Commit af7b9780 authored by Thomas Matthews's avatar Thomas Matthews

configurable number of bad logins

parent 8ef47a16
Pipeline #6467 failed with stage
in 22 minutes and 41 seconds
......@@ -57,6 +57,9 @@ public class IridaApiSecurityConfig extends GlobalMethodSecurityConfiguration {
@Value("${security.password.expiry}")
private int passwordExpiryInDays = -1;
@Value("${security.failed.logins}")
private int maxBadLogins = 5;
/**
* Loads all of the {@link BasePermission} sub-classes found in the security
* package during component scan. {@link BasePermission} classes are used in
......@@ -69,6 +72,9 @@ public class IridaApiSecurityConfig extends GlobalMethodSecurityConfiguration {
@Autowired
private UserRepository userRepository;
@Autowired
PasswordEncoder passwordEncoder;
@Autowired
private LoginLimitingAuthenticationProvider loginLimitingAuthenticationProvider;
......@@ -104,9 +110,10 @@ public class IridaApiSecurityConfig extends GlobalMethodSecurityConfiguration {
@Bean
public AuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider authenticationProvider = loginLimitingAuthenticationProvider;
loginLimitingAuthenticationProvider.setMaxBadLogins(maxBadLogins);
/*
Expire a user's password after the given number of days and force them to change it.
*/
......
......@@ -16,7 +16,7 @@ import org.springframework.stereotype.Component;
@Component
public class LoginLimitingAuthenticationProvider extends DaoAuthenticationProvider {
private int maxBadLogins = 5;
private int maxBadLogins = -1;
private UserRepository userRepository;
@Autowired
......@@ -27,6 +27,10 @@ public class LoginLimitingAuthenticationProvider extends DaoAuthenticationProvid
this.userRepository = userRepository;
}
public void setMaxBadLogins(int maxBadLogins){
this.maxBadLogins = maxBadLogins;
}
/**
* Authentication method which locks out the user after consecutive failed attempts
* {@inheritDoc}
......@@ -43,13 +47,15 @@ public class LoginLimitingAuthenticationProvider extends DaoAuthenticationProvid
//if a BadCredentialsException is thrown, increment the number of failed logins
user = userRepository.loadUserByUsername(authentication.getName());
user = userRepository.incrementFailedLogins(user);
if (user != null) {
user = userRepository.incrementFailedLogins(user);
//if the count is above the max allowed, lock the user
if (user.getFailedLogins() > maxBadLogins) {
userRepository.lockUser(user);
//if the count is above the max allowed, lock the user
if (user.getFailedLogins() > maxBadLogins) {
userRepository.lockUser(user);
logger.debug("User login failed");
logger.debug("User login failed");
}
}
// re-throw the exception
......
......@@ -36,4 +36,5 @@ galaxy.execution.email=irida@localhost
galaxy.execution.dataStorage=local
galaxy.execution.workflow.phylogenomics.id=xxxx
security.password.expiry=-1
\ No newline at end of file
security.password.expiry=-1
security.failed.logins=5
\ No newline at end of file
......@@ -33,4 +33,5 @@ galaxy.execution.email=irida@localhost
galaxy.execution.dataStorage=local
galaxy.execution.workflow.phylogenomics.id=xxxx
security.password.expiry=-1
\ No newline at end of file
security.password.expiry=-1
security.failed.logins=5
\ No newline at end of file
......@@ -22,4 +22,5 @@ jdbc.pool.logAbandoned=true
jdbc.pool.removeAbandonedTimeout=60
jdbc.pool.maxIdle=10
security.password.expiry=-1
\ No newline at end of file
security.password.expiry=-1
security.failed.logins=5
\ No newline at end of file
......@@ -2,4 +2,5 @@ hibernate.dialect=org.hibernate.dialect.HSQLDialect
hibernate.hbm2ddl.auto=create
hibernate.hbm2ddl.import_files=/ca/corefacility/bioinformatics/irida/sql/oauth-token.sql
security.password.expiry=-1
\ No newline at end of file
security.password.expiry=-1
security.failed.logins=5
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment