RequestRateThrottleFilter (ESAPI 2.0.1 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.owasp.esapi.filters
Class RequestRateThrottleFilter

java.lang.Object
  org.owasp.esapi.filters.RequestRateThrottleFilter

All Implemented Interfaces:: javax.servlet.Filter

public class RequestRateThrottleFilter
extends java.lang.Object
implements javax.servlet.Filter
extends java.lang.Object
implements javax.servlet.Filter

A simple servlet filter that limits the request rate to a certain threshold of requests per second. The default rate is 5 hits in 10 seconds. This can be overridden in the web.xml file by adding parameters named "hits" and "period" with the desired values. When the rate is exceeded, a short string is written to the response output stream and the chain method is not invoked. Otherwise, processing proceeds as normal.

Constructor Summary
`RequestRateThrottleFilter()`

Method Summary
`void`	`destroy()` Called by the web container to indicate to a filter that it is being taken out of service.
`void`	`doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)` Checks to see if the current session has exceeded the allowed number of requests in the specified time period.
`void`	`init(javax.servlet.FilterConfig filterConfig)` Called by the web container to indicate to a filter that it is being placed into service.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

RequestRateThrottleFilter

public RequestRateThrottleFilter()

Method Detail

init

public void init(javax.servlet.FilterConfig filterConfig)

Called by the web container to indicate to a filter that it is being placed into service. The servlet container calls the init method exactly once after instantiating the filter. The init method must complete successfully before the filter is asked to do any filtering work.

Specified by:: init in interface javax.servlet.Filter

Parameters:: filterConfig - configuration object

doFilter

public void doFilter(javax.servlet.ServletRequest request,
                     javax.servlet.ServletResponse response,
                     javax.servlet.FilterChain chain)
              throws java.io.IOException,
                     javax.servlet.ServletException

Checks to see if the current session has exceeded the allowed number of requests in the specified time period. If the threshold has been exceeded, then a short error message is written to the output stream and no further processing is done on the request. Otherwise the request is processed as normal.

Specified by:: doFilter in interface javax.servlet.Filter

Parameters:: request -; response -; chain -
Throws:: java.io.IOException; javax.servlet.ServletException

destroy

public void destroy()

Called by the web container to indicate to a filter that it is being taken out of service. This method is only called once all threads within the filter's doFilter method have exited or after a timeout period has passed. After the web container calls this method, it will not call the doFilter method again on this instance of the filter.

Specified by:: destroy in interface javax.servlet.Filter