Cocoon 3
  1. Cocoon 3
  2. COCOON3-89

Add feature to limit invalid login attempts

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.0-beta-1
    • Fix Version/s: 3.0.0-beta-1
    • Component/s: cocoon-shiro
    • Labels:
      None

      Description

      cocoon-shiro module should provide:
      1) Feature to record invalid login attempts count. On exceeding the predefined maximum allowed attempts, its should flag the state that maximum login attempts exceeded.
      2) A method in AbstractShiroLogin class to validate some data, which extending classes can implement and will be invoked prior to initiating actual login, like captcha etc.
      1. COCOON3-89.patch
        8 kB
        Ajay Deshwal
      2. COCOON3-89.patch
        8 kB
        Ajay Deshwal

        Activity

        Francesco Chicchiriccò made changes -
        Fix Version/s 3.0.0-beta-1 [ 12317578 ]
        Hide
        Hudson added a comment -
        Integrated in Cocoon-trunk #140 (See [https://builds.apache.org/job/Cocoon-trunk/140/])
            COCOON3-89
        Reporter:
            Ajay Deshwal
        Add feature to limit invalid login attempts

        Thanks Ajay for your patch (Revision 1243917)

             Result = SUCCESS
        thorsten : http://svn.apache.org/viewvc/?view=rev&rev=1243917
        Files :
        * /cocoon/cocoon3/trunk/cocoon-shiro-sample/src/main/java/org/apache/cocoon/shiro/sample/rest/LoginUser.java
        * /cocoon/cocoon3/trunk/cocoon-shiro/src/main/java/org/apache/cocoon/shiro/rest/AbstractShiroLogin.java
        Show
        Hudson added a comment - Integrated in Cocoon-trunk #140 (See [ https://builds.apache.org/job/Cocoon-trunk/140/ ])      COCOON3-89 Reporter:     Ajay Deshwal Add feature to limit invalid login attempts Thanks Ajay for your patch (Revision 1243917)      Result = SUCCESS thorsten : http://svn.apache.org/viewvc/?view=rev&rev=1243917 Files : * /cocoon/cocoon3/trunk/cocoon-shiro-sample/src/main/java/org/apache/cocoon/shiro/sample/rest/LoginUser.java * /cocoon/cocoon3/trunk/cocoon-shiro/src/main/java/org/apache/cocoon/shiro/rest/AbstractShiroLogin.java
        Hide
        Ajay Deshwal added a comment -
        Thanks you
        Show
        Ajay Deshwal added a comment - Thanks you
        Thorsten Scherler made changes -
        Status Open [ 1 ] Closed [ 6 ]
        Resolution Fixed [ 1 ]
        Hide
        Thorsten Scherler added a comment -
        Committed revision 1243917.
        Show
        Thorsten Scherler added a comment - Committed revision 1243917.
        Thorsten Scherler made changes -
        Assignee Thorsten Scherler [ thorsten ]
        Ajay Deshwal made changes -
        Attachment COCOON3-89.patch [ 12514490 ]
        Hide
        Ajay Deshwal added a comment -
        Attaching again as forgot to check 'Grant license to ASF for inclusion' in last attachment.
        Show
        Ajay Deshwal added a comment - Attaching again as forgot to check 'Grant license to ASF for inclusion' in last attachment.
        Ajay Deshwal made changes -
        Field Original Value New Value
        Attachment COCOON3-89.patch [ 12514488 ]
        Hide
        Ajay Deshwal added a comment -
        The attached patch enables AbstractShiroLogin to record invalid login attempts in same session and flag it in error response map by setting value of key 'loginAttemptExceeded' to boolean true. On the basis of this flag, application developer can do things like display separate error page or adapt other security mechanisms like captcha etc. Maximun number of allowed wrong attempts can be configured by overriding getAllowedWrongAttempts() method and returning allowed attempts in extending class.

        The patch also adds a method validatePreLogin() in AbstractShiroLogin which is invoked before initiating login. If this method returns a non-empty map, then login is skipped and map data is added to UrlResponse. It can be overridden in extending classes to perform validations before login like captcha etc.

        Show
        Ajay Deshwal added a comment - The attached patch enables AbstractShiroLogin to record invalid login attempts in same session and flag it in error response map by setting value of key 'loginAttemptExceeded' to boolean true. On the basis of this flag, application developer can do things like display separate error page or adapt other security mechanisms like captcha etc. Maximun number of allowed wrong attempts can be configured by overriding getAllowedWrongAttempts() method and returning allowed attempts in extending class. The patch also adds a method validatePreLogin() in AbstractShiroLogin which is invoked before initiating login. If this method returns a non-empty map, then login is skipped and map data is added to UrlResponse. It can be overridden in extending classes to perform validations before login like captcha etc.
        Ajay Deshwal created issue -

          People

          • Assignee:
            Thorsten Scherler
            Reporter:
            Ajay Deshwal
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development