Goal

...

• MAGNOLIA-3557

...

• Make account unaccessible after number of failed login attempts

...

• Let admin set number of max attempts (default 5?)

Solutions

a) Modify User interface and JCRAuthenticationModule

...

• after each failed attempt increase int number

...

• save this value as node data

...

• if reaches max value then lock

...

• after success login null value

b) Implement in login filter

...

• check user from http request and login result status

...

• check for user "repetition"

Actuall lockout

<b>Hard lock<b> Hard lock - use existing method to disable account until is enabled again by admin.

<b>Time lock<b> Time lock - implement lock based on time period before account is enabled again with possibility to null this and make account accessible immediately (in edit user dialog probably)