Package com.logicaldoc.core.security
Class LoginThrottle
java.lang.Object
com.logicaldoc.core.security.LoginThrottle
Utility methods to prevent brute force attacks
- Since:
- 7.6.3
- Author:
- Marco Meschieri - LogicalDOC
-
Field Summary
Fields -
Method Summary
Modifier and TypeMethodDescriptionstatic voidcheckLoginThrottle(String username, String apikey, String ip) Performs anti brute force attack checksstatic voidclearFailures(String username, String ip) Clears the failures for the given username and or passwordstatic voidrecordFailure(String username, String apiKey, Client client, AuthenticationException exception) Saves the login failure in the database
-
Field Details
-
LOGINFAIL_APIKEY
- See Also:
-
LOGINFAIL_IP
- See Also:
-
LOGINFAIL_USERNAME
- See Also:
-
-
Method Details
-
clearFailures
Clears the failures for the given username and or password- Parameters:
username- the usernameip- the IP address from which the login intent comes from
-
recordFailure
public static void recordFailure(String username, String apiKey, Client client, AuthenticationException exception) Saves the login failure in the database- Parameters:
username- the usernameapiKey- the API Keyclient- the client address from which the login intent comes fromexception- the authentication exception
-
checkLoginThrottle
public static void checkLoginThrottle(String username, String apikey, String ip) throws AuthenticationException Performs anti brute force attack checks- Parameters:
username- the usernameapikey- the API Keyip- the IP address from which the login intent comes from- Throws:
AuthenticationException- if the authentication fails
-