Package com.logicaldoc.core.security

Class LoginThrottle

java.lang.Object

com.logicaldoc.core.security.LoginThrottle

public class LoginThrottle
extends Object

Utility methods to prevent brute force attacks

Since:

7.6.3

Author:

Marco Meschieri - LogicalDOC

Field Summary

Fields

Modifier and Type	Field	Description
static final String	LOGINFAIL_IP
static final String	LOGINFAIL_USERNAME

Method Summary

Modifier and Type	Method	Description
static void	checkLoginThrottle(String username, String ip)	Performs anti brute force attack checks
static void	clearFailures(String username, String ip)	Clears the failures for the given username and or password
static void	recordFailure(String username, Client client, AuthenticationException exception)	Saves the login failure in the database

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

LOGINFAIL_IP

public static final String LOGINFAIL_IP

See Also:

• Constant Field Values

LOGINFAIL_USERNAME

public static final String LOGINFAIL_USERNAME

See Also:

• Constant Field Values

Method Details

clearFailures

public static void clearFailures(String username,
 String ip)

Clears the failures for the given username and or password

Parameters:

username - the username

ip - the IP address from which the login intent comes from

recordFailure

public static void recordFailure(String username,
 Client client,
 AuthenticationException exception)

Saves the login failure in the database

Parameters:

username - the username

client - the client address from which the login intent comes from

exception - the authentication exception

checkLoginThrottle

public static void checkLoginThrottle(String username,
 String ip)
                               throws AuthenticationException

Performs anti brute force attack checks

Parameters:

username - the username

ip - the IP address from which the login intent comes from

Throws:

AuthenticationException - if the authentication fails