Win a copy of Kotlin in Action this week in the Kotlin forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

SOAP Webservice throttling  RSS feed

 
Rithanya Laxmi
Ranch Hand
Posts: 191
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

We have to implement throttling functionality in our application. Need your suggestion.

Clients will send the request on a web service and we have to restrict the number of request that we will serve for a client like 200 requests per second.

If he becomes a premium customer we will increase it to 400 requests per second. In another sense number of request that we handle for the client should be configuriabe as well.

How we can implement throttling for SOAP webservice in java ? Whethger we need to use any 3rd party throttling API's are we can set the threshold details, etc
for SOAP webservice? Please clarify.

Thanks
 
Ulf Dittmer
Rancher
Posts: 42972
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
200 or 400 per second for a single customer? Wow, there must be some serious hardware behind that to support that.

This is an interesting problem. I have recently implemented a solution where for each JAX-RS REST API method an MBean gets created automatically that allows you to turn it on or off completely, track its usage by IP address, allow IPs to be blacklisted and whitelisted, and some other monitoring and administration functionalities. The JAX-RS API has filter methods that make it relatively easy to hook into the normal request/response flow, and prevent access under certain circumstances - like a blacklisted IP address, or a customer going beyond the throttle threshold.

JAX-WS has a similar mechanism that works on two different levels - the SOAP level (javax.xml.ws.handler.soap.SOAPHandler) and the transport-independent message level (javax.xml.ws.handler.LogicalHandler). See https://jax-ws.java.net/articles/handlers_introduction.html for an introduction of how that works.
 
Rithanya Laxmi
Ranch Hand
Posts: 191
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Ulf. How we can set the threshold details, etc in SOAPHandler what is the API we need to use here? Similarly how we can handle the same in REST WS? Please clarify. Any code snippets are really appreciated.
 
Ulf Dittmer
Rancher
Posts: 42972
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There is no API to do that - you'll have to implement it yourself. But once you have the handlers in place, it's not hard to keep track of incoming requests, and do all the bookkeeping necessary to implement your requirements.
 
Jayesh A Lalwani
Rancher
Posts: 2762
32
Eclipse IDE Spring Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I wouldn't implement this in Java myself. There are plenty of firewall/HTTP proxy/load balancer products available that provide traffic throttling right out of the box. You might want to look at your load balancer configuration. You might have somehting already
 
Ulf Dittmer
Rancher
Posts: 42972
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
firewall/HTTP proxy/load balancer products

The point as I understand it would be to do this on a per-user basis, though, for which parts of the URL (or possibly a header) would need to be examined, and action taken accordingly. That might not be possible with an external approach.
 
Jayesh A Lalwani
Rancher
Posts: 2762
32
Eclipse IDE Spring Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A single "user" firing 200 requests a second seems highly unlikely. "Customer" could mean many things. In this contextm "customer likely means a company that is buying the product for 500 of it's employees
 
Ulf Dittmer
Rancher
Posts: 42972
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Right, but it still sounds to me as if the WS would be hosted by the company that offers it, not by the customer. Assuming that the WS would not be run on separate hardware for each customer, there would still be a need to treat incoming requests differently based on some authentication provided with the WS call. But no need to guess - Rithanya should be able to tell us if that's a concern.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!