Fwd: Throttling Login Attempts

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Fwd: Throttling Login Attempts

Delusional Insanity
Hello there,

I have set up the throttling (in-memory) for the JaSig CAS and I have a question about the number of login attempts within a given interval.

What I actually want, is to allow 3 login attempts per interval of 30 minutes.

=========== USE CASES =========== 

Desired result (case 1)
----------------------------------
Time: 11:00:00
Info: User "AA" tries to log in from IP "4.4.4.4" using incorrect password.
Result: "Incorrect credentials" message.

Time: 11:00:20
Info: User "AA" tries to log in from IP "4.4.4.4" using incorrect password.
Result: "Incorrect credentials" message.

Time: 11:00:42
Info: User "AA" tries to log in from IP "4.4.4.4" using incorrect password.
Result: "Incorrect credentials" message.

Time: 11:01:09
Info: User "AA" tries to log in from IP "4.4.4.4" using incorrect password.
Result: "Access denied" message.

Desired result (case 2)
----------------------------------
Time: 13:00:00
Info: User "AA" tries to log in from IP "4.4.4.4" using incorrect password.
Result: "Incorrect credentials" message.

Time: 13:00:20
Info: User "AA" tries to log in from IP "4.4.4.4" using incorrect password.
Result: "Incorrect credentials" message.

Time: 13:00:42
Info: User "AA" tries to log in from IP "4.4.4.4" using correct password.
Result: User logged in.

=========== END USE CASES =========== 

Contents of my "throttleInterceptorTrigger.xml" file 
---------------------------------------------------------------------------

<?xml version="1.0" encoding="UTF-8"?>

<bean id="throttleInterceptor" class="org.jasig.cas.web.support.InMemoryThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter" 
   p:failureRangeInSeconds="1800"
   p:failureThreshold="3"/>

<bean id="throttleInterceptorJobDetail" class="org.springframework.scheduling.quartz.MethodInvokingJobDetailFactoryBean"
   p:targetObject-ref="throttleInterceptor"
   p:targetMethod="decrementCounts" />

<bean id="periodicThrottleCleanerTrigger" class="org.springframework.scheduling.quartz.SimpleTriggerBean"
   p:jobDetail-ref="throttleInterceptorJobDetail"
   p:startDelay="0"
   p:repeatInterval="10" />
</beans>

---------------------------------------------------------------------------

Help is greatly appreciated!

Best regards,


-- 
You are currently subscribed to [hidden email] as: [hidden email] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/jasig-discuss

 

Reply | Threaded
Open this post in threaded view
|

Re: Fwd: Throttling Login Attempts

Jim Helwig-2
I recommend you post this question to CAS Community Discussion list ([hidden email]). See http://www.jasig.org/cas/mailing-lists for information on how to subscribe.

JimH

on 12/4/2013 9:46 AM Delusional Insanity said the following:

> Hello there,
>
> I have set up the throttling (in-memory) for the JaSig CAS and I have a question about the number of login attempts within a given interval.
>
> What I actually want, is to allow 3 login attempts per interval of 30 minutes.
>
> =========== USE CASES ===========
>
> Desired result (case 1)
> ----------------------------------
> Time: 11:00:00
> Info: User "AA" tries to log in from IP "4.4.4.4" using incorrect password.
> Result: "Incorrect credentials" message.
>
> Time: 11:00:20
> Info: User "AA" tries to log in from IP "4.4.4.4" using incorrect password.
> Result: "Incorrect credentials" message.
>
> Time: 11:00:42
> Info: User "AA" tries to log in from IP "4.4.4.4" using incorrect password.
> Result: "Incorrect credentials" message.
>
> Time: 11:01:09
> Info: User "AA" tries to log in from IP "4.4.4.4" using incorrect password.
> Result: "Access denied" message.
>
> Desired result (case 2)
> ----------------------------------
> Time: 13:00:00
> Info: User "AA" tries to log in from IP "4.4.4.4" using incorrect password.
> Result: "Incorrect credentials" message.
>
> Time: 13:00:20
> Info: User "AA" tries to log in from IP "4.4.4.4" using incorrect password.
> Result: "Incorrect credentials" message.
>
> Time: 13:00:42
> Info: User "AA" tries to log in from IP "4.4.4.4" using correct password.
> Result: User logged in.
>
> =========== END USE CASES ===========
>
> Contents of my "throttleInterceptorTrigger.xml" file
> ---------------------------------------------------------------------------
>
> <?xml version="1.0" encoding="UTF-8"?>
> <beans xmlns="http://www.springframework.org/schema/beans"
>         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>         xmlns:p="http://www.springframework.org/schema/p"
>         xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
>
> <bean id="throttleInterceptor" class="org.jasig.cas.web.support.InMemoryThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter"
>     p:failureRangeInSeconds="1800"
>     p:failureThreshold="3"/>
>
> <bean id="throttleInterceptorJobDetail" class="org.springframework.scheduling.quartz.MethodInvokingJobDetailFactoryBean"
>     p:targetObject-ref="throttleInterceptor"
>     p:targetMethod="decrementCounts" />
>
> <bean id="periodicThrottleCleanerTrigger" class="org.springframework.scheduling.quartz.SimpleTriggerBean"
>     p:jobDetail-ref="throttleInterceptorJobDetail"
>     p:startDelay="0"
>     p:repeatInterval="10" />
> </beans>
>
> ---------------------------------------------------------------------------
>
> Help is greatly appreciated!
>
> Best regards,
>
>
> --
>
> You are currently subscribed to [hidden email] as: [hidden email] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/jasig-discuss
>
>
>
>

--
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/jasig-discuss