Spring Security - How to prolong resonse times on login failed?
It seems that there is nice and simple way to achive it, if you create own UsernamePasswordAuthenticationFilter.
An article on this topic can be found here http://mrather.blogspot.cz/2010/02/extending-usernamepasswordauthenticatio.html
import org.springframework.security.core.AuthenticationException; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; public class CustomUsernamePasswordAuthenticationFilter extends UsernamePasswordAuthenticationFilter { @Override protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) throws IOException, ServletException { super.unsuccessfulAuthentication(request, response, failed); //Well login failed - we are going to prolong server response String username = request.getParameter(getUsernameParameter()); String password = request.getParameter(getPasswordParameter()); String ip = request.getRemoteAddr(); //And here must be some code, // that prolong response based on previous login failed attempts ownResponseTimeProlonger.prolong(username, password, ip); } }OK - now you just need, or find something like ownResponseTimeProlonger.prolong(username, password, ip);
Žádné komentáře:
Okomentovat