Class AuthenticationThrottleManager


  • public final class AuthenticationThrottleManager
    extends Throttler
    This singleton manages authentication throttling.
    Since:
    jcms-10.0.7 / JCMS-8083
    • Field Detail

      • ENABLED_PROP

        public static final java.lang.String ENABLED_PROP
        Enable throttling or not ?
        See Also:
        Constant Field Values
      • RANGE_PROP

        public static final java.lang.String RANGE_PROP
        Time range in seconds during which the threshold is verified.
        See Also:
        Constant Field Values
      • THRESHOLD_PROP

        public static final java.lang.String THRESHOLD_PROP
        Number of failed login attempts permitted in specified time range.
        See Also:
        Constant Field Values
      • THROTTLING_DURATION_PROP

        public static final java.lang.String THROTTLING_DURATION_PROP
        Number of seconds before the blocked/throttled can be released.
        See Also:
        Constant Field Values
    • Method Detail

      • recordAuthenticationFailure

        public void recordAuthenticationFailure​(java.lang.String userId,
                                                AuthenticationContext ctxt,
                                                java.lang.Class<? extends AuthenticationHandler> authHdlrClass)
        Record a failed authentication attempt.

        Records of failed authentication must be performed to ensure throttling of brute force authentication atttempt for same context (user/ip).

        Parameters:
        userId - a unique and constant identifier used to track the User/Member for which authentication failed
        ctxt - the AuthenticationContext associated to the authentication attempt
        authHdlrClass - the class of AuthenticationHandler trying to handle the authentication attempt
        Since:
        jcms-10.0.7 / JCMS-8083
      • throttleIfNeeded

        public boolean throttleIfNeeded​(java.lang.String userId,
                                        AuthenticationContext ctxt,
                                        java.lang.Class<? extends AuthenticationHandler> authHdlrClass)
        Throttle an authentication attempt given specified context.
        Parameters:
        userId - a unique and constant identifier used to track the User/Member for which authentication is being attempted
        ctxt - the AuthenticationContext associated to the authentication attempt
        authHdlrClass - the class of AuthenticationHandler trying to handle the authentication attempt
        Returns:
        true if thottling occurred, false otherwise
        Since:
        jcms-10.0.7 / JCMS-8083