Login/Register
Limit request on a Restlet resource with APISpark restlet extension
Asked Answered
Solved javarestletapispark
B

2

0

Here's my code to limit the number of request for minute:

        MethodAuthorizer ma = createMethodAuthorizer();
        ma.setNext(router);

        FirewallRule rule = new PeriodicFirewallCounterRule(60, TimeUnit.SECONDS, new IpAddressCountingPolicy());
        ((PeriodicFirewallCounterRule)rule).addHandler(new RateLimitationHandler(new UniqueLimitPolicy(10)));
        FirewallFilter firewallFiler = new FirewallFilter(getContext(), list(rule));
        firewallFiler.setNext(ma);

        return ma;

The problem is that there is no error, but even if more than 10 request is requested from the resource still it does not throw "Too Many Request"

Banc answered 6/3, 2015 at 13:31 Comment(1)
Can you give me the version of Restlet you use? Thanks!Bacteriology
B
1

I make it work using your configuration code within a GAE project and with the dev server.

I used the version 2.3.1 of Restlet / version 1.9.18 of GAE and the following code as a client:

public static void main(String[] args) {
    int i = 0;
    try {
        while (i < 30) {
            ClientResource cr = new ClientResource("http://localhost:8080/test");
            Representation repr = cr.get();
            System.out.println(">> call #"+i);
            Thread.sleep(100);

            i++;
        }
    } catch (Exception ex) {
        System.out.println(">> call #" + i + " failed");
        ex.printStackTrace();
    }
}

I have the following exception after on the 10th call:

>> call #0
>> call #1
>> call #2
>> call #3
>> call #4
>> call #5
>> call #6
>> call #7
>> call #8
>> call #9
>> call #10 failed
429 (429) - The server is refusing to service the request because the user has sent too many requests in a given amount of time ("rate limiting")
    at org.restlet.resource.ClientResource.doError(ClientResource.java:590)
    at org.restlet.resource.ClientResource.handleInbound(ClientResource.java:1153)
    at org.restlet.resource.ClientResource.handle(ClientResource.java:1048)
    at org.restlet.resource.ClientResource.handle(ClientResource.java:1023)
    at org.restlet.resource.ClientResource.handle(ClientResource.java:928)
    at org.restlet.resource.ClientResource.get(ClientResource.java:636)
    at org.restlet.gae.test.GaeRestletClient.main(GaeRestletClient.java:15)

Hope it helps you, Thierry

Bacteriology answered 6/3, 2015 at 14:2 Comment(0)
O
1

you can also rely on the ApisparkService (I've tested it using the release v2.3.2) of the framework:

public TestApplication() {
    super();
    ApiSparkService as = new ApiSparkService();
    as.setFirewallEnabled(true);
    as.getFirewallConfig().addIpAddressesPeriodicCounter(60, TimeUnit.SECONDS, 10);
    getServices().add(as);
}
Oahu answered 5/6, 2015 at 22:7 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.