如何限制Java应用程序中的Web服务使用?

时间:2022-11-11 20:21:36

Suppose I have a Java server application, which implements a few web services. Suppose also, I can authenticate application users.

假设我有一个Java服务器应用程序,它实现了一些Web服务。假设我也可以验证应用程序用户。

Now I would like to add some limits per user to the service usage: e.g. rate limit (requests per second), maximum request size, etc.

现在我想为每个用户添加一些限制来使用服务:例如速率限制(每秒请求数),最大请求数量等

Is there any "ready-to-use" library in Java to do that?

Java中是否有“即用型”库可以做到这一点?

4 个解决方案

#1


2  

You can do that with Apache CXF by configuring an interceptor. This page has an example of the high level configuration. This page has details on interceptors. You can get as fancy as you wish with your validation. I do not know off hand how to get the authenticated user.

您可以通过配置拦截器来使用Apache CXF来实现。此页面有一个高级配置示例。此页面包含拦截器的详细信息。您可以根据自己的需要进行验证。我不知道如何获得经过身份验证的用户。

#2


1  

If you have a authentication/authorization service that all your calls go through then this per user restriction could be incorporated into it. I am not aware of a framework that allows you to do without custom coding.

如果您拥有所有呼叫都经过的身份验证/授权服务,则可以将每个用户限制合并到其中。我不知道一个允许你不用自定义编码的框架。

Ideally this kind of logic is best configured outside of the service itself. I know camel provides in built throttling for number of requests. You can define your own throttling policy to map the number of per user requests.

理想情况下,这种逻辑最好在服务本身之外配置。我知道camel提供了多个请求的内置限制。您可以定义自己的限制策略以映射每个用户请求的数量。

#3


1  

I'm yet to see something like that available. But if you're using Java EE integrated security you can bootstrap it implementing your own LoginModule where you can do those checks without touching your web service code.

我还没有看到类似的东西。但是,如果您正在使用Java EE集成安全性,则可以引导它实现您自己的LoginModule,您可以在不触及Web服务代码的情况下执行这些检查。

See http://docs.oracle.com/javase/6/docs/technotes/guides/security/jaas/JAASLMDevGuide.html

请参阅http://docs.oracle.com/javase/6/docs/technotes/guides/security/jaas/JAASLMDevGuide.html

#4


1  

You need to create a Simple interceptor class. There is a onPreExecute() method where you can put your custom check. I have used it with Spring.

您需要创建一个Simple拦截器类。有一个onPreExecute()方法,您可以在其中进行自定义检查。我用它和Spring一起使用它。

#1


2  

You can do that with Apache CXF by configuring an interceptor. This page has an example of the high level configuration. This page has details on interceptors. You can get as fancy as you wish with your validation. I do not know off hand how to get the authenticated user.

您可以通过配置拦截器来使用Apache CXF来实现。此页面有一个高级配置示例。此页面包含拦截器的详细信息。您可以根据自己的需要进行验证。我不知道如何获得经过身份验证的用户。

#2


1  

If you have a authentication/authorization service that all your calls go through then this per user restriction could be incorporated into it. I am not aware of a framework that allows you to do without custom coding.

如果您拥有所有呼叫都经过的身份验证/授权服务,则可以将每个用户限制合并到其中。我不知道一个允许你不用自定义编码的框架。

Ideally this kind of logic is best configured outside of the service itself. I know camel provides in built throttling for number of requests. You can define your own throttling policy to map the number of per user requests.

理想情况下,这种逻辑最好在服务本身之外配置。我知道camel提供了多个请求的内置限制。您可以定义自己的限制策略以映射每个用户请求的数量。

#3


1  

I'm yet to see something like that available. But if you're using Java EE integrated security you can bootstrap it implementing your own LoginModule where you can do those checks without touching your web service code.

我还没有看到类似的东西。但是,如果您正在使用Java EE集成安全性,则可以引导它实现您自己的LoginModule,您可以在不触及Web服务代码的情况下执行这些检查。

See http://docs.oracle.com/javase/6/docs/technotes/guides/security/jaas/JAASLMDevGuide.html

请参阅http://docs.oracle.com/javase/6/docs/technotes/guides/security/jaas/JAASLMDevGuide.html

#4


1  

You need to create a Simple interceptor class. There is a onPreExecute() method where you can put your custom check. I have used it with Spring.

您需要创建一个Simple拦截器类。有一个onPreExecute()方法,您可以在其中进行自定义检查。我用它和Spring一起使用它。