Package org.owasp.esapi.filters
Class RequestRateThrottleFilter
- java.lang.Object
-
- org.owasp.esapi.filters.RequestRateThrottleFilter
-
- All Implemented Interfaces:
javax.servlet.Filter
public class RequestRateThrottleFilter extends java.lang.Object implements javax.servlet.Filter
A simple servlet filter that limits the request rate to a certain threshold of requests per second. The default rate is 5 hits in 10 seconds. This can be overridden in the web.xml file by adding parameters named "hits" and "period" with the desired values. When the rate is exceeded, a short string is written to the response output stream and the chain method is not invoked. Otherwise, processing proceeds as normal.
-
-
Constructor Summary
Constructors Constructor Description RequestRateThrottleFilter()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
destroy()
Called by the web container to indicate to a filter that it is being taken out of service.void
doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)
Checks to see if the current session has exceeded the allowed number of requests in the specified time period.void
init(javax.servlet.FilterConfig filterConfig)
Called by the web container to indicate to a filter that it is being placed into service.
-
-
-
Method Detail
-
init
public void init(javax.servlet.FilterConfig filterConfig)
Called by the web container to indicate to a filter that it is being placed into service. The servlet container calls the init method exactly once after instantiating the filter. The init method must complete successfully before the filter is asked to do any filtering work.- Specified by:
init
in interfacejavax.servlet.Filter
- Parameters:
filterConfig
- configuration object
-
doFilter
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws java.io.IOException, javax.servlet.ServletException
Checks to see if the current session has exceeded the allowed number of requests in the specified time period. If the threshold has been exceeded, then a short error message is written to the output stream and no further processing is done on the request. Otherwise the request is processed as normal.- Specified by:
doFilter
in interfacejavax.servlet.Filter
- Parameters:
request
-response
-chain
-- Throws:
java.io.IOException
javax.servlet.ServletException
-
destroy
public void destroy()
Called by the web container to indicate to a filter that it is being taken out of service. This method is only called once all threads within the filter's doFilter method have exited or after a timeout period has passed. After the web container calls this method, it will not call the doFilter method again on this instance of the filter.- Specified by:
destroy
in interfacejavax.servlet.Filter
-
-