Package org.jivesoftware.openfire.ratelimit

Class NewConnectionLimiterRegistry

java.lang.Object
org.jivesoftware.openfire.ratelimit.NewConnectionLimiterRegistry
public final class NewConnectionLimiterRegistry extends Object
Registry for shared TokenBucketRateLimiter instances for tracking new connection attempts per ConnectionType. This registry ensures that all client-to-server connections (C2S: SOCKET_C2S, BOSH_C2S) share the same limiter, while server-to-server connections (S2S: SOCKET_S2S) use a separate limiter. Other connection types return an unlimited limiter that never blocks connections. Rate limiters are per-cluster node and track metrics such as accepted/rejected events. They do not coordinate across cluster nodes. They are automatically updated whenever the associated system properties change. As this replaces the TokenBucketRateLimiter instance, statistics that are collected before the change will be lost.
Author:
Guus der Kinderen, guus@goodbytes.nl

  • Field Details

    • C2S_ENABLED

      public static final SystemProperty<Boolean> C2S_ENABLED
      Enables or disables rate limiting for new client-to-server (C2S) connections.

    • C2S_PERMITS_PER_SECOND

      public static final SystemProperty<Integer> C2S_PERMITS_PER_SECOND
      The sustained rate of new client-to-server connection attempts allowed per second. This applies to all C2S types (TCP, BOSH, WebSocket) combined.

    • C2S_MAX_BURST

      public static final SystemProperty<Integer> C2S_MAX_BURST
      The maximum number of new client-to-server connection attempts that can be accepted in a short burst. Helps absorb spikes without exceeding the sustained rate.

    • S2S_ENABLED

      public static final SystemProperty<Boolean> S2S_ENABLED
      Enables or disables rate limiting for new server-to-server (S2S) connections.

    • S2S_PERMITS_PER_SECOND

      public static final SystemProperty<Integer> S2S_PERMITS_PER_SECOND
      The sustained rate of new server-to-server connection attempts allowed per second. Applies to all S2S (federation) connection types, which currently is just TCP.

    • S2S_MAX_BURST

      public static final SystemProperty<Integer> S2S_MAX_BURST
      The maximum number of new server-to-server connection attempts that can be accepted in a short burst. Allows temporary bursts without violating the sustained rate.

    • RATE_LIMIT_LOG_INTERVAL

      public static final SystemProperty<Duration> RATE_LIMIT_LOG_INTERVAL
      The minimum time to suppress repeated log messages for rejected new connection attempts of the same connection type; a value of zero or less disables log suppression.

  • Method Details

    • getLimiter

      @Nonnull public static TokenBucketRateLimiter getLimiter(ConnectionType type)
      Retrieves the TokenBucketRateLimiter associated with the specified ConnectionType. All client-to-server connection types share the same limiter. Server-to-server connections share a separate limiter. This allows combined rate limiting for logical groups of connections.

      Unsupported connection types will cause an unlimited limiter that never blocks connections to be returned.

      Parameters:
      type - the connection type
      Returns:
      the TokenBucketRateLimiter associated with the connection type.

    • maybeLogRejection

      public static void maybeLogRejection(ConnectionType type)
      Used to log the rejection of a new connection due to rate limiting. Logging will only occur once per connection type within the configured suppression interval. If the suppression interval is zero or negative, every rejection will be logged.
      Parameters:
      type - The type of connection that was rejected.