在我公司的登录页面上使用番石榴的速率限制器是否安全?
Is it safe to use guava's ratelimiter on my company's login page?
我注意到 Guava 的 RateLimiter 有 @Beta 注解,所以 intelliJ 给出了一个警告说它不稳定。
我想在我公司的登录页面中像这样使用它来限制传入请求的速率。
RateLimiter throttle = new RateLimitter.create(1.0);
public void doLogin(HttpServletRequest request, HttpServletResp0onse response){
throttle.acquire(); //or throttle.tryAcquire();
//do the rest of the login
}
这会按预期工作吗?还是因为 @Beta 标签,我应该避免将其纳入我公司的如此大的功能?
@Beta 注释记录为:
Signifies that a public API (public class, method or field) is subject to incompatible changes, or even removal, in a future release. An API bearing this annotation is exempt from any compatibility guarantees made by its containing library. Note that the presence of this annotation implies nothing about the quality or performance of the API in question, only the fact that it is not "API-frozen."
It is generally safe for applications to depend on beta APIs, at the cost of some extra work during upgrades. However it is generally inadvisable for libraries (which get included on users' CLASSPATHs, outside the library developers' control) to do so.
这意味着如果您升级到更新版本的 Guava,您可能需要移植您的更改以匹配新的 API 定义。但是,API.
的质量、性能或可靠性没有任何暗示
但是,在逻辑页面中使用此 RateLimiter 并不是一个好主意。考虑每台服务器 1 QPS 的速率限制是否适合您的登录页面。如果同时尝试多个登录,您的用户和员工可能会遇到不可用的情况,如果您使用 acquire 而不是 tryAcquire,您将阻塞处理程序线程。您应该考虑为什么您对限制全局访问此函数的速率感兴趣并相应地进行调整。
我注意到 Guava 的 RateLimiter 有 @Beta 注解,所以 intelliJ 给出了一个警告说它不稳定。
我想在我公司的登录页面中像这样使用它来限制传入请求的速率。
RateLimiter throttle = new RateLimitter.create(1.0);
public void doLogin(HttpServletRequest request, HttpServletResp0onse response){
throttle.acquire(); //or throttle.tryAcquire();
//do the rest of the login
}
这会按预期工作吗?还是因为 @Beta 标签,我应该避免将其纳入我公司的如此大的功能?
@Beta 注释记录为:
Signifies that a public API (public class, method or field) is subject to incompatible changes, or even removal, in a future release. An API bearing this annotation is exempt from any compatibility guarantees made by its containing library. Note that the presence of this annotation implies nothing about the quality or performance of the API in question, only the fact that it is not "API-frozen."
It is generally safe for applications to depend on beta APIs, at the cost of some extra work during upgrades. However it is generally inadvisable for libraries (which get included on users' CLASSPATHs, outside the library developers' control) to do so.
这意味着如果您升级到更新版本的 Guava,您可能需要移植您的更改以匹配新的 API 定义。但是,API.
的质量、性能或可靠性没有任何暗示但是,在逻辑页面中使用此 RateLimiter 并不是一个好主意。考虑每台服务器 1 QPS 的速率限制是否适合您的登录页面。如果同时尝试多个登录,您的用户和员工可能会遇到不可用的情况,如果您使用 acquire 而不是 tryAcquire,您将阻塞处理程序线程。您应该考虑为什么您对限制全局访问此函数的速率感兴趣并相应地进行调整。