2007/3/13, Michael Jouravlev <[EMAIL PROTECTED]>:
On 3/13/07, Christopher Schultz <[EMAIL PROTECTED]> wrote: > > I am trying to implement a flood control mechanism to prevent robots > > requesting pages after pages at an "inhuman" rate. > > I know you've gotten lots of feedback already, but there's a > super-simple way to do this: put a marker in the request attributes the > first time your filter "sees" it. [...] You are confusing redirection with forwarding.
Thank you guys! You really are a fantastic bunch! Echoing Christopher's comments, I indeed have received a lot of feedback and my ideas are much clearer on the matter. Let me just say that I found out an internal way to single out one request for each user-issued request, even when a redirect is involved. (It has to do with the presence or absence of parameters in the URI.) This might not be the most robust solution (our design could hypothetically change in the future). But, for the moment, it would do the job! But since I asked my question (which was about FloodControl through servlet Filters), I have had second thoughts. Wouldn't it be better to implement my FloodControl within the CHAIN OF COMMAND? (I have just upgraded to Struts 1.3.8.) I have never played with the Chain of command, so I would appreciate comments on my plan. PLAN: 1) Since the FloodControl has to do with the very fact that a request was made, I am tempted to ADD a command at the beginning of the process-action subchain, before the selectLocale command. 2) If the FloodControl command concludes that the current request is flooding, it throws a FloodException and stops the chain. (The FloodException is constructed with two properties: the URI and paramMap of the currently interrupted request.) 3) The exception is caught in a Struts global-exception handler, which forwards the user to a FloodControl warning page. This page allows the user to continue to his desired destination, once he clicks on a button. Is step 1) the right way to proceed? Instead of adding a command to the chain, should I instead extend one of the existing commands in the process-action subchain? Which one? AuthorizeAction??? Is throwing a FloodException the correct design, here?