Hello there, I have set up the throttling (in-memory) for the JaSig CAS and I have a question about the number of login attempts within a given interval.
What I actually want, is to allow 3 login attempts per interval of 30 minutes. =========== USE CASES =========== Desired result (case 1) ---------------------------------- Time: 11:00:00 Info: User "AA" tries to log in from IP "4.4.4.4" using incorrect password. Result: "Incorrect credentials" message. Time: 11:00:20 Info: User "AA" tries to log in from IP "4.4.4.4" using incorrect password. Result: "Incorrect credentials" message. Time: 11:00:42 Info: User "AA" tries to log in from IP "4.4.4.4" using incorrect password. Result: "Incorrect credentials" message. Time: 11:01:09 Info: User "AA" tries to log in from IP "4.4.4.4" using incorrect password. Result: "Access denied" message. Desired result (case 2) ---------------------------------- Time: 13:00:00 Info: User "AA" tries to log in from IP "4.4.4.4" using incorrect password. Result: "Incorrect credentials" message. Time: 13:00:20 Info: User "AA" tries to log in from IP "4.4.4.4" using incorrect password. Result: "Incorrect credentials" message. Time: 13:00:42 Info: User "AA" tries to log in from IP "4.4.4.4" using correct password. Result: User logged in. =========== END USE CASES =========== Contents of my "throttleInterceptorTrigger.xml" file --------------------------------------------------------------------------- <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:p="http://www.springframework.org/schema/p"; xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd";> <bean id="throttleInterceptor" class="org.jasig.cas.web.support.InMemoryThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter" p:failureRangeInSeconds="1800" p:failureThreshold="3"/> <bean id="throttleInterceptorJobDetail" class="org.springframework.scheduling.quartz.MethodInvokingJobDetailFactoryBean" p:targetObject-ref="throttleInterceptor" p:targetMethod="decrementCounts" /> <bean id="periodicThrottleCleanerTrigger" class="org.springframework.scheduling.quartz.SimpleTriggerBean" p:jobDetail-ref="throttleInterceptorJobDetail" p:startDelay="0" p:repeatInterval="10" /> </beans> --------------------------------------------------------------------------- Help is greatly appreciated! Best regards, -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
