You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Goal

- MAGNOLIA-3557

- Make account unaccessible after number of failed login attempts

- Let admin set number of max attempts (default 5?)

Solutions

a) Modify User interface and JCRAuthenticationModule

- after each failed attempt increase int number

- save this value as node data

- if reaches max value then lock

- after success login null value

b) Implement in login filter

- check user from http request and login result status

- check for user "repetition"

Actuall lockout

<b>Hard lock<b> - use existing method to disable account until is enabled again by admin.

<b>Time lock<b> - implement lock based on time period before account is enabled again with possibility to null this and make account accessible immediately (in edit user dialog probably)

  • No labels