org.apache.jetspeed.security.spi.impl
Class MaxPasswordAuthenticationFailuresInterceptor

java.lang.Object
  org.apache.jetspeed.security.spi.impl.AbstractInternalPasswordCredentialInterceptorImpl
      org.apache.jetspeed.security.spi.impl.MaxPasswordAuthenticationFailuresInterceptor

All Implemented Interfaces:

org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor

public class MaxPasswordAuthenticationFailuresInterceptor
extends AbstractInternalPasswordCredentialInterceptorImpl

Enforces a maximum number of times a user may provide an invalid password. Once the maximum number of invalid authentications is reached, the credential is disabled.

Note: the current count is not reset on valid authentication by this interceptor. This is done by the DefaultCredentialHandler which invokes the interceptor(s) after authentication and no interceptor afterAuthenicated method returns true.

But, this interceptor does (re)sets the count on creation and on change of the password.

Version:

$Id$

Author:

Ate Douma

Field Summary

private int

maxNumberOfAuthenticationFailures

Constructor Summary

MaxPasswordAuthenticationFailuresInterceptor(int maxNumberOfAuthenticationFailures)
Configure the maximum number of invalid authentications allowed in a row.

Method Summary

boolean	afterAuthenticated(org.apache.jetspeed.security.om.InternalUserPrincipal internalUser, String userName, org.apache.jetspeed.security.om.InternalCredential credential, boolean authenticated) Checks the current count of authentication failures when the credential is not expired and authentication failed.
void	beforeCreate(org.apache.jetspeed.security.om.InternalUserPrincipal internalUser, Collection credentials, String userName, org.apache.jetspeed.security.om.InternalCredential credential, String password) Sets the count of invalid authentications to zero (0).
void	beforeSetPassword(org.apache.jetspeed.security.om.InternalUserPrincipal internalUser, Collection credentials, String userName, org.apache.jetspeed.security.om.InternalCredential credential, String password, boolean authenticated) Resets the count of invalid authentications to zero (0).

Methods inherited from class org.apache.jetspeed.security.spi.impl.AbstractInternalPasswordCredentialInterceptorImpl

afterLoad

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

maxNumberOfAuthenticationFailures

private int maxNumberOfAuthenticationFailures

Constructor Detail

MaxPasswordAuthenticationFailuresInterceptor

public MaxPasswordAuthenticationFailuresInterceptor(int maxNumberOfAuthenticationFailures)

Configure the maximum number of invalid authentications allowed in a row.

A value of zero (0) disables the check

Method Detail

afterAuthenticated

public boolean afterAuthenticated(org.apache.jetspeed.security.om.InternalUserPrincipal internalUser,
                                  String userName,
                                  org.apache.jetspeed.security.om.InternalCredential credential,
                                  boolean authenticated)
                           throws org.apache.jetspeed.security.SecurityException

Checks the current count of authentication failures when the credential is not expired and authentication failed.

Specified by:

afterAuthenticated in interface org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor

Overrides:

afterAuthenticated in class AbstractInternalPasswordCredentialInterceptorImpl

Returns:

true if the maximum number of invalid authentications is reached and the credential is disabled.

Throws:

org.apache.jetspeed.security.SecurityException

See Also:

InternalPasswordCredentialInterceptor.afterAuthenticated(org.apache.jetspeed.security.om.InternalUserPrincipal, java.lang.String, org.apache.jetspeed.security.om.InternalCredential, boolean)

beforeCreate

public void beforeCreate(org.apache.jetspeed.security.om.InternalUserPrincipal internalUser,
                         Collection credentials,
                         String userName,
                         org.apache.jetspeed.security.om.InternalCredential credential,
                         String password)
                  throws org.apache.jetspeed.security.SecurityException

Sets the count of invalid authentications to zero (0).

Specified by:

beforeCreate in interface org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor

Overrides:

beforeCreate in class AbstractInternalPasswordCredentialInterceptorImpl

Throws:

org.apache.jetspeed.security.SecurityException

See Also:

InternalPasswordCredentialInterceptor.beforeCreate(org.apache.jetspeed.security.om.InternalUserPrincipal, java.util.Collection, java.lang.String, InternalCredential, java.lang.String)

beforeSetPassword

public void beforeSetPassword(org.apache.jetspeed.security.om.InternalUserPrincipal internalUser,
                              Collection credentials,
                              String userName,
                              org.apache.jetspeed.security.om.InternalCredential credential,
                              String password,
                              boolean authenticated)
                       throws org.apache.jetspeed.security.SecurityException

Resets the count of invalid authentications to zero (0).

Specified by:

beforeSetPassword in interface org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor

Overrides:

beforeSetPassword in class AbstractInternalPasswordCredentialInterceptorImpl

Throws:

org.apache.jetspeed.security.SecurityException

See Also:

InternalPasswordCredentialInterceptor.beforeSetPassword(org.apache.jetspeed.security.om.InternalUserPrincipal, java.util.Collection, java.lang.String, org.apache.jetspeed.security.om.InternalCredential, java.lang.String, boolean)