Cocoon 3
  1. Cocoon 3
  2. COCOON3-89

Add feature to limit invalid login attempts

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.0-beta-1
    • Fix Version/s: 3.0.0-beta-1
    • Component/s: cocoon-shiro
    • Labels:
      None

      Description

      cocoon-shiro module should provide:
      1) Feature to record invalid login attempts count. On exceeding the predefined maximum allowed attempts, its should flag the state that maximum login attempts exceeded.
      2) A method in AbstractShiroLogin class to validate some data, which extending classes can implement and will be invoked prior to initiating actual login, like captcha etc.
      1. COCOON3-89.patch
        8 kB
        Ajay Deshwal
      2. COCOON3-89.patch
        8 kB
        Ajay Deshwal

        Activity

        Hide
        Hudson added a comment -
        Integrated in Cocoon-trunk #140 (See [https://builds.apache.org/job/Cocoon-trunk/140/])
            COCOON3-89
        Reporter:
            Ajay Deshwal
        Add feature to limit invalid login attempts

        Thanks Ajay for your patch (Revision 1243917)

             Result = SUCCESS
        thorsten : http://svn.apache.org/viewvc/?view=rev&rev=1243917
        Files :
        * /cocoon/cocoon3/trunk/cocoon-shiro-sample/src/main/java/org/apache/cocoon/shiro/sample/rest/LoginUser.java
        * /cocoon/cocoon3/trunk/cocoon-shiro/src/main/java/org/apache/cocoon/shiro/rest/AbstractShiroLogin.java
        Show
        Hudson added a comment - Integrated in Cocoon-trunk #140 (See [ https://builds.apache.org/job/Cocoon-trunk/140/ ])      COCOON3-89 Reporter:     Ajay Deshwal Add feature to limit invalid login attempts Thanks Ajay for your patch (Revision 1243917)      Result = SUCCESS thorsten : http://svn.apache.org/viewvc/?view=rev&rev=1243917 Files : * /cocoon/cocoon3/trunk/cocoon-shiro-sample/src/main/java/org/apache/cocoon/shiro/sample/rest/LoginUser.java * /cocoon/cocoon3/trunk/cocoon-shiro/src/main/java/org/apache/cocoon/shiro/rest/AbstractShiroLogin.java
        Hide
        Ajay Deshwal added a comment -
        Thanks you
        Show
        Ajay Deshwal added a comment - Thanks you
        Hide
        Thorsten Scherler added a comment -
        Committed revision 1243917.
        Show
        Thorsten Scherler added a comment - Committed revision 1243917.
        Hide
        Ajay Deshwal added a comment -
        Attaching again as forgot to check 'Grant license to ASF for inclusion' in last attachment.
        Show
        Ajay Deshwal added a comment - Attaching again as forgot to check 'Grant license to ASF for inclusion' in last attachment.
        Hide
        Ajay Deshwal added a comment -
        The attached patch enables AbstractShiroLogin to record invalid login attempts in same session and flag it in error response map by setting value of key 'loginAttemptExceeded' to boolean true. On the basis of this flag, application developer can do things like display separate error page or adapt other security mechanisms like captcha etc. Maximun number of allowed wrong attempts can be configured by overriding getAllowedWrongAttempts() method and returning allowed attempts in extending class.

        The patch also adds a method validatePreLogin() in AbstractShiroLogin which is invoked before initiating login. If this method returns a non-empty map, then login is skipped and map data is added to UrlResponse. It can be overridden in extending classes to perform validations before login like captcha etc.

        Show
        Ajay Deshwal added a comment - The attached patch enables AbstractShiroLogin to record invalid login attempts in same session and flag it in error response map by setting value of key 'loginAttemptExceeded' to boolean true. On the basis of this flag, application developer can do things like display separate error page or adapt other security mechanisms like captcha etc. Maximun number of allowed wrong attempts can be configured by overriding getAllowedWrongAttempts() method and returning allowed attempts in extending class. The patch also adds a method validatePreLogin() in AbstractShiroLogin which is invoked before initiating login. If this method returns a non-empty map, then login is skipped and map data is added to UrlResponse. It can be overridden in extending classes to perform validations before login like captcha etc.

          People

          • Assignee:
            Thorsten Scherler
            Reporter:
            Ajay Deshwal
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development