org.opencms.db
Class CmsLoginManager

java.lang.Object
  org.opencms.db.CmsLoginManager

public class CmsLoginManager
extends Object

Provides functions used to check the validity of a user login.

Stores invalid login attempts and disables a user account temporarily in case the configured threshold of invalid logins is reached.

The invalid login attempt storage operates on a combination of user name, login remote IP address and user type. This means that a user can be disabled for one remote IP, but still be enabled for another remote IP.

Also allows to temporarily disallow logins (for example in case of maintenance work on the system).

Since:

6.0.0

Field Summary

static int	DISABLE_MINUTES_DEFAULT Default lock time if treshold for bad login attempts is reached.
static boolean	ENABLE_SECURITY_DEFAULT Default setting for the security option.
protected int	m_disableMillis The milliseconds to disable an account if the threshold is reached.
protected int	m_disableMinutes The minutes to disable an account if the threshold is reached.
protected boolean	m_enableSecurity The flag to determine if the security option ahould be enabled on the login dialog.
protected int	m_maxBadAttempts The number of bad login attempts allowed before an account is temporarily disabled.
protected Map<String,org.opencms.db.CmsLoginManager.CmsUserData>	m_storage The storage for the bad login attempts.
static int	MAX_BAD_ATTEMPTS_DEFAULT Default for bad login attempts.

Constructor Summary

CmsLoginManager(int disableMinutes, int maxBadAttempts, boolean enableSecurity)
Creates a new storage for invalid logins.

Method Summary

protected void	addInvalidLogin(String userName, String remoteAddress) Adds an invalid attempt to login for the given user / IP to the storage.
void	checkInvalidLogins(String userName, String remoteAddress) Checks if the threshold for the invalid logins has been reached for the given user.
void	checkLoginAllowed() Checks if a login is currently allowed.
int	getDisableMinutes() Returns the minutes an account gets disabled after too many failed login attempts.
CmsLoginMessage	getLoginMessage() Returns the current login message that is displayed if a user logs in.
int	getMaxBadAttempts() Returns the number of bad login attempts allowed before an account is temporarily disabled.
boolean	isEnableSecurity() Returns if the security option ahould be enabled on the login dialog.
protected void	removeInvalidLogins(String userName, String remoteAddress) Removes all invalid attempts to login for the given user / IP.
void	removeLoginMessage(CmsObject cms) Removes the current login message.
void	setLoginMessage(CmsObject cms, CmsLoginMessage message) Sets the login message to display if a user logs in.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DISABLE_MINUTES_DEFAULT

public static final int DISABLE_MINUTES_DEFAULT

Default lock time if treshold for bad login attempts is reached.

See Also:

Constant Field Values

ENABLE_SECURITY_DEFAULT

public static final boolean ENABLE_SECURITY_DEFAULT

Default setting for the security option.

See Also:

Constant Field Values

MAX_BAD_ATTEMPTS_DEFAULT

public static final int MAX_BAD_ATTEMPTS_DEFAULT

Default for bad login attempts.

See Also:

Constant Field Values

m_disableMillis

protected int m_disableMillis

The milliseconds to disable an account if the threshold is reached.

m_disableMinutes

protected int m_disableMinutes

The minutes to disable an account if the threshold is reached.

m_enableSecurity

protected boolean m_enableSecurity

The flag to determine if the security option ahould be enabled on the login dialog.

m_maxBadAttempts

protected int m_maxBadAttempts

The number of bad login attempts allowed before an account is temporarily disabled.

m_storage

protected Map<String,org.opencms.db.CmsLoginManager.CmsUserData> m_storage

The storage for the bad login attempts.

Constructor Detail

CmsLoginManager

public CmsLoginManager(int disableMinutes,
                       int maxBadAttempts,
                       boolean enableSecurity)

Creates a new storage for invalid logins.

Parameters:

disableMinutes - the minutes to disable an account if the threshold is reached

maxBadAttempts - the number of bad login attempts allowed before an account is temporarily disabled

enableSecurity - flag to determine if the security option should be enabled on the login dialog

Method Detail

checkInvalidLogins

public void checkInvalidLogins(String userName,
                               String remoteAddress)
                        throws CmsAuthentificationException

Checks if the threshold for the invalid logins has been reached for the given user.

In case the configured threshold is reached, an Exception is thrown.

Parameters:

userName - the name of the user

remoteAddress - the remote address (IP) from which the login attempt was made

Throws:

CmsAuthentificationException - in case the threshold of invalid login attempts has been reached

checkLoginAllowed

public void checkLoginAllowed()
                       throws CmsAuthentificationException

Checks if a login is currently allowed.

In case no logins are allowed, an Exception is thrown.

Throws:

CmsAuthentificationException - in case no logins are allowed

getDisableMinutes

public int getDisableMinutes()

Returns the minutes an account gets disabled after too many failed login attempts.

Returns:

the minutes an account gets disabled after too many failed login attempts

isEnableSecurity

public boolean isEnableSecurity()

Returns if the security option ahould be enabled on the login dialog.

Returns:

true if the security option ahould be enabled on the login dialog, otherwise false

getLoginMessage

public CmsLoginMessage getLoginMessage()

Returns the current login message that is displayed if a user logs in.

if null is returned, no login message has been currently set.

Returns:

the current login message that is displayed if a user logs in

getMaxBadAttempts

public int getMaxBadAttempts()

Returns the number of bad login attempts allowed before an account is temporarily disabled.

Returns:

the number of bad login attempts allowed before an account is temporarily disabled

removeLoginMessage

public void removeLoginMessage(CmsObject cms)
                        throws CmsRoleViolationException

Removes the current login message.

This operation requires that the current user has role permissions of CmsRole.ROOT_ADMIN.

Parameters:

cms - the current OpenCms user context

Throws:

CmsRoleViolationException - in case the current user does not have the required role permissions

setLoginMessage

public void setLoginMessage(CmsObject cms,
                            CmsLoginMessage message)
                     throws CmsRoleViolationException

Sets the login message to display if a user logs in.

This operation requires that the current user has role permissions of CmsRole.ROOT_ADMIN.

Parameters:

cms - the current OpenCms user context

message - the message to set

Throws:

CmsRoleViolationException - in case the current user does not have the required role permissions

addInvalidLogin

protected void addInvalidLogin(String userName,
                               String remoteAddress)

Adds an invalid attempt to login for the given user / IP to the storage.

In case the configured threshold is reached, the user is disabled for the configured time.

Parameters:

userName - the name of the user

remoteAddress - the remore address (IP) from which the login attempt was made

removeInvalidLogins

protected void removeInvalidLogins(String userName,
                                   String remoteAddress)

Removes all invalid attempts to login for the given user / IP.

Parameters:

userName - the name of the user

remoteAddress - the remore address (IP) from which the login attempt was made