Interface AuthenticationFailureStrategy
-
@Unstable @Role public interface AuthenticationFailureStrategy
Describes a strategy to perform in case the limit of authentication failures is reached. SeeAuthenticationConfiguration
for a definition of this limit. Note that this strategy might be called even for users before reaching the authentication limit, this is done in order to prevent the following scenario:- an attacker tries to login x times with a login
- a CAPTCHA is displayed in form to mitigate the attack
- the attacker tries to perform the attack on a different login
- Since:
- 13.1RC1
- Version:
- $Id: a23e7d0b62708b504a31794221104c21be944eaa $
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description String
getErrorMessage(String username)
String
getForm(String username)
void
notify(String username)
Notify the strategy about an authentication failure limit reached.boolean
validateForm(String username, javax.servlet.http.HttpServletRequest request)
-
-
-
Method Detail
-
getErrorMessage
String getErrorMessage(String username)
- Parameters:
username
- the username used for the authentication failure.- Returns:
- an error message to be displayed in the login form.
-
getForm
String getForm(String username)
- Parameters:
username
- the username used for the authentication failure.- Returns:
- some additional form field to be processed for validating the authentication.
-
validateForm
boolean validateForm(String username, javax.servlet.http.HttpServletRequest request)
- Parameters:
username
- the username used for the authentication failure.request
- the authentication request.- Returns:
- true if the authentication request can be validated, i.e. if the user should be authorized to login.
-
notify
void notify(String username)
Notify the strategy about an authentication failure limit reached. This method should be used to perform operation that does not need login form interaction.- Parameters:
username
- the username used for the authentication failure.
-
-