Rate Limiting in Spring WebFlux

Rate limiting is a crucial technique to control the amount of incoming traffic to the server. This prevents abuse, ensures fair resource usage, and protects against potential Denial of Service (DOS) attacks. In the Spring WebFlux, rate limiting can be implemented effectively using the Spring Cloud Gateway. This article will guide setting up the rate limiting in the Spring WebFlux application.

Rate limiting restricts the number of requests the client can make to the server within the specified period. In Spring WebFlux, it can be achieved using Spring Cloud Gateway with Redis as the backing store to track the request counts and limits of the Spring application.

Key Components

• Spring Cloud Gateway: The library that provides a simple, yet powerful way to route API requests of the application.
• Redis: An in-memory data structure store that can be used as the database, cache, and message broker.
• KeyResolver: The component that resolves the key for the rate-limiting and is typically based on the client IP or user identity.

Prerequisites:

• Good understanding of the Spring Boot and Spring Reactive.
• Basic understanding of the Rate Limiting concept.
• JDK and IntelliJ Idea setup installed in your local system.
• Maven for building dependency management.

Implementation of Rate Limiting in Spring WebFlux

Step 1: Create a Spring Project

Create a new Spring Boot project using spring Initializr and add the below dependencies.

Dependencies:

• Spring Web Reactive
• Lombok
• Spring DevTools

After creating the project, the folder structure will be like below image in the IDE.

Step 2: Configure the Application Properties

Now, configure the application property of the project by the adding the below properties:

spring.application.name=example-ratelimit
server.port=8081

Step 3: Create the GreetController class

This code defines a Spring WebFlux REST controller that handles HTTP GET requests to the /greet endpoint. It returns a greeting message and adds custom headers to the response for rate limiting information, such as the request limit, remaining requests, and the reset time.

Step 4: Main class

No changes are required in the main class.

pom.xml file:

Step 5: Run the application

Now, run the application and it will start at port 8081 of Netty server.

Setup the Gateway Service

Step 1: Create the Spring Project

Create a new Spring Boot project using spring Initializr and add the below dependencies.

Dependencies:

• Spring Web Reactive
• Lombok
• Spring DevTools
• Spring Cloud Gateway

After creating the project, the folder structure will be like below image:

Step 2: Configure the Application Properties

spring:
 cloud:
 gateway:
 routes:
 - id: greeting_route
 uri: http://localhost:8081
 predicates:
 - Path=/greet
 filters:
 - name: RequestRateLimiter
 args:
 key-resolver: "#{@userKeyResolver}"
 redis-rate-limiter.replenishRate: 1
 redis-rate-limiter.burstCapacity: 1
 data:
 redis:
 port: 6379
 host: localhost

Step 3: Create the RateLimitingConfig Class

This code defines a configuration class for rate limiting in a Spring Cloud Gateway application. It includes a KeyResolver bean that resolves the key for rate limiting based on the client's IP address. The resolved key is used to track and limit requests from individual clients.

Step 4: Main Class

No changes are required in the main class.

pom.xml file:

Step 5: Run the application

Now run this and it will start at port 8080 in Netty server.

Testing the Application

Note: When the rate limit is exceeded then the server responds with the 429 Too Many Requests status code.

GET http://localhost:8080/greet

Output:

By using Spring Cloud Gateway and Redis, we can easily set up and configure the rate limiting based on the client IP addresses or other criteria.