[
https://issues.apache.org/jira/browse/COCOON3-89?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ajay Deshwal updated COCOON3-89:
--------------------------------
Attachment: COCOON3-89.patch
The attached patch enables AbstractShiroLogin to record invalid login attempts
in same session and flag it in error response map by setting value of key
'loginAttemptExceeded' to boolean true. On the basis of this flag, application
developer can do things like display separate error page or adapt other
security mechanisms like captcha etc. Maximun number of allowed wrong attempts
can be configured by overriding getAllowedWrongAttempts() method and returning
allowed attempts in extending class.
The patch also adds a method validatePreLogin() in AbstractShiroLogin which is
invoked before initiating login. If this method returns a non-empty map, then
login is skipped and map data is added to UrlResponse. It can be overridden in
extending classes to perform validations before login like captcha etc.
> Add feature to limit invalid login attempts
> -------------------------------------------
>
> Key: COCOON3-89
> URL: https://issues.apache.org/jira/browse/COCOON3-89
> Project: Cocoon 3
> Issue Type: Improvement
> Components: cocoon-shiro
> Affects Versions: 3.0.0-beta-1
> Reporter: Ajay Deshwal
> Attachments: COCOON3-89.patch
>
>
> cocoon-shiro module should provide:
> 1) Feature to record invalid login attempts count. On exceeding the
> predefined maximum allowed attempts, its should flag the state that maximum
> login attempts exceeded.
> 2) A method in AbstractShiroLogin class to validate some data, which
> extending classes can implement and will be invoked prior to initiating
> actual login, like captcha etc.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
