3

I want to implement rate limiting functionality for rest API. After exploring through all articles, it looks like there is no rate limiting api directly provided by spring.

But there are 2 libraries which provides rate limiting functionality :

1) bucket4j-spring-boot-starter

2) weddini/spring-boot-throttling

Now I have a very silly question.How to verify whether these API belong to spring framework itself and meant to secure rest API on Spring MVC or these are 3rd party libraries developed using spring.

Our main target is to use spring framework and the functionality provided by it. And avoid 3rd party libraries.

I followed many questions on stackoverflow and googled other articles raised on this topic. Some of them mentions that "spring does not provide out of the box functionality on this". But I want to know what basic functionality spring provides on this. We are not looking for any out of the box solution, any basic solution will also work.

reference question : How to set rate limit for each user in Spring Boot?

Onki
  • 1,879
  • 6
  • 38
  • 58

1 Answers1

2

Now I have a very silly question.How to verify whether these API belong to spring framework itself and meant to secure rest API on Spring MVC or these are 3rd party libraries developed using spring.

You can easily check on their dependencies...

<dependency>
    <groupId>com.giffing.bucket4j.spring.boot.starter</groupId>
    <artifactId>bucket4j-spring-boot-starter-context</artifactId>
    <version>0.1.15</version>
</dependency>

While all spring dependencies have this groupId

<groupId>org.springframework.boot</groupId>

You can even find the author here

https://github.com/MarcGiffing/bucket4j-spring-boot-starter

But I want to know what basic functionality spring provides on this.

That is a very broad topic but in simple terms:

  • You can check who is requesting the endpoint by getting information for the token or any other authentication you are using.

  • You can store that information in a database (in memory or not) and check it to verify the user still have more allowed requests

  • You can deny a call relying on those parameters

All of them are supported by spring

jpganz18
  • 5,508
  • 17
  • 66
  • 115
  • so basically spriing does not provid any such functionality using which spring can deny a rest api call if is exceed a certain count. which can be confugured using annotations etc. please clear my understanding. All spring provides you are the ways using which you can implement these functionalities. – Onki Jul 31 '19 at 11:41
  • 2
    No, spring does not offer that support yet as far as I know and as far as I could do my research in case anything new just came. Spring basically supports all the tools, filters, authorizations and so on for you to create your own logic IN CASE you dont want to use a third-party library (as you mention), but one with the spring signature has not been made yet – jpganz18 Jul 31 '19 at 11:52