Page History
Goal
...
- MAGNOLIA-3557
...
- Make account unaccessible after number of failed login attempts
...
- Let admin set number of max attempts (default 5?)
Solutions
a) Modify User interface and JCRAuthenticationModule
...
- after each failed attempt increase int number
...
- save this value as node data
...
- if reaches max value then lock
...
- after success login null value
b) Implement in login filter
...
- check user from http request and login result status
...
- check for user "repetition"
Actuall lockout
<b>Hard lock<b> Hard lock - use existing method to disable account until is enabled again by admin.
<b>Time lock<b> Time lock - implement lock based on time period before account is enabled again with possibility to null this and make account accessible immediately (in edit user dialog probably)
Overview
Content Tools