flood control feature request

Can a flood control be put into the server side terminal, that when it receives a control id in under a customizable time period, it should ignore the request.

The logic would be like this:

  • at the start of the application create a list of control ids that are allowed to communicate with the appliacation (everything else ignore) - in which there is a list of controls that are flood controlled, and free control ids;
  • when the user interacts with a control, the flood control should remove that id from the list of allowed ids into a separate controlled area/state with a timer, that inserts the control back as soon as the cooldown timer expires. If the control was not set for flood control, it is either marked to, or contained in an area that marks it as free of flood control.

The time amount would be settable both at global and control based level, in a inherited manner so that:

  • there would be an application level switch that would enable/disable flood control for all controls;
  • controls would be able to set/unset themselves for flood control individually, regardless of global setting which is for convenience

I think this is especially needed for Vaadin, because almost all user interactions communicate with the server.
Open Firebug in Net (to see traffic) then click on a button in your application w/o releasing the button, then press Enter w/o releasing the key. Same as selecting that button with Tab and keeping Enter pressed, it will start a flood of requests. I don’t think anyone intends to have that in his application on all his controls. Added a war demo to import into Eclipse and play with this.

Also gave it a thought, and i don’t think it’s very fiable at the server side terminal, because the erratic timing of the request reaching the server (needs some observation). In any case, until then, I envision there can be done a thread by the user that can be started from a listener, and time the difference between events, so they don’t happen too often.
11417.war (14.2 KB)

Some things need fixing somehow.
If you scroll the table:

by mouse, from top to bottom you get 1 request.

(You going to hate me for this) :grin:
But if you scroll using Page Down or Page Up from one end to another, although you don’t stop or release the key, you get up to 8 requests.

I think the scroll by up/down keys is supposed to work like that so no criticism there -_-


I think this is an issue in Table’s new keyboard navigation. I have recently fixed some other issues related to this feature, so I’l try to fix this today while I still remember how things work there.


I’m raising the anti-flood problem again, but I have a question:

I forgot how to get the control’s ID. I noted somewhere that I should subclass Application to keep a collection of these IDs, but I remember I knew how to get these control IDs and also I didn’t take note how. Does someone know how?

Also, my description in the first post of how the feature should look is wrong.
Basicly all needs be done is a map to keep (an int , a long <System.currentTimeMillis()>)
When the user pushes a button, the system checks if the collection contains that id, if it does and its time is too soon to accept that ControlId for processing, ignore, else, that button’s ID with the current time is added to the map.
While checking for existing ControlId’s, we can remove the entries that expired while iterating for our control. Perhaps every 10 requests or in a timed thread to give it optimal performance.

Conclusion: I think this system is quite impracticable though, so I only protected key events against spam.
I think a client-side solution is practical instead, as to not send a request at all on a repeated button push, which would probably require a separate “anti-spam” button to not clutter all the other functionality with unneeded checks.

Possible solutions:

  1. the PID approach would need to be an inside the framework change, before Vaadin dispatches the event of that particular PID (I don’t know how to patch that yet, nor I wish to though)

  2. there seems to be an application way, if I could intercept all events for Components of type Click, DoubleClick etc., register\check their reference in a collection, and remove the event if it’s already registered and not expired, or register the reference and don’t do anything about the event, but I don’t know the Vaadin event model enough

EDIT: For instance how do I get this PID. That’s the “control id” I need to register I think: