本项目展示了 Spring Boot 项目如何通过 AOP 结合 Guava 的 RateLimiter 实现接口限流,防止 API接口被恶意频繁请求。
一.创建新的springboot项目,引入pom文件。
4.0.0 org.springframework.boot spring-boot-starter-parent 2.2.7.RELEASE com.dyz retelimiter 0.0.1-SNAPSHOT retelimiter Demo project for Spring Boot
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-aop</artifactId>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>cn.hutool</groupId>
<artifactId>hutool-all</artifactId>
<version>5.3.3</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.google.guava/guava -->
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>28.2-jre</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
<exclusions>
<exclusion>
<groupId>org.junit.vintage</groupId>
<artifactId>junit-vintage-engine</artifactId>
</exclusion>
</exclusions>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
二、创建限流注解,@RateLimiter /**
-
@author dyz
-
@version 1.0
-
@date 2020/5/11 15:40
-
创建限流注解 */ @Target(ElementType.METHOD) @Retention(RetentionPolicy.RUNTIME) @Documented public @interface RateLimiter { int NOT_LIMITED = 0;
/**
- qps */ @AliasFor("qps") double value() default NOT_LIMITED;
/**
- qps */ @AliasFor("value") double qps() default NOT_LIMITED;
/**
- 超时时长 */ int timeout() default 0;
/**
- 超时时间单位 */ TimeUnit timeUnit() default TimeUnit.MILLISECONDS; }
三、配置限流切面 /**
-
@author dyz
-
@version 1.0
-
@date 2020/5/11 15:48
-
配置限流切面 */ @Slf4j @Aspect @Component public class RateLimiterAspect { private static final ConcurrentMap<String, com.google.common.util.concurrent.RateLimiter> RATE_LIMITER_CACHE = new ConcurrentHashMap<>();
@Pointcut("@annotation(com.dyz.retelimiter.guava.annotation.RateLimiter)") public void rateLimit() {
}
@Around("rateLimit()") public Object pointcut(ProceedingJoinPoint point) throws Throwable { MethodSignature signature = (MethodSignature) point.getSignature(); Method method = signature.getMethod(); // 通过 AnnotationUtils.findAnnotation 获取 RateLimiter 注解 RateLimiter rateLimiter = AnnotationUtils.findAnnotation(method, RateLimiter.class); if (rateLimiter != null && rateLimiter.qps() > RateLimiter.NOT_LIMITED) { double qps = rateLimiter.qps(); if (RATE_LIMITER_CACHE.get(method.getName()) == null) { // 初始化 QPS RATE_LIMITER_CACHE.put(method.getName(), com.google.common.util.concurrent.RateLimiter.create(qps)); }
log.debug("【{}】的QPS设置为: {}", method.getName(), RATE_LIMITER_CACHE.get(method.getName()).getRate()); // 尝试获取令牌 if (RATE_LIMITER_CACHE.get(method.getName()) != null && !RATE_LIMITER_CACHE.get(method.getName()).tryAcquire(rateLimiter.timeout(), rateLimiter.timeUnit())) { throw new RuntimeException("请求频繁,请稍后再试~"); } } return point.proceed();
}
}
四、创建测试Controller /**
-
@author dyz
-
@version 1.0
-
@date 2020/5/11 17:06 */ @Slf4j @RestController public class TestController {
/**
- 开启限流
- @return */ @RateLimiter(value = 1.0, timeout = 100) @GetMapping("/rateLimiter") public String rateLimiter() { log.info("【rateLimiter】被执行了。。。。。"); return "你不能总是看到我,快速刷新我看一下!"; }
/**
- 未开启限流
- @return */ @GetMapping("/noRateLimiter") public String noRateLimiter() { log.info("【noRateLimiter】被执行了。。。。。"); return "我没有被限流哦,一直刷新一直在....."; }
}
五、启动项目,地址栏输入:http://127.0.0.1:8080/rateLimiter,测试限流的接口。
频繁刷新页面请求接口:
地址栏输入http://127.0.0.1:8080/noRateLimiter,并且不断刷新请求,测试未被限流的接口:
六、源码地址:https://github.com/MichaelDYZ/springboot-guavaRetelimiter