We are using the Apache Camel CXF component (Camel 2.10.x and CXF 2.6.x) to
expose web services to our customers. We are securing these services by
using HTTPS and WS-Security (user name and password token). Everything
works good so far.
After an external audit, we got the new requirement to monitor the
authentication failed attempts per user and block the user, if the
authentication failed counter reached a (configurable) limit.
1) Do we have such a functionality in a "special" WSS4JInInterceptor?
2) If not, which solution would you recommend?
a) Extending the WSS4JInInterceptor - isn't as easy as it may should to
fulfill my needs.
b) Writing our own interceptors. An in-interceptor to check whether
user is already blocked and to store the user name in a thread local. An
out-interceptor to increase the failed counter (if the authentication
failed) our to reset the failed counter (if the authentication was
successful).
c) Somehow different?
[1] http://cxf.apache.org/docs/ws-security.html
Thanks in advance,
Christian
-----------------
Software Integration Specialist
Apache Camel committer: https://camel.apache.org/team
V.P. Apache Camel: https://www.apache.org/foundation/
Apache Member: https://www.apache.org/foundation/members.html
https://www.linkedin.com/pub/christian-mueller/11/551/642
