Implementing Interface Rate Limiting with Spring Interceptor and Redis

The article introduces a demo that uses a Spring HandlerInterceptor and Redis to implement interface rate limiting, explaining the basic principle of concatenating IP address and URI as a unique key and counting accesses within a configurable time window.

It provides the project repository links and highlights the most important part of the implementation—the interceptor code that checks Redis for lock and count keys, increments request counts, and applies lock when the maximum number of accesses is exceeded.

Two code examples are shown: the original interceptor handling fixed configuration values and a refined version that uses a custom @AccessLimit annotation with reflection to allow per‑method or per‑class rate‑limit settings, enabling flexible x‑seconds, y‑times, and lock‑time parameters.

The article discusses the limitation of applying the same limits to all endpoints, proposing solutions such as multiple interceptors with different configurations or using custom annotations to specify limits individually.

It also examines practical issues like time‑window logic inaccuracies, path‑parameter handling (where different URI parameters should map to the same logical endpoint), and obtaining the real client IP when behind proxies, suggesting improvements for each case.

Finally, the author reflects on the learning experience, connecting the implementation to broader concepts such as annotations, reflection, singleton patterns, concurrency, and JVM internals, and encourages readers to explore further enhancements.