středa 5. září 2012

Spring Security - How to prolong resonse times on login failed?

Spring Security - How to prolong resonse times on login failed?
It seems that there is nice and simple way to achive it, if you create own UsernamePasswordAuthenticationFilter.

An article on this topic can be found here http://mrather.blogspot.cz/2010/02/extending-usernamepasswordauthenticatio.html

import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

public class CustomUsernamePasswordAuthenticationFilter extends
        UsernamePasswordAuthenticationFilter {

    @Override
    protected void unsuccessfulAuthentication(HttpServletRequest request,
                                              HttpServletResponse response,
                                              AuthenticationException failed)
            throws IOException, ServletException {
        super.unsuccessfulAuthentication(request, response, failed);

        //Well login failed - we are going to prolong server response

        String username = request.getParameter(getUsernameParameter());
        String password = request.getParameter(getPasswordParameter());
        String ip = request.getRemoteAddr();

        //And here must be some code,
        // that prolong response based on previous login failed attempts
        ownResponseTimeProlonger.prolong(username, password, ip);
    }
}
OK - now you just need, or find something like ownResponseTimeProlonger.prolong(username, password, ip);

Žádné komentáře:

Okomentovat