[NEWSENDER] - Re: [NEWSENDER] - Re: Is there a way to protect login page against afrequent submit? - Message is from an unknown sender - Message is from an unknown sender

Li Wei Nan liweinan at chinaedu.net
Thu Mar 27 11:33:42 EDT 2008 

Correct my mistake: no need to write a controller and put it into  
webflow. You can just write a  
"ThrottledSubmissionBySessionIdHandlerInterceptorAdapter"
  :-D
- Li Wei Nan





Le 2008-3-27 à 下午11:07, Li Wei Nan a écrit :

> hi ana, it seems Scott have answered this question before:
>
> "You'll need to add it to the cas-servlet.xml as an optional  
> handler to the UrlHandlerMappings.  Check the Spring documentation  
> for explicit instructions.
>
> -Scott"
>
> If you dig into the source and you can see "public final class  
> ThrottledSubmissionByIpAddressHandlerInterceptorAdapter
>     extends HandlerInterceptorAdapter implements InitializingBean"
>
> which means it's a HandlerInterceptorAdapter. And after doing some  
> research on google, you will find how to use it.
>
> Here's a sample config of cas-servlet.xml:
>
> ...
> <bean id="throttledSubmissionByIpAddressHandlerInterceptorAdapter"  
> class="org.jasig.cas.web.support.ThrottledSubmissionByIpAddressHandler 
> InterceptorAdapter" />
>
> <bean id="handlerMappingB"  
> class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping 
> ">
> 		<property
> 			name="mappings">
> 			<props>
> 				<prop
> 					key="/login">loginController</prop>
> 			</props>
> 		</property>
> 		<property
> 			name="interceptors">
> 			<list>				
> 				<ref bean="localeChangeInterceptor" />
> 				<ref  
> bean="throttledSubmissionByIpAddressHandlerInterceptorAdapter" />
> 			</list>
> 		</property>
> </bean>
> ...
> you can set the failureThreshhold and failureTimeout for this adapter.
>
> Since your request is: "to lock the user after 3 attempts to  
> login". I don't think this adapter is what you want. Maybe a better  
> way is to write a controller by yourself to count the request  
> number, and the user is identified by session. And then put this  
> controller into the login-webflow.xml. It needs a basic knowledge  
> of Spring Framework to do the job.
>
> Thanks,
>
> - Li Wei Nan
>
>
>
>
>
> Le 2008-3-27 à 下午7:41, ana castro lamas a écrit :
>
>>
>>
>> ---------- Forwarded message ----------
>> From: ana castro lamas <ana.castro.lamas at gmail.com>
>> Date: 27-mar-2008 12:37
>> Subject: RE: Is there a way to protect login page against a  
>> frequent submit?
>> To: cas-dev at tp.its.yale.edu
>>
>>
>> Hello,
>>
>> I'd like to lock a user after 3 attempts to login. I don't know  
>> how to do that.
>> I supose that should be necessary override preAuthenticate and  
>> postAuthenticate methods of  
>> AbstractPreAndPostProcessingAuthenticationHandler.
>> I've also had a look at  
>> ThrottledSubmissionByIpAddressHandlerInterceptorAdapter that  
>> restrict by Ip.
>> If I want to use (or modify) this adapter , How would I have to do  
>> this?
>> Is there any example using  
>> ThrottledSubmissionByIpAddressHandlerInterceptorAdapter ?What  
>> files must been modified?
>> Thanks
>>
>>
>>
>> _______________________________________________
>> Yale CAS mailing list
>> cas at tp.its.yale.edu
>> http://tp.its.yale.edu/mailman/listinfo/cas
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20080327/b59cfef5/attachment.html

More information about the cas mailing list