Was reading through the Invalid Login Attempt Throttling and had a couple of thoughts.
Refer to page: https://wiki.jasig.org/display/CASUM/Throttling+Login+Attempts First, it took me a little to realize that with the InMemory setup that the failureRangeInSeconds is meaningless except when logging the warning. Some mail archive searching confirmed that. Second, I need to do throttling in an HA environment: Here is a snippet from the documentation: For multi-node CAS instances there is one option that combines the auditing capabilities of the Inspektr package with the throttling package (and relies on a database). We don't use a DB for our audit logs since our Support teams use Splunkr for their log search and reporting needs. I also can't get an HA db and don't want to support it myself. Since we are using Terracotta, I thought I would give it a try and it seems to be working well. I see the ConcurrentHashMap in Terracotta and I see objects going into it when I have a failed login attempt. I have tried going to each tomcat instance individually and everything works as expected. For the auto decrement, I set it to 2*I (I is the expected interval). If I want the decrement to be 120s, I set each server (I have 2) to decrement every 240s so in effect I get something close to every 120s. Does this seem like a good idea to continue or does anybody see an issue that I haven't considered. Thanks! -John Tc-config-tomcat.xml (snippet) <roots> <!-- Defined Shared Roots --> <root> <!--The In-Memory Ticket Registry--> <field-name>org.jasig.cas.ticket.registry.DefaultTicketRegistry.cache</f ield-name> </root> <root> <!-- The in-Memory throttle cache --> <field-name>org.jasig.cas.web.support.AbstractInMemoryThrottledSubmissio nHandlerInterceptorAdapter.ipMap</field-name> </root> </roots> throttleInterceptorTrigger.xml <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:p="http://www.springframework.org/schema/p"; xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd";> <bean id="throttleInterceptor" class="org.jasig.cas.web.support.InMemoryThrottledSubmissionByIpAddressA ndUsernameHandlerInterceptorAdapter" p:failureRangeInSeconds="120" p:failureThreshold="3" /> <bean id="throttleInterceptorJobDetail" class="org.springframework.scheduling.quartz.MethodInvokingJobDetailFact oryBean" p:targetObject-ref="throttleInterceptor" p:targetMethod="decrementCounts" /> <bean id="periodicThrottleCleanerTrigger" class="org.springframework.scheduling.quartz.SimpleTriggerBean" p:jobDetail-ref="throttleInterceptorJobDetail" p:startDelay="0" p:repeatInterval="40000" /> </beans> Picture of Terracotta Console -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
<<image001.png>>
