org.jasig.cas.web.support
Class InspektrThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter

java.lang.Object
  org.springframework.web.servlet.handler.HandlerInterceptorAdapter
      org.jasig.cas.web.support.AbstractThrottledSubmissionHandlerInterceptorAdapter
          org.jasig.cas.web.support.InspektrThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter

All Implemented Interfaces:

org.springframework.beans.factory.InitializingBean, org.springframework.web.servlet.HandlerInterceptor

public class InspektrThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter
extends AbstractThrottledSubmissionHandlerInterceptorAdapter

Works in conjunction with the Inspektr Library to block attempts to dictionary attack users.

Defines a new Inspektr Action "THROTTLED_LOGIN_ATTEMPT" which keeps track of failed login attempts that don't result in AUTHENTICATION_FAILED methods

This relies on the default Inspektr table layout and username construction. The username construction can be overriden in a subclass.

Since:

3.3.5

Version:

$Revision$ $Date$

Author:

Scott Battaglia

Field Summary

Fields inherited from class org.jasig.cas.web.support.AbstractThrottledSubmissionHandlerInterceptorAdapter

log

Constructor Summary

InspektrThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter(com.github.inspektr.audit.AuditTrailManager auditTrailManager, DataSource dataSource)

Method Summary

protected String	constructUsername(javax.servlet.http.HttpServletRequest request, String usernameParameter)
protected boolean	exceedsThreshold(javax.servlet.http.HttpServletRequest request)
protected void	recordSubmissionFailure(javax.servlet.http.HttpServletRequest request)
protected void	recordThrottle(javax.servlet.http.HttpServletRequest request)
void	setApplicationCode(String applicationCode)
void	setAuthenticationFailureCode(String authenticationFailureCode)

Methods inherited from class org.jasig.cas.web.support.AbstractThrottledSubmissionHandlerInterceptorAdapter

afterPropertiesSet, getFailureRangeInSeconds, getFailureThreshold, getThresholdRate, getUsernameParameter, postHandle, preHandle, setFailureRangeInSeconds, setFailureThreshold, setUsernameParameter

Methods inherited from class org.springframework.web.servlet.handler.HandlerInterceptorAdapter

afterCompletion

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

InspektrThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter

public InspektrThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter(com.github.inspektr.audit.AuditTrailManager auditTrailManager,
                                                                                  DataSource dataSource)

Method Detail

exceedsThreshold

protected boolean exceedsThreshold(javax.servlet.http.HttpServletRequest request)

Specified by:

exceedsThreshold in class AbstractThrottledSubmissionHandlerInterceptorAdapter

recordSubmissionFailure

protected void recordSubmissionFailure(javax.servlet.http.HttpServletRequest request)

Specified by:

recordSubmissionFailure in class AbstractThrottledSubmissionHandlerInterceptorAdapter

recordThrottle

protected void recordThrottle(javax.servlet.http.HttpServletRequest request)

Overrides:

recordThrottle in class AbstractThrottledSubmissionHandlerInterceptorAdapter

setApplicationCode

public final void setApplicationCode(String applicationCode)

setAuthenticationFailureCode

public final void setAuthenticationFailureCode(String authenticationFailureCode)

constructUsername

protected String constructUsername(javax.servlet.http.HttpServletRequest request,
                                   String usernameParameter)