Restrict number of requests for particular mapping in Spring context

Question

I am just unsure whether Spring has any mechanism preventing users/malicious bots from spamming for example registration request hundred times on my web app.

Does spring offer this kind of protection under the hood and if does not which direction I am to look? Some magical property in Spring Security?

Also does AWS provide any protection against this kind of brute attack when my application is deployed there?

Answer 1

The short answer to both your questions is no. There is no built-in mechanisms in either Spring or Amazon Web services to prevent this.

You will likely have to provide your own implementation to prevent excessive access to your API.

There are a couple of useful resources that can help:

• Jeff Atwood's piece on throttling failed log-in attempts should give you a good starting point on how to implement a good strategy for this.
• Spring Security's Authorization architecture is really well designed and you can plug in your own implementations fairly easily. It is well documented too.
• There is the official Amazon Web Services documentation for using Security Groups, which again should help you ensure you're running on AWS with least permissions in terms of network access
• Finally you could look at a service like Fail2Ban for monitoring log files and blocking malicious requests.

So in short there isn't really a simple ready-to-roll solution, but using the above resources should get you on the road to running something that ensures you're using the best practices possible to prevent malicious attempts to access your system.