Talk about requestreatelimiter gatewayfilter of spring cloud.



This article mainly studies requestrateElimiterGatewayfilter of spring cloud.


@ConditionalOnProperty(name = "", matchIfMissing = true)
@AutoConfigureAfter({GatewayLoadBalancerClientAutoConfiguration.class, GatewayClassPathWarningAutoConfiguration.class})
public class GatewayAutoConfiguration {
    @Bean(name = PrincipalNameKeyResolver.BEAN_NAME)
    public PrincipalNameKeyResolver principalNameKeyResolver() {
        return new PrincipalNameKeyResolver();

    @ConditionalOnBean({RateLimiter.class, KeyResolver.class})
    public RequestRateLimiterGatewayFilterFactory requestRateLimiterGatewayFilterFactory(RateLimiter rateLimiter, PrincipalNameKeyResolver resolver) {
        return new RequestRateLimiterGatewayFilterFactory(rateLimiter, resolver);

Note that only bean with RateLimiter and KeyResolver will take effect. the default KeyResolver is PrincipalNameKeyResolver, and RateLimiter is also required to take effect.


spring-cloud-gateway-core-2.0.0.RC2-sources.jar! /org/springframework/cloud/gateway/filter/factory/

 * User Request Rate Limiter filter. See and
public class RequestRateLimiterGatewayFilterFactory extends AbstractGatewayFilterFactory<RequestRateLimiterGatewayFilterFactory.Config> {

    public static final String KEY_RESOLVER_KEY = "keyResolver";

    private final RateLimiter defaultRateLimiter;
    private final KeyResolver defaultKeyResolver;

    public RequestRateLimiterGatewayFilterFactory(RateLimiter defaultRateLimiter,
                                                  KeyResolver defaultKeyResolver) {
        this.defaultRateLimiter = defaultRateLimiter;
        this.defaultKeyResolver = defaultKeyResolver;

    public KeyResolver getDefaultKeyResolver() {
        return defaultKeyResolver;

    public RateLimiter getDefaultRateLimiter() {
        return defaultRateLimiter;

    public GatewayFilter apply(Config config) {
        KeyResolver resolver = (config.keyResolver == null) ? defaultKeyResolver : config.keyResolver;
        RateLimiter<Object> limiter = (config.rateLimiter == null) ? defaultRateLimiter : config.rateLimiter;

        return (exchange, chain) -> {
            Route route = exchange.getAttribute(ServerWebExchangeUtils.GATEWAY_ROUTE_ATTR);

            return resolver.resolve(exchange).flatMap(key ->
                    // TODO: if key is empty?
                    limiter.isAllowed(route.getId(), key).flatMap(response -> {
                        // TODO: set some headers for rate, tokens left

                        if (response.isAllowed()) {
                            return chain.filter(exchange);
                        return exchange.getResponse().setComplete();

    public static class Config {
        private KeyResolver keyResolver;
        private RateLimiter rateLimiter;

        public KeyResolver getKeyResolver() {
            return keyResolver;

        public Config setKeyResolver(KeyResolver keyResolver) {
            this.keyResolver = keyResolver;
            return this;
        public RateLimiter getRateLimiter() {
            return rateLimiter;

        public Config setRateLimiter(RateLimiter rateLimiter) {
            this.rateLimiter = rateLimiter;
            return this;

  • You can see that this filterFactory depends on RateLimiter and KeyResolver.
  • Where KeyResolver is used to extract the current-limited key from request
  • While RateLimiter is the corresponding current limiting rule for key


Java configuration

    public RateLimiter inMemoryRateLimiter(){
        return new InMemoryRateLimiter();

    @Bean(name = IpAddressKeyResolver.BEAN_NAME)
    public KeyResolver ipAddressKeyResolver() {
        return new IpAddressKeyResolver();

InMemoryRateLimiter and IpAddressKeyResolver are provided here.

File configuration

      - id: rate-limit-demo
        - Path=/rate/**
        - name: RequestRateLimiter
           keyResolver: '#{@ipAddressKeyResolver}'
            replenish-rate: 10
            burst-capacity: 20
  • Here, first, a filter with the name RequestRateLimiter is specified, and then its parameter specifies a bean with the keyResolver with the name ipAddressKeyResolver.
  • In-memory-rate-limiter in args is the configuration attribute specified by InMemoryRateLimiter, and then the following two values are the attribute of InMemoryRateLimiter.Config


public class IpAddressKeyResolver implements KeyResolver {

    public static final String BEAN_NAME = "ipAddressKeyResolver";

    public Mono<String> resolve(ServerWebExchange exchange) {
        return Mono.just(exchange.getRequest().getRemoteAddress().getAddress().getHostAddress());


    public static class Config {
        private int replenishRate;

        private int burstCapacity = 0;

        public int getReplenishRate() {
            return replenishRate;

        public InMemoryRateLimiter.Config setReplenishRate(int replenishRate) {
            this.replenishRate = replenishRate;
            return this;

        public int getBurstCapacity() {
            return burstCapacity;

        public InMemoryRateLimiter.Config setBurstCapacity(int burstCapacity) {
            this.burstCapacity = burstCapacity;
            return this;

        public String toString() {
            return "Config{" +
                    "replenishRate=" + replenishRate +
                    ", burstCapacity=" + burstCapacity +


public class InMemoryRateLimiter extends AbstractRateLimiter<InMemoryRateLimiter.Config> {

    public static final String CONFIGURATION_PROPERTY_NAME = "in-memory-rate-limiter";

    private InMemoryRateLimiter.Config defaultConfig;

    private final Map<String, Bucket> ipBucketMap = new ConcurrentHashMap<>();

    public InMemoryRateLimiter() {
        super(InMemoryRateLimiter.Config.class, CONFIGURATION_PROPERTY_NAME, null);

    public InMemoryRateLimiter(int defaultReplenishRate, int defaultBurstCapacity) {
        super(Config.class, CONFIGURATION_PROPERTY_NAME, null);
        this.defaultConfig = new InMemoryRateLimiter.Config()

    public Mono<Response> isAllowed(String routeId, String id) {
        InMemoryRateLimiter.Config routeConfig = getConfig().get(routeId);

        if (routeConfig == null) {
            if (defaultConfig == null) {
                throw new IllegalArgumentException("No Configuration found for route " + routeId);
            routeConfig = defaultConfig;

        // How many requests per second do you want a user to be allowed to do?
        int replenishRate = routeConfig.getReplenishRate();

        // How much bursting do you want to allow?
        int burstCapacity = routeConfig.getBurstCapacity();

        Bucket bucket = ipBucketMap.computeIfAbsent(id, k -> {
            Refill refill = Refill.greedy(replenishRate, Duration.ofSeconds(1));
            Bandwidth limit = Bandwidth.classic(burstCapacity, refill);
            return Bucket4j.builder().addLimit(limit).build();

        // tryConsume returns false immediately if no tokens available with the bucket
        ConsumptionProbe probe = bucket.tryConsumeAndReturnRemaining(1);
        if (probe.isConsumed()) {
            // the limit is not exceeded
            return Mono.just(new Response(true, probe.getRemainingTokens()));
        } else {
            // limit is exceeded
            return Mono.just(new Response(false,-1));

Inherited AbstractRateLimiter and rewritten isAllowed method.

Current limit return instance

curl -i http://localhost:8080/rate/
HTTP/1.1 429 Too Many Requests
X-Response-Default-Foo: Default-Bar
content-length: 0


RequestrateElimiterGatewayfilter requires a bean with RateLimiter to take effect. In addition, a bean of KeyResolver is required, and the default KeyResolver is PrincipalNameKeyResolver.