added configuration options for login attempt limits

2025-11-09 06:55:47 +01:00 · 2013-09-16 17:36:16 +02:00
parent bfa4372626
commit b2c1336b08
3 changed files with 258 additions and 28 deletions
--- a/scm-webapp/src/main/java/sonia/scm/security/ConfigurableLoginAttemptHandler.java
+++ b/scm-webapp/src/main/java/sonia/scm/security/ConfigurableLoginAttemptHandler.java
@@ -95,17 +95,83 @@ public class ConfigurableLoginAttemptHandler implements LoginAttemptHandler
  @Override
  public void beforeAuthentication(AuthenticationToken token)
    throws AuthenticationException
+  {
+    if (isEnabled())
+    {
+      handleBeforeAuthentication(token);
+    }
+    else
+    {
+      logger.trace("LoginAttemptHandler is disabled");
+    }
+  }
+
+  /**
+   * Method description
+   *
+   *
+   * @param token
+   * @param result
+   *
+   * @throws AuthenticationException
+   */
+  @Override
+  public void onSuccessfulAuthentication(AuthenticationToken token,
+    AuthenticationResult result)
+    throws AuthenticationException
+  {
+    if (isEnabled())
+    {
+      handleOnSuccessfulAuthentication(token);
+    }
+    else
+    {
+      logger.trace("LoginAttemptHandler is disabled");
+    }
+  }
+
+  /**
+   * Method description
+   *
+   *
+   * @param token
+   * @param result
+   *
+   * @throws AuthenticationException
+   */
+  @Override
+  public void onUnsuccessfulAuthentication(AuthenticationToken token,
+    AuthenticationResult result)
+    throws AuthenticationException
+  {
+    if (isEnabled())
+    {
+      handleOnUnsuccessfulAuthentication(token);
+    }
+    else
+    {
+      logger.trace("LoginAttemptHandler is disabled");
+    }
+  }
+
+  /**
+   * Method description
+   *
+   *
+   * @param token
+   */
+  private void handleBeforeAuthentication(AuthenticationToken token)
  {
    LoginAttempt attempt = getAttempt(token);
    long time = System.currentTimeMillis() - attempt.lastAttempt;

-    if (time > TimeUnit.SECONDS.toMillis(5l))
+    if (time > getLoginAttemptLimitTimeout())
    {
      logger.debug("reset login attempts for {}, because of time",
        token.getPrincipal());
      attempt.reset();
    }
-    else if (attempt.counter >= 5)
+    else if (attempt.counter >= configuration.getLoginAttemptLimit())
    {
      logger.warn("account {} is temporary locked, because of {}",
        token.getPrincipal(), attempt);
@@ -124,9 +190,7 @@ public class ConfigurableLoginAttemptHandler implements LoginAttemptHandler
   *
   * @throws AuthenticationException
   */
-  @Override
-  public void onSuccessfulAuthentication(AuthenticationToken token,
-    AuthenticationResult result)
+  private void handleOnSuccessfulAuthentication(AuthenticationToken token)
    throws AuthenticationException
  {
    logger.debug("reset login attempts for {}, because of successful login",
@@ -143,9 +207,7 @@ public class ConfigurableLoginAttemptHandler implements LoginAttemptHandler
   *
   * @throws AuthenticationException
   */
-  @Override
-  public void onUnsuccessfulAuthentication(AuthenticationToken token,
-    AuthenticationResult result)
+  private void handleOnUnsuccessfulAuthentication(AuthenticationToken token)
    throws AuthenticationException
  {
    logger.debug("increase failed login attempts for {}", token.getPrincipal());
@@ -179,6 +241,30 @@ public class ConfigurableLoginAttemptHandler implements LoginAttemptHandler
    return attempt;
  }

+  /**
+   * Method description
+   *
+   *
+   * @return
+   */
+  private long getLoginAttemptLimitTimeout()
+  {
+    return TimeUnit.SECONDS.toMillis(
+      configuration.getLoginAttemptLimitTimeout());
+  }
+
+  /**
+   * Method description
+   *
+   *
+   * @return
+   */
+  private boolean isEnabled()
+  {
+    return (configuration.getLoginAttemptLimit() > 0)
+      && (configuration.getLoginAttemptLimitTimeout() > 0l);
+  }
+
  //~--- inner classes --------------------------------------------------------

  /**