Package com.jalios.jcms.security
Class Throttler
- java.lang.Object
-
- com.jalios.jcms.security.Throttler
-
- Direct Known Subclasses:
AuthenticationThrottleManager
public class Throttler extends java.lang.ObjectProvides throttling of action that requires it.- Since:
- jcms-10.0.7 / JCMS-8083
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static classThrottler.ActionClass used to track information about Action that might be throttled.
-
Field Summary
Fields Modifier and Type Field Description static java.lang.StringENABLED_PROP_SUFFIXEnable throttling or not ?static java.lang.StringRANGE_PROP_SUFFIXTime range in seconds during which the threshold is verified.static java.lang.StringTHRESHOLD_PROP_SUFFIXNumber of action attempts permitted in specified time range.static java.lang.StringTHROTTLING_DURATION_PROP_SUFFIXNumber of seconds before the blocked/throttled can be released.
-
Constructor Summary
Constructors Constructor Description Throttler(java.lang.String throttledActionName, java.lang.String propertyPrefix, org.apache.log4j.Logger logger)Construct a new Throttler with all the specified parameter
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description java.time.DurationgetRange()Return the period of time during which the threshold applies.protected static java.lang.StringgetRemoteIp(javax.servlet.http.HttpServletRequest request)Return the remote IP of the specified HttpServletRequestintgetThreshold()Return the maximum number of action attempts permitted in the range period.java.time.DurationgetThrottleDuration()Return the duration user must wait before the blocked/throttled can be released.voidinit()Initialize this ThrottleManager.voidinit(com.google.common.base.Ticker ticker)Initialize this ThrottleManager with the specified Ticker instance.booleanisThrottleEnabled()Check if throttling is enabled or not ?voidrecordAction(Throttler.Action action)Record a potentially throttled action.voidrecordAction(java.lang.String userId, javax.servlet.http.HttpServletRequest request)Record a potentially throttled action.booleanthrottleIfNeeded(java.lang.String userId, javax.servlet.http.HttpServletRequest request)Throttle an action attempt given specified context.
-
-
-
Field Detail
-
ENABLED_PROP_SUFFIX
public static final java.lang.String ENABLED_PROP_SUFFIX
Enable throttling or not ?- See Also:
- Constant Field Values
-
RANGE_PROP_SUFFIX
public static final java.lang.String RANGE_PROP_SUFFIX
Time range in seconds during which the threshold is verified.- See Also:
- Constant Field Values
-
THRESHOLD_PROP_SUFFIX
public static final java.lang.String THRESHOLD_PROP_SUFFIX
Number of action attempts permitted in specified time range.- See Also:
- Constant Field Values
-
THROTTLING_DURATION_PROP_SUFFIX
public static final java.lang.String THROTTLING_DURATION_PROP_SUFFIX
Number of seconds before the blocked/throttled can be released.- See Also:
- Constant Field Values
-
-
Constructor Detail
-
Throttler
public Throttler(java.lang.String throttledActionName, java.lang.String propertyPrefix, org.apache.log4j.Logger logger)Construct a new Throttler with all the specified parameter- Parameters:
throttledActionName- name of the action being verified by this throttler, used during logging, for example"Authentication failure","Password Reset request", ... requiredpropertyPrefix- the property prefix to use to load configuration, for example"my-feature.throttling.". requiredlogger- the Logger to use, required
-
-
Method Detail
-
init
public void init()
Initialize this ThrottleManager.This method can be called multiple time during the lifetime of the site, for example on properties change.
-
init
public void init(com.google.common.base.Ticker ticker)
Initialize this ThrottleManager with the specified Ticker instance.This method can be called multiple time during the lifetime of the site, for example on properties change.
- Parameters:
ticker- specified a custom ticket during unittest
-
recordAction
public void recordAction(java.lang.String userId, javax.servlet.http.HttpServletRequest request)Record a potentially throttled action.- Parameters:
userId- a unique and constant identifier used to track the User/Member for which authentication failedrequest- the HttpServletRequest which triggered this action (optional but highly recommended)- Since:
- jcms-10.0.7 / JCMS-8083
-
recordAction
public void recordAction(Throttler.Action action)
Record a potentially throttled action.- Parameters:
action- a valid Action- Since:
- jcms-10.0.7 / JCMS-8083
-
throttleIfNeeded
public boolean throttleIfNeeded(java.lang.String userId, javax.servlet.http.HttpServletRequest request)Throttle an action attempt given specified context.- Parameters:
userId- a unique and constant identifier used to track the User/Member for which action is being attemptedrequest- the ServletRequest for which throttle is verified- Returns:
- true if thottling occurred, false otherwise
- Since:
- jcms-10.0.7 / JCMS-8083
-
getRemoteIp
protected static java.lang.String getRemoteIp(javax.servlet.http.HttpServletRequest request)
Return the remote IP of the specified HttpServletRequest- Parameters:
request- a request (can be null)- Returns:
- the remote addr, or empty string if there is no request
-
isThrottleEnabled
public boolean isThrottleEnabled()
Check if throttling is enabled or not ?- Returns:
- true if enabled, false otherwise
-
getRange
public java.time.Duration getRange()
Return the period of time during which the threshold applies.- Returns:
- a duration
-
getThreshold
public int getThreshold()
Return the maximum number of action attempts permitted in the range period.- Returns:
- a maximum number of action
-
getThrottleDuration
public java.time.Duration getThrottleDuration()
Return the duration user must wait before the blocked/throttled can be released.- Returns:
- a duration
-
-