cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ajay Deshwal (Updated) (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (COCOON3-89) Add feature to limit invalid login attempts
Date Tue, 14 Feb 2012 13:11:00 GMT

     [ https://issues.apache.org/jira/browse/COCOON3-89?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Ajay Deshwal updated COCOON3-89:
--------------------------------

    Attachment: COCOON3-89.patch

The attached patch enables AbstractShiroLogin to record invalid login attempts in same session
and flag it in error response map by setting value of key 'loginAttemptExceeded' to boolean
true. On the basis of this flag, application developer can do things like display separate
error page or adapt other security mechanisms like captcha etc. Maximun number of allowed
wrong attempts can be configured by overriding getAllowedWrongAttempts() method and returning
allowed attempts in extending class.

The patch also adds a method validatePreLogin() in AbstractShiroLogin which is invoked before
initiating login. If this method returns a non-empty map, then login is skipped and map data
is added to UrlResponse. It can be overridden in extending classes to perform validations
before login like captcha etc.


                
> Add feature to limit invalid login attempts
> -------------------------------------------
>
>                 Key: COCOON3-89
>                 URL: https://issues.apache.org/jira/browse/COCOON3-89
>             Project: Cocoon 3
>          Issue Type: Improvement
>          Components: cocoon-shiro
>    Affects Versions: 3.0.0-beta-1
>            Reporter: Ajay Deshwal
>         Attachments: COCOON3-89.patch
>
>
> cocoon-shiro module should provide:
> 1)  Feature to record invalid login attempts count. On exceeding the predefined maximum
allowed attempts, its should flag the state that maximum login attempts exceeded.
> 2)  A method in AbstractShiroLogin class to validate some data, which extending classes
can implement and will be invoked prior to initiating actual login, like captcha etc.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message