hi ana, it seems Scott have answered this question before:
"You'll need to add it to the cas-servlet.xml as an optional handler
to the UrlHandlerMappings. Check the Spring documentation for
explicit instructions.
-Scott"
If you dig into the source and you can see "public final class
ThrottledSubmissionByIpAddressHandlerInterceptorAdapter
extends HandlerInterceptorAdapter implements InitializingBean"
which means it's a HandlerInterceptorAdapter. And after doing some
research on google, you will find how to use it.
Here's a sample config of cas-servlet.xml:
...
<bean id="throttledSubmissionByIpAddressHandlerInterceptorAdapter"
class="org.jasig.cas.web.support.ThrottledSubmissionByIpAddressHandlerIn
terceptorAdapter" />
<bean id="handlerMappingB"
class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
<property
name="mappings">
<props>
<prop
key="/login">loginController</prop>
</props>
</property>
<property
name="interceptors">
<list>
<ref bean="localeChangeInterceptor" />
<ref
bean="throttledSubmissionByIpAddressHandlerInterceptorAdapter" />
</list>
</property>
</bean>
...
you can set the failureThreshhold and failureTimeout for this adapter.
Since your request is: "to lock the user after 3 attempts to login".
I don't think this adapter is what you want. Maybe a better way is to
write a controller by yourself to count the request number, and the
user is identified by session. And then put this controller into the
login-webflow.xml. It needs a basic knowledge of Spring Framework to
do the job.
Thanks,
- Li Wei Nan
Le 2008-3-27 à 下午7:41, ana castro lamas a écrit :
---------- Forwarded message ----------
From: ana castro lamas <[EMAIL PROTECTED]>
Date: 27-mar-2008 12:37
Subject: RE: Is there a way to protect login page against a
frequent submit?
To: [EMAIL PROTECTED]
Hello,
I'd like to lock a user after 3 attempts to login. I don't know how
to do that.
I supose that should be necessary override preAuthenticate and
postAuthenticate methods of
AbstractPreAndPostProcessingAuthenticationHandler.
I've also had a look at
ThrottledSubmissionByIpAddressHandlerInterceptorAdapter that
restrict by Ip.
If I want to use (or modify) this adapter , How would I have to do
this?
Is there any example using
ThrottledSubmissionByIpAddressHandlerInterceptorAdapter ?What files
must been modified?
Thanks
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas