tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From removeps-c...@yahoo.com
Subject Re: Connection.close() has already been called during login
Date Mon, 23 Jan 2012 21:20:56 GMT
My code does not talk to another cluster as I have a single Tomcat only, but just wondering
how one would scale.

Maybe the strategy to handle clusters is to write information, such as the list of the users
to the number of times they have logged in in the last hour, into a location shared by all
machines.  In my code below the code is stored in failedAttempts which is a Map<String
/*username/*, FailedAttempt> where FailedAttempt represents the number of times the user
has logged in in the last hour or whatever.  It is in-memory, which is fine for one Tomcat.

But we could move this Map into a file that is on a mounted drive available from all Tomcat
machines, or we could store it in the database.  Either way we have to synchronize writes
to the file or database, and I think database does this automatically, and maybe FileLock
will do the job for the files.  But anyway, it sounds complicated.

As for my my authenticate it was as follows, although I don't see this should cause the failure
in the subject of this email -- "Connection.close() has already been called during login":

   public Principal authenticate(String username, String credentials)
   {
      threadUserLockedOut.remove();
      long curTime = System.currentTimeMillis();
      FailedAttempt failedAttempt = failedAttempts.get(username);
      if (failedAttempt != null && failedAttempt.checkFailedAttemptsReached(curTime))
      {
         threadUserLockedOut.set(Boolean.TRUE);
         return null;
      }
      Principal result = super.authenticate(username, credentials);
      if (result == null)
      {
         if (failedAttempt != null)
         {
            failedAttempt.incNumFailedAttempts();
            if (failedAttempt.maxFailedAttemptsReached())
            {
               failedAttempt.setFirstFailedTime(curTime);
               logger.warn("User '" + username + "' is locked out after " + MAX_FAILED_ATTEMPTS
+ " failed attempts");
               threadUserLockedOut.set(Boolean.TRUE);
               return null;
            }
         }
         else
         {
            failedAttempt = new FailedAttempt(curTime);
            failedAttempts.put(username, failedAttempt);
         }
      }
      else
      {
         if (failedAttempt != null)
         {
            failedAttempts.remove(username);
         }
      }
      return result;
   }


--- On Mon, 1/23/12, Christopher Schultz <chris@christopherschultz.net> wrote:

> From: Christopher Schultz <chris@christopherschultz.net>
> Subject: Re: Connection.close() has already been called during login
> To: "Tomcat Users List" <users@tomcat.apache.org>
> Date: Monday, January 23, 2012, 12:15 PM
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> To whom it may concern,
> 
> On 1/23/12 2:54 PM, removeps-code@yahoo.com
> wrote:
> > Sorry, I did not know about [LockOutRealm].  Will
> this class work
> > if you have many Tomcats on different machines
> (possibly load
> > balancing) so regardless of which exact machine the
> user is
> > directed to, lock realm will know the number of failed
> login
> > attempts on other machines?
> 
> No, neither this nor any other Tomcat realms are
> cluster-aware.
> 
> If you want to track authentication failures across a
> cluster, you
> could subclass LockOutRealm and override these methods:
> 
> - - isLocked
> - - unlock
> - - registerAuthFailure
> 
> This will allow you to handle the cluster-sync behavior
> separately
> from the authentication behavior which this class already
> handles.
> 
> I'm interested in seeing what you come up with for
> communicating with
> the rest of the cluster.
> 
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> 
> iEYEARECAAYFAk8dv+4ACgkQ9CaO5/Lv0PDRnwCgvZFJvYXbU8Gwec6y430aD/rz
> Kk4An2C5ZwXZf4NEaS31A5CWngqGxI9F
> =zDyr
> -----END PGP SIGNATURE-----
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message