Page History
...
Devstatus |
---|
...
|
...
|
...
|
Officialdocu | ||||
---|---|---|---|---|
|
Account lockout was introduced with Magnolia 4.4.3
...
Goal
- Make account unaccessible after number of failed login attempts
- Let admin set number of max attempts (default 5?)
Solutions
a) Modify User interface and JCRAuthenticationModule
- after each failed attempt increase int number
- save this value as node data
- if reaches max value then lock
- after success login null value
b) Implement in login filter
- check user from http request and login result status
- check for user "repetition"
Actuall lockout
Hard lock - use existing method to disable account until is enabled again by admin.
...
Overview
Content Tools