Class Throttler

  • Direct Known Subclasses:
    AuthenticationThrottleManager

    public class Throttler
    extends java.lang.Object
    Provides throttling of action that requires it.
    Since:
    jcms-10.0.7 / JCMS-8083
    • Nested Class Summary

      Nested Classes 
      Modifier and Type Class Description
      static class  Throttler.Action
      Class used to track information about Action that might be throttled.
    • Field Summary

      Fields 
      Modifier and Type Field Description
      static java.lang.String ENABLED_PROP_SUFFIX
      Enable throttling or not ?
      static java.lang.String RANGE_PROP_SUFFIX
      Time range in seconds during which the threshold is verified.
      static java.lang.String THRESHOLD_PROP_SUFFIX
      Number of action attempts permitted in specified time range.
      static java.lang.String THROTTLING_DURATION_PROP_SUFFIX
      Number of seconds before the blocked/throttled can be released.
    • Constructor Summary

      Constructors 
      Constructor Description
      Throttler​(java.lang.String throttledActionName, java.lang.String propertyPrefix, org.apache.log4j.Logger logger)
      Construct a new Throttler with all the specified parameter
    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      java.time.Duration getRange()
      Return the period of time during which the threshold applies.
      protected static java.lang.String getRemoteIp​(javax.servlet.http.HttpServletRequest request)
      Return the remote IP of the specified HttpServletRequest
      int getThreshold()
      Return the maximum number of action attempts permitted in the range period.
      java.time.Duration getThrottleDuration()
      Return the duration user must wait before the blocked/throttled can be released.
      void init()
      Initialize this ThrottleManager.
      void init​(com.google.common.base.Ticker ticker)
      Initialize this ThrottleManager with the specified Ticker instance.
      boolean isThrottleEnabled()
      Check if throttling is enabled or not ?
      void recordAction​(Throttler.Action action)
      Record a potentially throttled action.
      void recordAction​(java.lang.String userId, javax.servlet.http.HttpServletRequest request)
      Record a potentially throttled action.
      boolean throttleIfNeeded​(java.lang.String userId, javax.servlet.http.HttpServletRequest request)
      Throttle an action attempt given specified context.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • ENABLED_PROP_SUFFIX

        public static final java.lang.String ENABLED_PROP_SUFFIX
        Enable throttling or not ?
        See Also:
        Constant Field Values
      • RANGE_PROP_SUFFIX

        public static final java.lang.String RANGE_PROP_SUFFIX
        Time range in seconds during which the threshold is verified.
        See Also:
        Constant Field Values
      • THRESHOLD_PROP_SUFFIX

        public static final java.lang.String THRESHOLD_PROP_SUFFIX
        Number of action attempts permitted in specified time range.
        See Also:
        Constant Field Values
      • THROTTLING_DURATION_PROP_SUFFIX

        public static final java.lang.String THROTTLING_DURATION_PROP_SUFFIX
        Number of seconds before the blocked/throttled can be released.
        See Also:
        Constant Field Values
    • Constructor Detail

      • Throttler

        public Throttler​(java.lang.String throttledActionName,
                         java.lang.String propertyPrefix,
                         org.apache.log4j.Logger logger)
        Construct a new Throttler with all the specified parameter
        Parameters:
        throttledActionName - name of the action being verified by this throttler, used during logging, for example "Authentication failure", "Password Reset request", ... required
        propertyPrefix - the property prefix to use to load configuration, for example "my-feature.throttling.". required
        logger - the Logger to use, required
    • Method Detail

      • init

        public void init()
        Initialize this ThrottleManager.

        This method can be called multiple time during the lifetime of the site, for example on properties change.

      • init

        public void init​(com.google.common.base.Ticker ticker)
        Initialize this ThrottleManager with the specified Ticker instance.

        This method can be called multiple time during the lifetime of the site, for example on properties change.

        Parameters:
        ticker - specified a custom ticket during unittest
      • recordAction

        public void recordAction​(java.lang.String userId,
                                 javax.servlet.http.HttpServletRequest request)
        Record a potentially throttled action.
        Parameters:
        userId - a unique and constant identifier used to track the User/Member for which authentication failed
        request - the HttpServletRequest which triggered this action (optional but highly recommended)
        Since:
        jcms-10.0.7 / JCMS-8083
      • recordAction

        public void recordAction​(Throttler.Action action)
        Record a potentially throttled action.
        Parameters:
        action - a valid Action
        Since:
        jcms-10.0.7 / JCMS-8083
      • throttleIfNeeded

        public boolean throttleIfNeeded​(java.lang.String userId,
                                        javax.servlet.http.HttpServletRequest request)
        Throttle an action attempt given specified context.
        Parameters:
        userId - a unique and constant identifier used to track the User/Member for which action is being attempted
        request - the ServletRequest for which throttle is verified
        Returns:
        true if thottling occurred, false otherwise
        Since:
        jcms-10.0.7 / JCMS-8083
      • getRemoteIp

        protected static java.lang.String getRemoteIp​(javax.servlet.http.HttpServletRequest request)
        Return the remote IP of the specified HttpServletRequest
        Parameters:
        request - a request (can be null)
        Returns:
        the remote addr, or empty string if there is no request
      • isThrottleEnabled

        public boolean isThrottleEnabled()
        Check if throttling is enabled or not ?
        Returns:
        true if enabled, false otherwise
      • getRange

        public java.time.Duration getRange()
        Return the period of time during which the threshold applies.
        Returns:
        a duration
      • getThreshold

        public int getThreshold()
        Return the maximum number of action attempts permitted in the range period.
        Returns:
        a maximum number of action
      • getThrottleDuration

        public java.time.Duration getThrottleDuration()
        Return the duration user must wait before the blocked/throttled can be released.
        Returns:
        a duration