限制Java中的Rest API [英] Throttling a Rest API in Java

问题描述

我想添加一种方法来限制来自某个客户端的每个API上的请求数量。因此，我想从根本上限制每个客户端每个API的请求数。

I wanted to add a way to throttle the number of requests coming on each API from a certain client. So, I wanted to basically limit the number of requests per API per client.

我正在使用DropWizard作为框架。有人可以推荐实现此目标的方法吗？我需要一些适用于分布式系统的东西。

I am using DropWizard as framework. Can somebody recommend the ways to achieve this? I need something that will work for Distributed system.

推荐答案

一种简单的方法是使用过滤器并将其包装在 web中的所有API调用周围。 xml 。假设您的客户端在HTTP标头中发送用于标识它们的API密钥，则可以实现这样的过滤器：

A simplistic approach would be to use a Filter and wrap it around all your API calls in web.xml. Assuming your clients send an API keys identifying them in a HTTP header, you could implement a filter like this:

public class MyThrottlingFilter extends Filter {

    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {

        HttpServletRequest httpreq = (HttpServletRequest) req;
        String apiKey = httpreq.getHeader("API_KEY")

        if (invocationLimitNotReached(apiKey))
            chain.doFilter(req, res);
        else
            throw ...
    }
}

，然后像这样注册它：

<filter>
    <filter-name>MyThrottlingFilter</filter-name>
    <filter-class>com.my.throttler.MyThrottlingFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>MyThrottlingFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

当然，如果使用其他身份验证方法，则识别客户可能比这更困难，但总体思路应该相同。

Of course, identifying your clients may be more difficult than this, if you use some other authentication methods, but the general idea should be the same.

这篇关于限制Java中的Rest API的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！