Le 21/02/2013 16:26, Marvin Addison a écrit :
I have made 4 attempts in less than 120s.
Configuration is a threshold of 2 for a range of 120s :
Those parameters define the _average_ authentication failure threshold
rate. Thus you have defined an average failure rate of 1 per minute.
That seems overly strict to me, but perhaps it makes sense for your
environment. Your failed login timestamps:
2013-02-21 15:14:32,617
2013-02-21 15:14:34,493
2013-02-21 15:14:37,313
2013-02-21 15:14:43,241
Throttling should have been applied on the third login attempt since
it occurred well under the threshold. (You'd have to wait 60s to
reauthenticate.)
Can you post your complete throttle wiring for review? I suspect it's
not properly wired into the handler interceptor.
M
Yes, I agree with you : this is overly strict but it is only to check if
throttling works ;)
The complete throttle wiring was in my previous post, here it is :
File : cas-server-webapp/src/main/webapp/WEB-INF/cas-servlet.xml
<bean class="org.springframework.webflow.mvc.servlet.FlowHandlerMapping"
p:flowRegistry-ref="flowRegistry"p:order="2">
<property name="interceptors">
+ <list>
<ref local="localeChangeInterceptor"/>
+ <ref bean="throttleInterceptor"/>
+ </list>
</property>
</bean>
File :
cas-server-webapp/src/main/webapp/WEB-INF/spring-configuration/auditTrailContext.xml
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:aop="http://www.springframework.org/schema/aop";
+ xmlns:p="http://www.springframework.org/schema/p";
xsi:schemaLocation="http://www.springframework.org/schema/beanshttp://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/aophttp://www.springframework.org/schema/aop/spring-aop-3.1.xsd";>
+<bean id="inspektrTransactionManager"
+ class="org.springframework.jdbc.datasource.DataSourceTransactionManager"
+ p:dataSource-ref="dataSource"
+ />
+
+ <bean id="inspektrTransactionTemplate"
+ class="org.springframework.transaction.support.TransactionTemplate"
+ p:transactionManager-ref="inspektrTransactionManager"
+ p:isolationLevelName="ISOLATION_READ_COMMITTED"
+ p:propagationBehaviorName="PROPAGATION_REQUIRED"
+ />
+
+ <bean id="auditManager"
class="com.github.inspektr.audit.support.JdbcAuditTrailManager">
+ <constructor-arg index="0" ref="inspektrTransactionTemplate" />
+ <property name="dataSource" ref="dataSource" />
+ </bean>
File :
cas-server-webapp/src/main/webapp/WEB-INF/spring-configuration/throttleInterceptorTrigger.xml
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans";
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xmlns:p="http://www.springframework.org/schema/p";
+
xsi:schemaLocation="http://www.springframework.org/schema/beanshttp://www.springframework.org/schema/beans/spring-beans-2.0.xsd";>
+
+<bean id="throttleInterceptor"
class="org.jasig.cas.web.support.InspektrThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter"
+ p:failureRangeInSeconds="120"
+ p:failureThreshold="2">
+ <constructor-arg index="0" ref="auditTrailManager" />
+ <constructor-arg index="1" ref="dataSource" />
+</bean>
+
+</beans>
Thanks for your help :)
Sylvain
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
