Bucket4J
Rate limiting REST APIs using Spring-security filter andDeployed Application (Swagger-ui on heroku)
Baeldung Article
Inspired from:Application flow
- There are 3 entities in this POC with the mentioned key columns
- users
- user_id (UUID)
- email_id
- password
- plans
- plan_id (UUID)
- name
- limit_per_hour
- user_plan_mappings
- user_id
- plan_id
- is_active
- users
- Three plans are inserted in the H2-in memory database on startup PlanDataInitializer.class
- A user_account (record in users table) is created and linked to the provided plan using the /sign-up API path
- We create a bucket using Bucket4j corresponding to the user_id and store it in an in-memory cache (ConcurrentHashMap used for demo purposes) when the user hits a private API using the JWT recieved after successfull login (user_id is encoded in the JWT)
- The above mentioned logic is implemented in the RateLimitingService.class
- We create a RateLimitFilter extending the OncePerRequestFilter.class and it to the spring-security filter chain
- We send an error response of HttpStatus.TOO_MANY_REQUESTS, if the user has exchausted the limit assigned to them per their configured plan
- Remove the <UUID, Bucket> mapping in the in-memory cache when the user updates their plan
Sample Screen Recording (1 minute long)
rate-limit-api-spring-boot-sample-recording.mov
Local Setup
- Install Java 17 (recommended to use SdkMan)
sdk install java 17-open
- Install Maven (recommended to use SdkMan)
sdk install maven
- Clone the repo and run the below command in core
mvn clean install
- To start the application, run any of the below 2 commands
mvn spring-boot:run &
java -jar /target/rate-limiting-api-spring-boot-0.0.1-SNAPSHOT.jar &
- Access the swagger-ui
http://localhost:8080/swagger-ui.html