Overview  Package   Class  Deprecated 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.opencms.db
Class CmsLoginManager

java.lang.Object
  extended by org.opencms.db.CmsLoginManager

public class CmsLoginManager
extends java.lang.Object

Provides functions used to check the validity of a user login.

Stores invalid login attempts and disables a user account temporarily in case the configured threshold of invalid logins is reached.

The invalid login attempt storage operates on a combination of user name, login remote IP address and user type. This means that a user can be disabled for one remote IP, but still be enabled for another remote IP.

Also allows to temporarily disallow logins (for example in case of maintenance work on the system).

Since:
6.0.0
Version:
$Revision: 1.13 $
Author:
Alexander Kandzior

Field Summary
static int DISABLE_MINUTES_DEFAULT
          Default lock time if treshold for bad login attempts is reached.
protected  int m_disableMillis
          The milliseconds to disable an account if the threshold is reached.
protected  int m_disableMinutes
          The minutes to disable an account if the threshold is reached.
protected  int m_maxBadAttempts
          The number of bad login attempts allowed before an account is temporarily disabled.
protected  java.util.Hashtable m_storage
          The storage for the bad login attempts.
static int MAX_BAD_ATTEMPTS_DEFAULT
          Default for bad login attempts.
 
Constructor Summary
CmsLoginManager(int disableMinutes, int maxBadAttempts)
          Creates a new storage for invalid logins.
 
Method Summary
protected  void addInvalidLogin(java.lang.String userName, java.lang.String remoteAddress)
          Adds an invalid attempt to login for the given user / IP to the storage.
 void checkInvalidLogins(java.lang.String userName, java.lang.String remoteAddress)
          Checks if the threshold for the invalid logins has been reached for the given user.
 void checkLoginAllowed()
          Checks if a login is currently allowed.
 int getDisableMinutes()
          Returns the minutes an account gets disabled after too many failed login attempts.
 CmsLoginMessage getLoginMessage()
          Returns the current login message that is displayed if a user logs in.
 int getMaxBadAttempts()
          Returns the number of bad login attempts allowed before an account is temporarily disabled.
 void removeInvalidLogins(java.lang.String userName, java.lang.String remoteAddress)
          Removes all invalid attempts to login for the given user / IP.
 void removeLoginMessage(CmsObject cms)
          Removes the current login message.
 void setLoginMessage(CmsObject cms, CmsLoginMessage message)
          Sets the login message to display if a user logs in.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

DISABLE_MINUTES_DEFAULT

public static final int DISABLE_MINUTES_DEFAULT
Default lock time if treshold for bad login attempts is reached.

See Also:
Constant Field Values

MAX_BAD_ATTEMPTS_DEFAULT

public static final int MAX_BAD_ATTEMPTS_DEFAULT
Default for bad login attempts.

See Also:
Constant Field Values

m_disableMillis

protected int m_disableMillis
The milliseconds to disable an account if the threshold is reached.

m_disableMinutes

protected int m_disableMinutes
The minutes to disable an account if the threshold is reached.

m_maxBadAttempts

protected int m_maxBadAttempts
The number of bad login attempts allowed before an account is temporarily disabled.

m_storage

protected java.util.Hashtable m_storage
The storage for the bad login attempts.

Constructor Detail

CmsLoginManager

public CmsLoginManager(int disableMinutes,
                       int maxBadAttempts)
Creates a new storage for invalid logins.

Parameters:
disableMinutes - the minutes to disable an account if the threshold is reached
maxBadAttempts - the number of bad login attempts allowed before an account is temporarily disabled
Method Detail

checkInvalidLogins

public void checkInvalidLogins(java.lang.String userName,
                               java.lang.String remoteAddress)
                        throws CmsAuthentificationException
Checks if the threshold for the invalid logins has been reached for the given user.

In case the configured threshold is reached, an Exception is thrown.

Parameters:
userName - the name of the user
remoteAddress - the remote address (IP) from which the login attempt was made
Throws:
CmsAuthentificationException - in case the threshold of invalid login attempts has been reached

checkLoginAllowed

public void checkLoginAllowed()
                       throws CmsAuthentificationException
Checks if a login is currently allowed.

In case no logins are allowed, an Exception is thrown.

Throws:
CmsAuthentificationException - in case no logins are allowed

getDisableMinutes

public int getDisableMinutes()
Returns the minutes an account gets disabled after too many failed login attempts.

Returns:
the minutes an account gets disabled after too many failed login attempts

getLoginMessage

public CmsLoginMessage getLoginMessage()
Returns the current login message that is displayed if a user logs in.

if null is returned, no login message has been currently set.

Returns:
the current login message that is displayed if a user logs in

getMaxBadAttempts

public int getMaxBadAttempts()
Returns the number of bad login attempts allowed before an account is temporarily disabled.

Returns:
the number of bad login attempts allowed before an account is temporarily disabled

removeLoginMessage

public void removeLoginMessage(CmsObject cms)
                        throws CmsRoleViolationException
Removes the current login message.

This operation requires that the current user has role permissions of CmsRole.ROOT_ADMIN.

Parameters:
cms - the current OpenCms user context
Throws:
CmsRoleViolationException - in case the current user does not have the required role permissions

setLoginMessage

public void setLoginMessage(CmsObject cms,
                            CmsLoginMessage message)
                     throws CmsRoleViolationException
Sets the login message to display if a user logs in.

This operation requires that the current user has role permissions of CmsRole.ROOT_ADMIN.

Parameters:
cms - the current OpenCms user context
message - the message to set
Throws:
CmsRoleViolationException - in case the current user does not have the required role permissions

addInvalidLogin

protected void addInvalidLogin(java.lang.String userName,
                               java.lang.String remoteAddress)
Adds an invalid attempt to login for the given user / IP to the storage.

In case the configured threshold is reached, the user is disabled for the configured time.

Parameters:
userName - the name of the user
remoteAddress - the remore address (IP) from which the login attempt was made

removeInvalidLogins

public void removeInvalidLogins(java.lang.String userName,
                                java.lang.String remoteAddress)
Removes all invalid attempts to login for the given user / IP.

Parameters:
userName - the name of the user
remoteAddress - the remore address (IP) from which the login attempt was made
Overview  Package   Class  Deprecated 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD