Guava RateLimiter: A practical guide to efficient flow control

background

With the rapid development of the Internet, the continuous expansion of the scale of system users and the widespread application of distributed architecture, the stability and performance of API interfaces have become crucial factors in system design. Whether it is to deal with sudden traffic peaks or to prevent malicious requests from malicious crawlers, current limiting strategies have become an indispensable part of modern systems. Its main purposes include but are not limited to the following:

1. Protect backend services: By limiting the number of visits to a specific interface per unit time, service overloads caused by sudden traffic or malicious attacks can be effectively avoided, thereby ensuring the stable operation of backend services.
2. Ensure user experience: A reasonable flow control strategy can control the reasonable allocation of resources without affecting normal user use, ensure that most users' requests can be responded to in a timely manner, and improve the overall service quality.
3. Optimize resource utilization: For limited computing resources, such as database connections and cache resources, current limiting can prevent these resources from being exhausted by a small number of high-frequency requests, ensuring effective resource utilization.
4. Cost control: Cloud services are usually charged based on resource consumption, and improper requests may lead to unnecessary cost increases. Current limiting can help enterprises better control costs and avoid cost surges caused by unexpected high traffic.
5. Prevent malicious behavior: Current limiting can serve as a line of defense to prevent malicious crawlers, DDoS attacks and other illegal behaviors, and protect the system from damage.
6. Data security: By limiting the frequency of access to external data, the risk of sensitive information leakage can be reduced, which is especially important when dealing with personal privacy data.
7. Compliance: Some industries have specific data access rules and restrictions. Implementing throttling can help meet these compliance requirements and avoid legal risks.

Guava provides a variety of methods to implement current limiting, the most commonly used of which is RateLimiter class. RateLimiter can help us control the resource consumption rate of the application, such as limiting the number of requests per second.

accomplish

1. Dependency introduction:

 <dependency> <groupId>com.google.guava</groupId> <artifactId>guava</artifactId> <version>31.1-jre</version> </dependency>

2. Configure the current limiting parameters in application.yml:

 rate-limiter: permits-per-second: 5 # 每秒许可数warmup-period: 0 # 预热时间（秒） timeout: 0 # 获取许可的超时时间（秒）

3. Current limiting configuration attribute class

 @Data @Component @ConfigurationProperties(prefix = "rate-limiter") public class RateLimiterProperties { /** * 每秒许可数*/ private double permitsPerSecond; /** * 预热时间（秒） */ private long warmupPeriod; /** * 获取许可的超时时间（秒） */ private long timeout; }

4. Configure RateLimiter

 @Configuration public class RateLimiterConfig { /** * 配置RateLimiter Bean * * @param properties 注入的限流配置属性* @return RateLimiter 实例*/ @Bean public RateLimiter rateLimiter(RateLimiterProperties properties) { if (properties.getWarmupPeriod() > 0) { // 创建带有预热期的RateLimiter return RateLimiter.create( properties.getPermitsPerSecond(), properties.getWarmupPeriod(), TimeUnit.SECONDS ); } else { // 创建标准的RateLimiter return RateLimiter.create(properties.getPermitsPerSecond()); } } }

5. Create a controller

 @RestController public class RateLimiterController { @Autowired private RateLimiter rateLimiter; @Autowired private RateLimiterProperties properties; /** * 测试限流接口* * @return 请求结果*/ @GetMapping("/api/test") //@RateLimitAspect(qps = 2, timeout = 200, timeUnit = TimeUnit.MILLISECONDS) public ResponseEntity<String> rateApi() { boolean acquired = rateLimiter.tryAcquire(properties.getTimeout(), TimeUnit.SECONDS); if (acquired) { // 允许请求，返回成功响应return ResponseEntity.ok("请求成功！"); } else { // 拒绝请求，返回限流响应return ResponseEntity.status(429).body("请求过多，请稍后再试！"); } } }

6. Advanced version using section:

 @Retention(RetentionPolicy.RUNTIME) @Target(ElementType.METHOD) public @interface RateLimitAspect { double qps() default 1; // 每秒钟生成令牌的速率long timeout() default 0; // 尝试获取令牌的超时时间TimeUnit timeUnit() default TimeUnit.SECONDS; // 超时时间单位}

 @Aspect @Component public class ApiRateLimitAspect { private final Map<String, RateLimiter> rateLimiters = new ConcurrentHashMap<>(); @Before("@annotation(RateLimitAspect)") public void limit(JoinPoint joinPoint, RateLimitAspect rateLimitAspect) { String methodName = joinPoint.getSignature().toLongString(); double qps = rateLimitAspect.qps(); RateLimiter limiter = rateLimiters.computeIfAbsent(methodName, k -> RateLimiter.create(qps)); long timeout = rateLimitAspect.timeout(); TimeUnit timeUnit = rateLimitAspect.timeUnit(); if (timeout > 0) { if (!limiter.tryAcquire(timeout, timeUnit)) { throw new RuntimeException("API rate limit exceeded"); } } else { if (!limiter.tryAcquire()) { throw new RuntimeException("API rate limit exceeded"); } } } }