commit a93be6a7e02ef69550cc497bc0af173291015869
author margaretha <margaretha@ids-mannheim.de> Mon May 18 10:46:50 2026 +0200
committer margaretha <margaretha@ids-mannheim.de> Mon May 18 13:00:14 2026 +0200
tree 0a7c565027f281b11409fc43ef9d488df3b206ab
parent f3f224fb1b3a93df27f94a31e26a1c99abe117df

Make rate-limit optional [AI-assisted]

Enabled by default for kustvakt.conf and kustvakt-test.conf

The RateLimitFilter is now registered as a @Provider and has been
removed from @ResourceFilters.

Change-Id: I281e42614c2bb58cb84766969e6b3cae1f89c172

src/test/java/de/ids_mannheim/korap/web/controller/RateLimitTest.java

diff --git a/src/test/java/de/ids_mannheim/korap/web/controller/RateLimitTest.java b/src/test/java/de/ids_mannheim/korap/web/controller/RateLimitTest.java
index 7c74082..fdcdc3c 100644
--- a/src/test/java/de/ids_mannheim/korap/web/controller/RateLimitTest.java
+++ b/src/test/java/de/ids_mannheim/korap/web/controller/RateLimitTest.java
@@ -4,6 +4,7 @@
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.parallel.Isolated;
 import org.springframework.beans.factory.annotation.Autowired;
 
 import com.fasterxml.jackson.databind.JsonNode;
@@ -21,6 +22,7 @@
  * 
  * Implemented with AI assistance
  */
+@Isolated
 public class RateLimitTest extends OAuth2TestBase {
 	@Autowired
     private RateLimitFilter rateLimitFilter;
@@ -51,4 +53,29 @@
 		assertEquals(429, limited.getStatus());
 		limited.close();
 	}
+
+	@Test
+	public void testRateLimitDisabled () throws KustvaktException {
+		rateLimitFilter.setEnabled(false);
+		try {
+			Response response = requestTokenWithDoryPassword(superClientId,
+					clientSecret);
+			JsonNode node = JsonUtils
+					.readTree(response.readEntity(String.class));
+			String accessToken = node.at("/access_token").asText();
+
+			// Exceed burst capacity – all requests should still succeed
+			long overLimit = rateLimitFilter.getBurstCapacity() + 5;
+			for (long i = 0; i < overLimit; i++) {
+				Response r = searchWithAccessToken(accessToken);
+				assertEquals(Status.OK.getStatusCode(), r.getStatus(),
+						"request " + i + " should succeed when rate limiting is disabled");
+				r.close();
+			}
+		}
+		finally {
+			// Always re-enable so other tests are not affected
+			rateLimitFilter.setEnabled(true);
+		}
+	}
 }
\ No newline at end of file

src/test/resources/kustvakt-test.conf

diff --git a/src/test/resources/kustvakt-test.conf b/src/test/resources/kustvakt-test.conf
index 8f7cf6a..18c4a9f 100644
--- a/src/test/resources/kustvakt-test.conf
+++ b/src/test/resources/kustvakt-test.conf
@@ -66,6 +66,8 @@
 
 # Rate limiting for authenticated users
 #
+# Enable or disable rate limiting (true/false)
+ratelimit.enabled = true
 # Number of requests allowed per time period
 ratelimit.refill.tokens = 5
 # Time period for token refill (format: 1S, 30M, 1H, 1D)