Package com.jalios.jcms.authentication
Class AuthenticationThrottleManager
- java.lang.Object
-
- com.jalios.jcms.security.Throttler
-
- com.jalios.jcms.authentication.AuthenticationThrottleManager
-
public final class AuthenticationThrottleManager extends Throttler
This singleton manages authentication throttling.- Since:
- jcms-10.0.7 / JCMS-8083
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from class com.jalios.jcms.security.Throttler
Throttler.Action
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.StringENABLED_PROPEnable throttling or not ?static java.lang.StringRANGE_PROPTime range in seconds during which the threshold is verified.static java.lang.StringTHRESHOLD_PROPNumber of failed login attempts permitted in specified time range.static java.lang.StringTHROTTLING_DURATION_PROPNumber of seconds before the blocked/throttled can be released.-
Fields inherited from class com.jalios.jcms.security.Throttler
ENABLED_PROP_SUFFIX, RANGE_PROP_SUFFIX, THRESHOLD_PROP_SUFFIX, THROTTLING_DURATION_PROP_SUFFIX
-
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static AuthenticationThrottleManagergetInstance()voidrecordAuthenticationFailure(java.lang.String userId, AuthenticationContext ctxt, java.lang.Class<? extends AuthenticationHandler> authHdlrClass)Record a failed authentication attempt.booleanthrottleIfNeeded(java.lang.String userId, AuthenticationContext ctxt, java.lang.Class<? extends AuthenticationHandler> authHdlrClass)Throttle an authentication attempt given specified context.-
Methods inherited from class com.jalios.jcms.security.Throttler
getRange, getRemoteIp, getThreshold, getThrottleDuration, init, init, isThrottleEnabled, recordAction, recordAction, throttleIfNeeded
-
-
-
-
Field Detail
-
ENABLED_PROP
public static final java.lang.String ENABLED_PROP
Enable throttling or not ?- See Also:
- Constant Field Values
-
RANGE_PROP
public static final java.lang.String RANGE_PROP
Time range in seconds during which the threshold is verified.- See Also:
- Constant Field Values
-
THRESHOLD_PROP
public static final java.lang.String THRESHOLD_PROP
Number of failed login attempts permitted in specified time range.- See Also:
- Constant Field Values
-
THROTTLING_DURATION_PROP
public static final java.lang.String THROTTLING_DURATION_PROP
Number of seconds before the blocked/throttled can be released.- See Also:
- Constant Field Values
-
-
Method Detail
-
getInstance
public static final AuthenticationThrottleManager getInstance()
-
recordAuthenticationFailure
public void recordAuthenticationFailure(java.lang.String userId, AuthenticationContext ctxt, java.lang.Class<? extends AuthenticationHandler> authHdlrClass)Record a failed authentication attempt.Records of failed authentication must be performed to ensure throttling of brute force authentication atttempt for same context (user/ip).
- Parameters:
userId- a unique and constant identifier used to track the User/Member for which authentication failedctxt- the AuthenticationContext associated to the authentication attemptauthHdlrClass- the class of AuthenticationHandler trying to handle the authentication attempt- Since:
- jcms-10.0.7 / JCMS-8083
-
throttleIfNeeded
public boolean throttleIfNeeded(java.lang.String userId, AuthenticationContext ctxt, java.lang.Class<? extends AuthenticationHandler> authHdlrClass)Throttle an authentication attempt given specified context.- Parameters:
userId- a unique and constant identifier used to track the User/Member for which authentication is being attemptedctxt- the AuthenticationContext associated to the authentication attemptauthHdlrClass- the class of AuthenticationHandler trying to handle the authentication attempt- Returns:
- true if thottling occurred, false otherwise
- Since:
- jcms-10.0.7 / JCMS-8083
-
-