This is an automated email from the ASF dual-hosted git repository.
massx1 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/master by this push:
new 9cedcd0c7f [SYNCOPE-1971] - Fix authentication throttle with JCache
providers on Payara
9cedcd0c7f is described below
commit 9cedcd0c7f5e55c5d5e6761d4adebf5e4630a97a
Author: Massimiliano Perrone <[email protected]>
AuthorDate: Wed Jun 10 16:53:00 2026 +0200
[SYNCOPE-1971] - Fix authentication throttle with JCache providers on Payara
---
.../security/AuthenticationAttemptThrottler.java | 23 ++++++++++++----------
1 file changed, 13 insertions(+), 10 deletions(-)
diff --git
a/core/spring/src/main/java/org/apache/syncope/core/spring/security/AuthenticationAttemptThrottler.java
b/core/spring/src/main/java/org/apache/syncope/core/spring/security/AuthenticationAttemptThrottler.java
index 6527950643..65f4d7c086 100644
---
a/core/spring/src/main/java/org/apache/syncope/core/spring/security/AuthenticationAttemptThrottler.java
+++
b/core/spring/src/main/java/org/apache/syncope/core/spring/security/AuthenticationAttemptThrottler.java
@@ -93,14 +93,14 @@ public class AuthenticationAttemptThrottler {
String key = key(domain, username);
long now = clock.getAsLong();
- RateLimitAuthenticationException blocked = attempts.invoke(key,
(entry, args) -> {
+ Long retryAfter = attempts.invoke(key, (entry, args) -> {
if (!entry.exists()) {
return null;
}
Attempts state = entry.getValue();
if (state.blockedUntil() > now) {
- return blocked(state.blockedUntil(), now);
+ return retryAfterSeconds(state.blockedUntil(), now);
}
Deque<Long> failures = prune(state.failures(), now);
@@ -111,8 +111,8 @@ public class AuthenticationAttemptThrottler {
}
return null;
});
- if (blocked != null) {
- throw blocked;
+ if (retryAfter != null) {
+ throw blocked(retryAfter);
}
}
@@ -133,7 +133,7 @@ public class AuthenticationAttemptThrottler {
}
long now = clock.getAsLong();
- RateLimitAuthenticationException blocked = attempts.invoke(key(domain,
username), (entry, args) -> {
+ Long retryAfter = attempts.invoke(key(domain, username), (entry, args)
-> {
Attempts state = entry.exists()
? entry.getValue()
: new Attempts();
@@ -143,14 +143,14 @@ public class AuthenticationAttemptThrottler {
if (failures.size() >= throttle.getMaxAttempts()) {
long blockedUntil = now +
TimeUnit.SECONDS.toMillis(throttle.getLockSeconds());
entry.setValue(new Attempts(failures, blockedUntil));
- return blocked(blockedUntil, now);
+ return retryAfterSeconds(blockedUntil, now);
}
entry.setValue(new Attempts(failures, state.blockedUntil()));
return null;
});
- if (blocked != null) {
- throw blocked;
+ if (retryAfter != null) {
+ throw blocked(retryAfter);
}
}
@@ -163,8 +163,11 @@ public class AuthenticationAttemptThrottler {
return failures;
}
- protected static RateLimitAuthenticationException blocked(final long
blockedUntil, final long now) {
- long retryAfter = Math.max(1,
TimeUnit.MILLISECONDS.toSeconds(blockedUntil - now));
+ protected static long retryAfterSeconds(final long blockedUntil, final
long now) {
+ return Math.max(1, TimeUnit.MILLISECONDS.toSeconds(blockedUntil -
now));
+ }
+
+ protected static RateLimitAuthenticationException blocked(final long
retryAfter) {
return new RateLimitAuthenticationException("Too many authentication
failures", retryAfter);
}
}