středa 5. září 2012

Spring Security - How to prolong resonse times on login failed?

Spring Security - How to prolong resonse times on login failed?
It seems that there is nice and simple way to achive it, if you create own UsernamePasswordAuthenticationFilter.

An article on this topic can be found here

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class CustomUsernamePasswordAuthenticationFilter extends
        UsernamePasswordAuthenticationFilter {

    protected void unsuccessfulAuthentication(HttpServletRequest request,
                                              HttpServletResponse response,
                                              AuthenticationException failed)
            throws IOException, ServletException {
        super.unsuccessfulAuthentication(request, response, failed);

        //Well login failed - we are going to prolong server response

        String username = request.getParameter(getUsernameParameter());
        String password = request.getParameter(getPasswordParameter());
        String ip = request.getRemoteAddr();

        //And here must be some code,
        // that prolong response based on previous login failed attempts
        ownResponseTimeProlonger.prolong(username, password, ip);
OK - now you just need, or find something like ownResponseTimeProlonger.prolong(username, password, ip);

Žádné komentáře: