Here's my code to limit the number of request for minute:
MethodAuthorizer ma = createMethodAuthorizer();
ma.setNext(router);
FirewallRule rule = new PeriodicFirewallCounterRule(60, TimeUnit.SECONDS, new IpAddressCountingPolicy());
((PeriodicFirewallCounterRule)rule).addHandler(new RateLimitationHandler(new UniqueLimitPolicy(10)));
FirewallFilter firewallFiler = new FirewallFilter(getContext(), list(rule));
firewallFiler.setNext(ma);
return ma;
The problem is that there is no error, but even if more than 10 request is requested from the resource still it does not throw "Too Many Request"
I make it work using your configuration code within a GAE project and with the dev server.
I used the version 2.3.1 of Restlet / version 1.9.18 of GAE and the following code as a client:
public static void main(String[] args) {
int i = 0;
try {
while (i < 30) {
ClientResource cr = new ClientResource("http://localhost:8080/test");
Representation repr = cr.get();
System.out.println(">> call #"+i);
Thread.sleep(100);
i++;
}
} catch (Exception ex) {
System.out.println(">> call #" + i + " failed");
ex.printStackTrace();
}
}
I have the following exception after on the 10th call:
>> call #0
>> call #1
>> call #2
>> call #3
>> call #4
>> call #5
>> call #6
>> call #7
>> call #8
>> call #9
>> call #10 failed
429 (429) - The server is refusing to service the request because the user has sent too many requests in a given amount of time ("rate limiting")
at org.restlet.resource.ClientResource.doError(ClientResource.java:590)
at org.restlet.resource.ClientResource.handleInbound(ClientResource.java:1153)
at org.restlet.resource.ClientResource.handle(ClientResource.java:1048)
at org.restlet.resource.ClientResource.handle(ClientResource.java:1023)
at org.restlet.resource.ClientResource.handle(ClientResource.java:928)
at org.restlet.resource.ClientResource.get(ClientResource.java:636)
at org.restlet.gae.test.GaeRestletClient.main(GaeRestletClient.java:15)
Hope it helps you,
Thierry
you can also rely on the ApisparkService (I've tested it using the release v2.3.2) of the framework:
public TestApplication() {
super();
ApiSparkService as = new ApiSparkService();
as.setFirewallEnabled(true);
as.getFirewallConfig().addIpAddressesPeriodicCounter(60, TimeUnit.SECONDS, 10);
getServices().add(as);
}