A lightweight, extensible, and production-ready rate limiting system built with Spring Boot. This project implements three classic rate-limiting algorithms:
- Fixed Window
- Sliding Window
- Token Bucket
You can switch between algorithms easily by enabling the corresponding service in the filter.
- Three fully implemented rate limiter strategies
- Configurable request limits via application.properties
- IP-based rate limiting (request.getRemoteAddr())
- Global filter using OncePerRequestFilter
- Plug-and-play architecture (swap algorithms instantly)
- Example endpoint /limiter/api/check
- Fixed Window Rate Limiting
- Divides time into fixed windows (e.g., 1 minute)
- Tracks how many requests occur in each window
- Simple but can cause burst issues at window boundaries
Best for: Basic API throttling, simple enforcement rules.
- Sliding Window Rate Limiting
- Stores exact timestamps of requests inside a queue
- Removes timestamps older than the window
- More accurate than Fixed Window
Best for: Fairer request distribution without boundary spikes.
- Token Bucket Rate Limiting
- Bucket holds tokens up to a maximum capacity
- Tokens refill every second
- Each request consumes one token
- Allows configurable bursts
Best for: APIs that need flexibility + burst handling.
Requirements
- Java 17+
- Maven 3+
- Spring Boot 3.x Command
mvn spring-boot:run