Description
Hi Spring team,
Following the guidance in spring-projects/spring-boot/issues/45182 , I'd like to propose a framework-level feature for supporting rate limiting in Spring.
While solutions exist at the infrastructure level (e.g. NGINX, API gateways), we often need some type of rate limiting that is tied to business logic. As a developer who likes Spring framework, I thought it would be powerful to have rate limiting support at the framework level that can be extended by the ecosystem and later on automatically configured by Spring Boot.
The idea here would be limited to framework abstractions and extensibility. Spring Boot support (e.g. auto configured Redis integration) would be handled downstream. An example annotation would be like:
@RateLimit(useCase = "some-action")that would be placed on top of a Spring MVC controller method to apply rate limit on that endpoint. Further configuration could be applied with something like:
rate-limiter:
use-cases:
some-action:
identifiers:
ip-address:
rules:
- max-limit: 5
duration: PT1M
- max-limit: 15
duration: PT5M
jwt-user-id:
rules:
- max-limit: 5
duration: PT1Mwhere different identifiers would be responsible for determining the value to apply the rate limit on. In this example, it would mean that for the some-action use case, I am going to apply per IP address a limit of 5 requests per minute and 15 requests per 5 minutes separately, on the same endpoint. However, I am not too concerned on how things should be implemented as of creating this issue.
I would like to collect feedback if this kind of feature aligns with Spring's direction and would be interested to discuss and come up with concrete ideas on how to implement such feature.
Thanks.