Code Monkey home page Code Monkey logo

learn-sample-auth-filter's Introduction

Authentication Filter B2

This is a sample Building Block which demonstrates how to filter authentication requests using the UsernamePasswordPreValidationCheck and UsernamePasswordPostValidationCheck extension points.

Features

  • If the same username is seen with the wrong password three times within a one minute interval, we'll lock their account for 60 seconds.
  • Lockout will occur whether or not the username actually represents an account on the server, preventing attackers from using this lockout information to determine if an account exists.

Basic design

  • BeforeLogin extension is triggered before the username/password combination is validated. If the same username has been seen too many times recently, validation is aborted.
  • AfterLogin extension is triggered after the user has successfully logged in. We then clear the previous login counts, allowing users to log in and out as many times as they want as long as their password is valid.

Shortcuts taken to keep this example simple

  • Login counts are held in memory rather than persisting. Among other things, this means that login counts are not replicated between application servers.
  • Parameters are not configurable by the administrator.
  • Text is not localized.

Limitations in the current solution

  • If the username typed into the login box does not match the User.getUserName() value, AfterLogin will be unable to clear previous login counts. Users logging in and out multiple times within one minute will end up locking their account.

learn-sample-auth-filter's People

Contributors

varju avatar

Stargazers

avatar Chris Bray avatar

Watchers

James Cloos avatar dan2bit avatar Zack Feldstein avatar Bruno Gobbi avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.