This is an automated email from the ASF dual-hosted git repository.

massx1 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git


The following commit(s) were added to refs/heads/master by this push:
     new 9cedcd0c7f [SYNCOPE-1971] - Fix authentication throttle with JCache 
providers on Payara
9cedcd0c7f is described below

commit 9cedcd0c7f5e55c5d5e6761d4adebf5e4630a97a
Author: Massimiliano Perrone <[email protected]>
AuthorDate: Wed Jun 10 16:53:00 2026 +0200

    [SYNCOPE-1971] - Fix authentication throttle with JCache providers on Payara
---
 .../security/AuthenticationAttemptThrottler.java   | 23 ++++++++++++----------
 1 file changed, 13 insertions(+), 10 deletions(-)

diff --git 
a/core/spring/src/main/java/org/apache/syncope/core/spring/security/AuthenticationAttemptThrottler.java
 
b/core/spring/src/main/java/org/apache/syncope/core/spring/security/AuthenticationAttemptThrottler.java
index 6527950643..65f4d7c086 100644
--- 
a/core/spring/src/main/java/org/apache/syncope/core/spring/security/AuthenticationAttemptThrottler.java
+++ 
b/core/spring/src/main/java/org/apache/syncope/core/spring/security/AuthenticationAttemptThrottler.java
@@ -93,14 +93,14 @@ public class AuthenticationAttemptThrottler {
 
         String key = key(domain, username);
         long now = clock.getAsLong();
-        RateLimitAuthenticationException blocked = attempts.invoke(key, 
(entry, args) -> {
+        Long retryAfter = attempts.invoke(key, (entry, args) -> {
             if (!entry.exists()) {
                 return null;
             }
 
             Attempts state = entry.getValue();
             if (state.blockedUntil() > now) {
-                return blocked(state.blockedUntil(), now);
+                return retryAfterSeconds(state.blockedUntil(), now);
             }
 
             Deque<Long> failures = prune(state.failures(), now);
@@ -111,8 +111,8 @@ public class AuthenticationAttemptThrottler {
             }
             return null;
         });
-        if (blocked != null) {
-            throw blocked;
+        if (retryAfter != null) {
+            throw blocked(retryAfter);
         }
     }
 
@@ -133,7 +133,7 @@ public class AuthenticationAttemptThrottler {
         }
 
         long now = clock.getAsLong();
-        RateLimitAuthenticationException blocked = attempts.invoke(key(domain, 
username), (entry, args) -> {
+        Long retryAfter = attempts.invoke(key(domain, username), (entry, args) 
-> {
             Attempts state = entry.exists()
                     ? entry.getValue()
                     : new Attempts();
@@ -143,14 +143,14 @@ public class AuthenticationAttemptThrottler {
             if (failures.size() >= throttle.getMaxAttempts()) {
                 long blockedUntil = now + 
TimeUnit.SECONDS.toMillis(throttle.getLockSeconds());
                 entry.setValue(new Attempts(failures, blockedUntil));
-                return blocked(blockedUntil, now);
+                return retryAfterSeconds(blockedUntil, now);
             }
 
             entry.setValue(new Attempts(failures, state.blockedUntil()));
             return null;
         });
-        if (blocked != null) {
-            throw blocked;
+        if (retryAfter != null) {
+            throw blocked(retryAfter);
         }
     }
 
@@ -163,8 +163,11 @@ public class AuthenticationAttemptThrottler {
         return failures;
     }
 
-    protected static RateLimitAuthenticationException blocked(final long 
blockedUntil, final long now) {
-        long retryAfter = Math.max(1, 
TimeUnit.MILLISECONDS.toSeconds(blockedUntil - now));
+    protected static long retryAfterSeconds(final long blockedUntil, final 
long now) {
+        return Math.max(1, TimeUnit.MILLISECONDS.toSeconds(blockedUntil - 
now));
+    }
+
+    protected static RateLimitAuthenticationException blocked(final long 
retryAfter) {
         return new RateLimitAuthenticationException("Too many authentication 
failures", retryAfter);
     }
 }

Reply via email to