I added the following in deployerConfigContext.xml,
<bean id="loginThrottle"
class="org.jasig.cas.web.support.InspektrThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter"
c:auditTrailManager-ref="auditTrailManager"
c:dataSource-ref="dataSource"
p:failureRangeInSeconds="60"
p:failureThreshold="3" />
<bean id="dataSource"
class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close"
lazy-init="true"
p:poolPreparedStatements="true"
p:url="jdbc:h2:tcp://localhost/~/test"
p:username="sa"
p:password=""
p:driverClassName="org.h2.Driver"
p:validationQuery="SELECT 1" />
<bean id="auditTrailManager"
class="com.github.inspektr.audit.support.JdbcAuditTrailManager"
c:transactionTemplate-ref="inspektrTransactionTemplate"
p:dataSource-ref="dataSource" />
<bean id="inspektrTransactionManager"
class="org.springframework.jdbc.datasource.DataSourceTransactionManager"
p:dataSource-ref="dataSource" />
<bean id="inspektrTransactionTemplate"
class="org.springframework.transaction.support.TransactionTemplate"
p:transactionManager-ref="inspektrTransactionManager"
p:isolationLevelName="ISOLATION_READ_COMMITTED"
p:propagationBehaviorName="PROPAGATION_REQUIRED" />
and revised the cas-servlet.xml to,
<bean id="loginFlowHandlerMapping"
class="org.springframework.webflow.mvc.servlet.FlowHandlerMapping"
p:flowRegistry-ref="loginFlowRegistry" p:order="2">
<property name="interceptors">
<array
value-type="org.springframework.web.servlet.HandlerInterceptor">
<ref bean="localeChangeInterceptor" />
<ref bean="loginThrottle" />
</array>
</property>
</bean>
After that, I made a few failed logins, and found that the database is
storing the following entries,
AUD_USER AUD_CLIENT_IP AUD_SERVER_IP AUD_RESOURCE AUD_ACTION APPLIC_CD
AUD_DATE
<http://172.25.208.184:8082/query.do?jsessionid=eeb643f1f4b3c5cc4a34e43f4c7f88c6#>
audit:unknown127.0.0.1127.0.0.1supplied credentials: [userid+password]
AUTHENTICATION_FAILEDCAS2015-04-23 10:27:23.505audit:unknown127.0.0.1
127.0.0.11 errors, 0 successesTICKET_GRANTING_TICKET_NOT_CREATEDCAS2015-04-23
10:27:23.505
while the throttling query in
InspektrThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter.execeedsThreshold()
method is passing username "[username: userid]", which doesn't match the
username stored in the database, so it's not able to throttle the login.
I would like to know if there is anything I might miss in the
configuration. Thanks.
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
