hi ana, it seems Scott have answered this question before:

"You'll need to add it to the cas-servlet.xml as an optional handler to the UrlHandlerMappings. Check the Spring documentation for explicit instructions.

-Scott"

If you dig into the source and you can see "public final class ThrottledSubmissionByIpAddressHandlerInterceptorAdapter
    extends HandlerInterceptorAdapter implements InitializingBean"

which means it's a HandlerInterceptorAdapter. And after doing some research on google, you will find how to use it.

Here's a sample config of cas-servlet.xml:

...
<bean id="throttledSubmissionByIpAddressHandlerInterceptorAdapter" class="org.jasig.cas.web.support.ThrottledSubmissionByIpAddressHandlerIn terceptorAdapter" />

<bean id="handlerMappingB" class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
                <property
                        name="mappings">
                        <props>
                                <prop
                                        key="/login">loginController</prop>
                        </props>
                </property>
                <property
                        name="interceptors">
                        <list>                            
                                <ref bean="localeChangeInterceptor" />
<ref bean="throttledSubmissionByIpAddressHandlerInterceptorAdapter" />
                        </list>
                </property>
</bean>
...
you can set the failureThreshhold and failureTimeout for this adapter.

Since your request is: "to lock the user after 3 attempts to login". I don't think this adapter is what you want. Maybe a better way is to write a controller by yourself to count the request number, and the user is identified by session. And then put this controller into the login-webflow.xml. It needs a basic knowledge of Spring Framework to do the job.

Thanks,

- Li Wei Nan





Le 2008-3-27 à 下午7:41, ana castro lamas a écrit :



---------- Forwarded message ----------
From: ana castro lamas <[EMAIL PROTECTED]>
Date: 27-mar-2008 12:37
Subject: RE: Is there a way to protect login page against a frequent submit?
To: [EMAIL PROTECTED]


Hello,

I'd like to lock a user after 3 attempts to login. I don't know how to do that. I supose that should be necessary override preAuthenticate and postAuthenticate methods of AbstractPreAndPostProcessingAuthenticationHandler. I've also had a look at ThrottledSubmissionByIpAddressHandlerInterceptorAdapter that restrict by Ip. If I want to use (or modify) this adapter , How would I have to do this? Is there any example using ThrottledSubmissionByIpAddressHandlerInterceptorAdapter ?What files must been modified?
Thanks



_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas

_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas

Reply via email to