Class StorageBackedAccountLockoutManager

All Implemented Interfaces:
AccountLockoutManager, Component, DestructableComponent, IdentifiableComponent, IdentifiedComponent, InitializableComponent

public class StorageBackedAccountLockoutManager
extends AbstractIdentifiableInitializableComponent
implements AccountLockoutManager
Implementation of AccountLockoutManager interface that relies on a StorageService to track lockout state.
  • Field Details

    • log

      @Nonnull private org.slf4j.Logger log
      Class logger.
    • storageService

      @NonnullAfterInit private StorageService storageService
      Backing service.
    • lockoutKeyStrategy

      @Nullable private Function<ProfileRequestContext,​String> lockoutKeyStrategy
      Lookup function to produce account lockout keys.
    • maxAttemptsLookupStrategy

      @Nonnull private Function<ProfileRequestContext,​Integer> maxAttemptsLookupStrategy
      Lookup function for maximum failed attempts within window.
    • counterIntervalLookupStrategy

      @Nonnull private Function<ProfileRequestContext,​Duration> counterIntervalLookupStrategy
      Lookup function for interval after which counter is reset.
    • lockoutDurationLookupStrategy

      @Nonnull private Function<ProfileRequestContext,​Duration> lockoutDurationLookupStrategy
      Lookup function for duration of lockout.
    • extendLockoutDuration

      private boolean extendLockoutDuration
      Controls whether attempts against locked accounts extend duration.
  • Constructor Details

    • StorageBackedAccountLockoutManager

      public StorageBackedAccountLockoutManager()
      Constructor.
  • Method Details

    • setStorageService

      public void setStorageService​(@Nonnull StorageService storage)
      Set the StorageService back-end to use.
      Parameters:
      storage - the back-end to use
    • setLockoutKeyStrategy

      public void setLockoutKeyStrategy​(@Nonnull Function<ProfileRequestContext,​String> strategy)
      Set the strategy function to compute the account lockout key.

      Defaults to a concatenation of the username and client address.

      Parameters:
      strategy - strategy function
    • setMaxAttempts

      public void setMaxAttempts​(@Positive int attempts)
      Set the maximum failed attempts within window.

      Defaults to 5.

      Parameters:
      attempts - maximum failed attempts
    • setMaxAttemptsLookupStrategy

      public void setMaxAttemptsLookupStrategy​(@Nonnull Function<ProfileRequestContext,​Integer> strategy)
      Set lookup function for maximum failed attempts within window.

      The function MUST return a positive value.

      Parameters:
      strategy - lookup function
    • setCounterInterval

      public void setCounterInterval​(@Nonnull Duration window)
      Set interval after which counter is reset.

      Defaults to 5 minutes.

      Parameters:
      window - counter window
    • setCounterIntervalLookupStrategy

      public void setCounterIntervalLookupStrategy​(@Nonnull Function<ProfileRequestContext,​Duration> strategy)
      Set lookup function for interval after which counter is reset.

      The function MUST return a positive value.

      Parameters:
      strategy - lookup function
    • setLockoutDuration

      public void setLockoutDuration​(@Nonnull Duration duration)
      Set lockout duration.

      Defaults to 5 minutes.

      Parameters:
      duration - lockout duration
    • setLockoutDurationLookupStrategy

      public void setLockoutDurationLookupStrategy​(@Nonnull Function<ProfileRequestContext,​Duration> strategy)
      Set lookup function for lockout duration.

      The function MUST return a positive value. Use a large value for permanent lockout.

      Parameters:
      strategy - lookup function
    • setExtendLockoutDuration

      public void setExtendLockoutDuration​(boolean flag)
      Set whether to extend the lockout duration on attempts during lockout.
      Parameters:
      flag - flag to set
    • doInitialize

      protected void doInitialize() throws ComponentInitializationException
      Overrides:
      doInitialize in class AbstractIdentifiedInitializableComponent
      Throws:
      ComponentInitializationException
    • check

      public boolean check​(@Nonnull ProfileRequestContext profileRequestContext)
      Check if the authentication credentials associated with the request are subject to lockout.
      Specified by:
      check in interface AccountLockoutManager
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      true iff the credentials correspond to a locked account
    • increment

      public boolean increment​(@Nonnull ProfileRequestContext profileRequestContext)
      Increment the lockout counter for the authentication credentials associated with the request.
      Specified by:
      increment in interface AccountLockoutManager
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      true iff the counter was incremented
    • clear

      public boolean clear​(@Nonnull ProfileRequestContext profileRequestContext)
      Clear the lockout state for the authentication credentials associated with the request.
      Specified by:
      clear in interface AccountLockoutManager
      Parameters:
      profileRequestContext - current profile request context
      Returns:
      true iff the state was successfully cleared
    • doIncrement

      protected boolean doIncrement​(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull @NotEmpty String key, int retries)
      Implement invalid login attempt counter via storage service, retrying as necessary.
      Parameters:
      profileRequestContext - current profile request context
      key - account lockout key
      retries - number of additional retries to allow
      Returns:
      true iff successful