implement login attempt handler to handle failed authentications

2025-11-14 17:26:22 +01:00 · 2013-09-16 13:58:19 +02:00
parent 364ecfbdb8
commit bfa4372626
6 changed files with 436 additions and 16 deletions
--- a/scm-webapp/src/test/java/sonia/scm/security/ConfigurableLoginAttemptHandlerTest.java
+++ b/scm-webapp/src/test/java/sonia/scm/security/ConfigurableLoginAttemptHandlerTest.java
@@ -0,0 +1,64 @@
+/**
+ * Copyright (c) 2010, Sebastian Sdorra
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer. 2. Redistributions in
+ * binary form must reproduce the above copyright notice, this list of
+ * conditions and the following disclaimer in the documentation and/or other
+ * materials provided with the distribution. 3. Neither the name of SCM-Manager;
+ * nor the names of its contributors may be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * http://bitbucket.org/sdorra/scm-manager
+ *
+ */
+package sonia.scm.security;
+
+import java.util.concurrent.TimeUnit;
+import org.apache.shiro.authc.UsernamePasswordToken;
+import org.junit.Test;
+import sonia.scm.web.security.AuthenticationResult;
+
+/**
+ *
+ * @author Sebastian Sdorra
+ */
+public class ConfigurableLoginAttemptHandlerTest
+{
+ 
+  @Test
+  public void testLoginAttempt() throws InterruptedException
+  {
+    ConfigurableLoginAttemptHandler handler = new ConfigurableLoginAttemptHandler(null);
+    UsernamePasswordToken token = new UsernamePasswordToken("hansolo", "hobbo");
+    handler.beforeAuthentication(token);
+    handler.onUnsuccessfulAuthentication(token, AuthenticationResult.FAILED);
+        handler.beforeAuthentication(token);
+    handler.onUnsuccessfulAuthentication(token, AuthenticationResult.FAILED);
+        handler.beforeAuthentication(token);
+    handler.onUnsuccessfulAuthentication(token, AuthenticationResult.FAILED);
+        handler.beforeAuthentication(token);
+    handler.onUnsuccessfulAuthentication(token, AuthenticationResult.FAILED);
+        handler.beforeAuthentication(token);
+    handler.onUnsuccessfulAuthentication(token, AuthenticationResult.FAILED);
+    // asd
+    Thread.currentThread().sleep(TimeUnit.SECONDS.toMillis(10));
+    handler.beforeAuthentication(token);
+  }
+  
+}
--- a/scm-webapp/src/test/java/sonia/scm/security/ScmRealmTest.java
+++ b/scm-webapp/src/test/java/sonia/scm/security/ScmRealmTest.java
@@ -41,6 +41,7 @@ import com.google.common.collect.ImmutableSet;
 import com.google.inject.Provider;

 import org.apache.shiro.authc.AccountException;
+import org.apache.shiro.authc.AuthenticationException;
 import org.apache.shiro.authc.AuthenticationInfo;
 import org.apache.shiro.authc.AuthenticationToken;
 import org.apache.shiro.authc.UnknownAccountException;
@@ -484,9 +485,25 @@ public class ScmRealmTest
      securitySystem, 
      new RepositoryPermissionResolver()
    );
+    
+    LoginAttemptHandler dummyLoginAttemptHandler = new LoginAttemptHandler()
+    {
+      @Override
+      public void beforeAuthentication(AuthenticationToken token)
+        throws AuthenticationException {}
+
+      @Override
+      public void onSuccessfulAuthentication(AuthenticationToken token,
+        AuthenticationResult result) throws AuthenticationException {}
+
+      @Override
+      public void onUnsuccessfulAuthentication(AuthenticationToken token,
+        AuthenticationResult result) throws AuthenticationException {}
+    };

    return new ScmRealm(
      new ScmConfiguration(),
+      dummyLoginAttemptHandler,
      collector,
      // cacheManager,
      userManager,