Hi

I'm building Restful web services and I was thinking about implementing a little security. I would like to run a small class like the one below to keep track of ip addresses and how much they vote (The rest services registers votes on polls). I would like to limit the amount of votes in time and be able to log when somebody floods my votes. how would it be best to keep this in memory while the application is deployed/running? Or is reading and writing to the database the only option here?

All ideas are welcome

[CODE]package ao.services.helpers;

import java.util.ArrayList;
import java.util.Iterator;


public class TimeoutPolicy {

private static final Long timeout = 60L;
private static ArrayList notAuthorised = null;

public TimeoutPolicy(){

}

public synchronized boolean checkIp(String ip){
//Check if initialized
if(notAuthorised == null)
notAuthorised = new ArrayList<TimeoutPolicyEntry>();

//Delete items old enough
deleteOldEnough();

//Check if ip is in list
if(isIpInList(ip)){
System.out.println("Timeout policy violated by ip: " + ip);
return false;
}

notAuthorised.add(new TimeoutPolicyEntry(ip, System.currentTimeMillis() / 1000L));
return true;

}

private boolean isIpInList(String ip){
for (Iterator it = notAuthorised.iterator(); it.hasNext() {
TimeoutPolicyEntry e = (TimeoutPolicyEntry)it.next();
if(e.ip == ip)
return true;
}

return false;
}

private void deleteOldEnough(){
Long limit = (System.currentTimeMillis() / 1000L) - timeout;
for (Iterator it = notAuthorised.iterator(); it.hasNext() {
TimeoutPolicyEntry e = (TimeoutPolicyEntry)it.next();
if(e.timeStamp <= limit)
notAuthorised.remove(e);
}
}
}

class TimeoutPolicyEntry{
public String ip;
public Long timeStamp;

public TimeoutPolicyEntry(String ip, Long timeStamp){
this.ip = ip;
this.timeStamp = timeStamp;
}
}[CODE]