Goal

• MAGNOLIA-3557

• Make account unaccessible after number of failed login attempts

• Let admin set number of max attempts (default 5?)

Solutions

a) Modify User interface and JCRAuthenticationModule

• after each failed attempt increase int number

...

• after success login null value

b) Implement in login filter

• check user from http request and login result status

• check for user "repetition"

Actuall lockout

Hard lock - use existing method to disable account until is enabled again by admin.

...