How to limit web services usage in Java application?
-
03-07-2021 - |
Frage
Suppose I have a Java server application, which implements a few web services. Suppose also, I can authenticate application users.
Now I would like to add some limits per user to the service usage: e.g. rate limit (requests per second), maximum request size, etc.
Is there any "ready-to-use" library in Java to do that?
Andere Tipps
If you have a authentication/authorization service that all your calls go through then this per user restriction could be incorporated into it. I am not aware of a framework that allows you to do without custom coding.
Ideally this kind of logic is best configured outside of the service itself. I know camel provides in built throttling for number of requests. You can define your own throttling policy to map the number of per user requests.
I'm yet to see something like that available. But if you're using Java EE integrated security you can bootstrap it implementing your own LoginModule where you can do those checks without touching your web service code.
See http://docs.oracle.com/javase/6/docs/technotes/guides/security/jaas/JAASLMDevGuide.html
You need to create a Simple interceptor class. There is a onPreExecute() method where you can put your custom check. I have used it with Spring.