Page History
Wiki Markup |
---|
{rate} {status:implemented|4.4} See [Security > Users|http://documentation.magnolia-cms.com/administration/security/users.html#Automaticlockout] documentation {status} h1. Goal - [MAGNOLIA-3557|http://jira.magnolia-cms.com/browse/MAGNOLIA-3557] - Make account unaccessible after number of failed login attempts - Let admin set number of max attempts (default 5?) h1. Solutions h3. a) Modify User interface and JCRAuthenticationModule - after each failed attempt increase int number - save this value as node data - if reaches max value then lock - after success login null value h3. b) Implement in login filter - check user from http request and login result status - check for user "repetition" h3. Actuall lockout *Hard lock* \- use existing method to disable account until is enabled again by admin. *Time lock* \- implement lock based on time period before account is enabled again with possibility to null this and make account accessible immediately (in edit user dialog probably) |
Overview
Content Tools