Cocoon 3
  1. Cocoon 3
  2. COCOON3-89

Add feature to limit invalid login attempts

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.0-beta-1
    • Fix Version/s: 3.0.0-beta-1
    • Component/s: cocoon-shiro
    • Labels:
      None

      Description

      cocoon-shiro module should provide:
      1) Feature to record invalid login attempts count. On exceeding the predefined maximum allowed attempts, its should flag the state that maximum login attempts exceeded.
      2) A method in AbstractShiroLogin class to validate some data, which extending classes can implement and will be invoked prior to initiating actual login, like captcha etc.
      1. COCOON3-89.patch
        8 kB
        Ajay Deshwal
      2. COCOON3-89.patch
        8 kB
        Ajay Deshwal

        Activity

        Ajay Deshwal created issue -
        Hide
        Ajay Deshwal added a comment -
        The attached patch enables AbstractShiroLogin to record invalid login attempts in same session and flag it in error response map by setting value of key 'loginAttemptExceeded' to boolean true. On the basis of this flag, application developer can do things like display separate error page or adapt other security mechanisms like captcha etc. Maximun number of allowed wrong attempts can be configured by overriding getAllowedWrongAttempts() method and returning allowed attempts in extending class.

        The patch also adds a method validatePreLogin() in AbstractShiroLogin which is invoked before initiating login. If this method returns a non-empty map, then login is skipped and map data is added to UrlResponse. It can be overridden in extending classes to perform validations before login like captcha etc.

        Show
        Ajay Deshwal added a comment - The attached patch enables AbstractShiroLogin to record invalid login attempts in same session and flag it in error response map by setting value of key 'loginAttemptExceeded' to boolean true. On the basis of this flag, application developer can do things like display separate error page or adapt other security mechanisms like captcha etc. Maximun number of allowed wrong attempts can be configured by overriding getAllowedWrongAttempts() method and returning allowed attempts in extending class. The patch also adds a method validatePreLogin() in AbstractShiroLogin which is invoked before initiating login. If this method returns a non-empty map, then login is skipped and map data is added to UrlResponse. It can be overridden in extending classes to perform validations before login like captcha etc.
        Ajay Deshwal made changes -
        Field Original Value New Value
        Attachment COCOON3-89.patch [ 12514488 ]
        Hide
        Ajay Deshwal added a comment -
        Attaching again as forgot to check 'Grant license to ASF for inclusion' in last attachment.
        Show
        Ajay Deshwal added a comment - Attaching again as forgot to check 'Grant license to ASF for inclusion' in last attachment.
        Ajay Deshwal made changes -
        Attachment COCOON3-89.patch [ 12514490 ]
        Thorsten Scherler made changes -
        Assignee Thorsten Scherler [ thorsten ]
        Hide
        Thorsten Scherler added a comment -
        Committed revision 1243917.
        Show
        Thorsten Scherler added a comment - Committed revision 1243917.
        Thorsten Scherler made changes -
        Status Open [ 1 ] Closed [ 6 ]
        Resolution Fixed [ 1 ]
        Hide
        Ajay Deshwal added a comment -
        Thanks you
        Show
        Ajay Deshwal added a comment - Thanks you
        Hide
        Hudson added a comment -
        Integrated in Cocoon-trunk #140 (See [https://builds.apache.org/job/Cocoon-trunk/140/])
            COCOON3-89
        Reporter:
            Ajay Deshwal
        Add feature to limit invalid login attempts

        Thanks Ajay for your patch (Revision 1243917)

             Result = SUCCESS
        thorsten : http://svn.apache.org/viewvc/?view=rev&rev=1243917
        Files :
        * /cocoon/cocoon3/trunk/cocoon-shiro-sample/src/main/java/org/apache/cocoon/shiro/sample/rest/LoginUser.java
        * /cocoon/cocoon3/trunk/cocoon-shiro/src/main/java/org/apache/cocoon/shiro/rest/AbstractShiroLogin.java
        Show
        Hudson added a comment - Integrated in Cocoon-trunk #140 (See [ https://builds.apache.org/job/Cocoon-trunk/140/ ])      COCOON3-89 Reporter:     Ajay Deshwal Add feature to limit invalid login attempts Thanks Ajay for your patch (Revision 1243917)      Result = SUCCESS thorsten : http://svn.apache.org/viewvc/?view=rev&rev=1243917 Files : * /cocoon/cocoon3/trunk/cocoon-shiro-sample/src/main/java/org/apache/cocoon/shiro/sample/rest/LoginUser.java * /cocoon/cocoon3/trunk/cocoon-shiro/src/main/java/org/apache/cocoon/shiro/rest/AbstractShiroLogin.java
        Francesco Chicchiriccò made changes -
        Fix Version/s 3.0.0-beta-1 [ 12317578 ]
        Transition Time In Source Status Execution Times Last Executer Last Execution Date
        Open Open Closed Closed
        1h 17m 1 Thorsten Scherler 14/Feb/12 13:44

          People

          • Assignee:
            Thorsten Scherler
            Reporter:
            Ajay Deshwal
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development