10 reqeusts in 60 seconds)
Here is what i did:used a filter and the logic was:
Approach 1:
used cache2k for saving the ip address and a pojo with counts and last accessed time
put each ip as as key and pojo as value (pojo has fields such as :count, last accessed.)
once a requests comes, check the ip in cache,
if no ip retrieved, insert into cache:
key:ip
value:pojo with count 1 and last accessed as current date.
if the ip is retrieved, then check last accessed date.
if difference between last accessed time and current time is > M seconds that means ,no requests have come from this ip in more than M seconds. create a new Pojo with count 1 and last accessed as current date and insert to cache
if difference is < M, then check the count .
if the count is < N ,then increase the count in the pojo and re insert the value with last accessed as current time and allow the request.
if count is = N, filter the request- don't allow the request
Approach 2:
Set the cache expire time as M seconds :
Check if the entry is there in cache or not.
- If not , insert key as ip and value as count(which is 1)
- if yes, check the count ,
- if count is = N , then don't allow
- else, insert the value with updated count and allow the request
I don't want to over complicate things by using Guava for a simple application.
Would be great if some one can give suggestions.
Thanks,
java rate-limiting cache2k
add a comment |
up vote
0
down vote
favorite
I had a requirement of implementing a basic rate limiting for a simple api, (with max 40- 50 requests per day) in Java
requirement was:
Request from an IP should be limited to N in M seconds (eg: 10 reqeusts in 60 seconds)
Here is what i did:used a filter and the logic was:
Approach 1:
used cache2k for saving the ip address and a pojo with counts and last accessed time
put each ip as as key and pojo as value (pojo has fields such as :count, last accessed.)
once a requests comes, check the ip in cache,
if no ip retrieved, insert into cache:
key:ip
value:pojo with count 1 and last accessed as current date.
if the ip is retrieved, then check last accessed date.
if difference between last accessed time and current time is > M seconds that means ,no requests have come from this ip in more than M seconds. create a new Pojo with count 1 and last accessed as current date and insert to cache
if difference is < M, then check the count .
if the count is < N ,then increase the count in the pojo and re insert the value with last accessed as current time and allow the request.
if count is = N, filter the request- don't allow the request
Approach 2:
Set the cache expire time as M seconds :
Check if the entry is there in cache or not.
- If not , insert key as ip and value as count(which is 1)
- if yes, check the count ,
- if count is = N , then don't allow
- else, insert the value with updated count and allow the request
I don't want to over complicate things by using Guava for a simple application.
Would be great if some one can give suggestions.
Thanks,
java rate-limiting cache2k
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I had a requirement of implementing a basic rate limiting for a simple api, (with max 40- 50 requests per day) in Java
requirement was:
Request from an IP should be limited to N in M seconds (eg: 10 reqeusts in 60 seconds)
Here is what i did:used a filter and the logic was:
Approach 1:
used cache2k for saving the ip address and a pojo with counts and last accessed time
put each ip as as key and pojo as value (pojo has fields such as :count, last accessed.)
once a requests comes, check the ip in cache,
if no ip retrieved, insert into cache:
key:ip
value:pojo with count 1 and last accessed as current date.
if the ip is retrieved, then check last accessed date.
if difference between last accessed time and current time is > M seconds that means ,no requests have come from this ip in more than M seconds. create a new Pojo with count 1 and last accessed as current date and insert to cache
if difference is < M, then check the count .
if the count is < N ,then increase the count in the pojo and re insert the value with last accessed as current time and allow the request.
if count is = N, filter the request- don't allow the request
Approach 2:
Set the cache expire time as M seconds :
Check if the entry is there in cache or not.
- If not , insert key as ip and value as count(which is 1)
- if yes, check the count ,
- if count is = N , then don't allow
- else, insert the value with updated count and allow the request
I don't want to over complicate things by using Guava for a simple application.
Would be great if some one can give suggestions.
Thanks,
java rate-limiting cache2k
I had a requirement of implementing a basic rate limiting for a simple api, (with max 40- 50 requests per day) in Java
requirement was:
Request from an IP should be limited to N in M seconds (eg: 10 reqeusts in 60 seconds)
Here is what i did:used a filter and the logic was:
Approach 1:
used cache2k for saving the ip address and a pojo with counts and last accessed time
put each ip as as key and pojo as value (pojo has fields such as :count, last accessed.)
once a requests comes, check the ip in cache,
if no ip retrieved, insert into cache:
key:ip
value:pojo with count 1 and last accessed as current date.
if the ip is retrieved, then check last accessed date.
if difference between last accessed time and current time is > M seconds that means ,no requests have come from this ip in more than M seconds. create a new Pojo with count 1 and last accessed as current date and insert to cache
if difference is < M, then check the count .
if the count is < N ,then increase the count in the pojo and re insert the value with last accessed as current time and allow the request.
if count is = N, filter the request- don't allow the request
Approach 2:
Set the cache expire time as M seconds :
Check if the entry is there in cache or not.
- If not , insert key as ip and value as count(which is 1)
- if yes, check the count ,
- if count is = N , then don't allow
- else, insert the value with updated count and allow the request
I don't want to over complicate things by using Guava for a simple application.
Would be great if some one can give suggestions.
Thanks,
java rate-limiting cache2k
java rate-limiting cache2k
asked Nov 11 at 0:25
Parameswar
41261131
41261131
add a comment |
add a comment |
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53244739%2fimplementing-a-basic-rate-limiter-in-java%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown