aspose file tools*
The moose likes EJB and other Java EE Technologies and the fly likes Preventing Users doing multiple calls for a service(method) Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » EJB and other Java EE Technologies
Bookmark "Preventing Users doing multiple calls for a service(method)" Watch "Preventing Users doing multiple calls for a service(method)" New topic
Author

Preventing Users doing multiple calls for a service(method)

Anurag Blore
Ranch Hand

Joined: Jan 15, 2003
Posts: 74
All,

We have a method in our stateless EJB which query's our tables abd returns the result. We have designed the API thinking this should be one time call I mean user should call once this method in there flow.

Example: We are trying to get the history of work done by an Employee and I pass EmployeeID to get the detail



What is happening there are some systems which are using our API (the above method) and they are trying to call the method as a bulk query. Someone is using a for loop to get employee details for say 1000 employees and this is causing our System to hang.

My question is, Is there a way I can implement something so the calling system cannot call my API in a bulk query.

Thanks
Jeanne Boyarsky
author & internet detective
Marshal

Joined: May 26, 2003
Posts: 30753
    
156

Anurag,
Google uses a common technique for this - give out keys and require the user to pass the key in calls to your service. Then you can track when the key is used and limit it by time or volume. You could say only X calls per minute or X calls per day.


[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
Reza Rahman
author
Ranch Hand

Joined: Feb 01, 2005
Posts: 580
    
    5
Anurag,

You cannot prevent excessive calls without writing additional code. Even then, enforcement would be difficult because you would have to depend on the client to do "the right thing".

What you can do to help prevent the system from being overrun is specify a sensible upper bound on the number of pooled instances for the beans. However, even this will not help much if the problem is that the number of serial calls is just too high.

That in conjunction with asking the problematic application to be changed :-).

Hope it helps,
Reza


Independent Consultant — Author, EJB 3 in Action — Expert Group Member, Java EE 6 and EJB 3.1
Anurag Blore
Ranch Hand

Joined: Jan 15, 2003
Posts: 74
Thanks Jeanne and Reza.

Jeanne, Do you have any link from where I can get more details about controlling the calls based on volume?

Thanks,
Jaikiran Pai
Marshal

Joined: Jul 20, 2005
Posts: 10202
    
166

Not to sidetrack the discussion - but from what i see, its the API that needs to be fixed or tuned if possible. The API expects a userid and all it needs to return is the details. So it should not actually care about how many users are calling it, as long as it is tuned enough.

Someone is using a for loop to get employee details for say 1000 employees and this is causing our System to hang.


It applies to *any* other publicly accessible API isn't it?


[My Blog] [JavaRanch Journal]
Jeanne Boyarsky
author & internet detective
Marshal

Joined: May 26, 2003
Posts: 30753
    
156

Anurag Blore wrote:Jeanne, Do you have any link from where I can get more details about controlling the calls based on volume?

It's more of a concept, but you could look at the API for Amazon Web Services
Reza Rahman
author
Ranch Hand

Joined: Feb 01, 2005
Posts: 580
    
    5
I have to say that I agree with Jaikiran.

Unless this is a public API available to the "world" (e.g. accessed via a web service) and you have no way of realistically communicating with the client base, it seems wrong to put in explicit bandwidth throttling mechanisms instead of fixing the API or the client.

Best regards,
Reza
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Preventing Users doing multiple calls for a service(method)