How to limit web services usage in Java application?

Question

Suppose I have a Java server application, which implements a few web services. Suppose also, I can authenticate application users.

Now I would like to add some limits per user to the service usage: e.g. rate limit (requests per second), maximum request size, etc.

Is there any "ready-to-use" library in Java to do that?

Answer 1

You can do that with Apache CXF by configuring an interceptor. This page has an example of the high level configuration. This page has details on interceptors. You can get as fancy as you wish with your validation. I do not know off hand how to get the authenticated user.

Answer 2

If you have a authentication/authorization service that all your calls go through then this per user restriction could be incorporated into it. I am not aware of a framework that allows you to do without custom coding.

Ideally this kind of logic is best configured outside of the service itself. I know camel provides in built throttling for number of requests. You can define your own throttling policy to map the number of per user requests.

Answer 3

I'm yet to see something like that available. But if you're using Java EE integrated security you can bootstrap it implementing your own LoginModule where you can do those checks without touching your web service code.

See http://docs.oracle.com/javase/6/docs/technotes/guides/security/jaas/JAASLMDevGuide.html

Answer 4

You need to create a Simple interceptor class. There is a onPreExecute() method where you can put your custom check. I have used it with Spring.