Tomcatで同一セッションからの連続アクセスを制限するフィルタ

package com.yourdomain.filter;

import java.io.IOException;
import java.util.Date;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/**
 * 
 */
public class LimitFilter implements Filter {

  static final String SESSION_LAST_ACCESS_KEY = "LimitFilter.lastAccess";

  static final String SESSION_LAST_REJECT_KEY = "LimitFilter.lastReject";

  static final String SESSION_ACCESS_COUNT_KEY = "LimitFilter.accessCount";

  static final long thresholdTime = 3000;

  static final long resumeTime = 180000;

  static final int thresholdNum = 200;

  private ServletContext servletContext;

  /**
  *
  */
  @Override
  public void destroy() {
  }

  @Override
  public void doFilter(ServletRequest request, ServletResponse response,
      FilterChain filterChain) throws IOException, ServletException {
    try {
      boolean rejected = false;
      try {
        HttpSession session = ((HttpServletRequest) request).getSession();
        long current = (new Date()).getTime();
        if (session != null) {
          long lastAccess;
          long lastReject;
          int accessCount;
          try {
            lastAccess = (Long) session.getAttribute(SESSION_LAST_ACCESS_KEY);
            lastReject = (Long) session.getAttribute(SESSION_LAST_REJECT_KEY);
            accessCount =
              (Integer) session.getAttribute(SESSION_ACCESS_COUNT_KEY);
          } catch (Exception num) {
            lastAccess = 0;
            lastReject = 0;
            accessCount = 0;
          }

          if (((lastReject > 0) && (current - lastReject <= resumeTime))
            || (accessCount > thresholdNum)) {

            if ((lastReject > 0) && (current - lastReject <= resumeTime)) {
              accessCount = 1;
            }

            lastReject = current;
            ((HttpServletResponse) response).sendRedirect(servletContext
              .getContextPath()
              + "/limit.html");
            rejected = true;
          } else {
            if (current - lastAccess > thresholdTime) {
              accessCount = 1;
            } else {
              accessCount++;
            }
            lastReject = 0;
          }
          lastAccess = current;
          session.setAttribute(SESSION_LAST_ACCESS_KEY, lastAccess);
          session.setAttribute(SESSION_LAST_REJECT_KEY, lastReject);
          session.setAttribute(SESSION_ACCESS_COUNT_KEY, accessCount);
        }
      } catch (Exception e1) {
      }
      if (!rejected) {
        filterChain.doFilter(request, response);
      }
    } finally {
    }
  }

  /**
   * @param arg0
   * @throws ServletException
   */
  @Override
  public void init(FilterConfig arg0) throws ServletException {
    servletContext = arg0.getServletContext();
  }
}