@Override
  @Transactional
  public void onAuthenticationFailure(
      HttpServletRequest request, HttpServletResponse response, AuthenticationException exception)
      throws IOException, ServletException {
    // Wrong password or username
    if (exception instanceof BadCredentialsException) {
      MotechUser motechUser =
          motechUsersDao.findByUserName(exception.getAuthentication().getName());
      int failureLoginLimit = settingService.getFailureLoginLimit();
      if (motechUser != null && failureLoginLimit > 0) {
        int failureLoginCounter = motechUser.getFailureLoginCounter();
        failureLoginCounter++;
        if (failureLoginCounter > failureLoginLimit && motechUser.isActive()) {
          motechUser.setUserStatus(UserStatus.BLOCKED);
          failureLoginCounter = 0;
          LOGGER.debug("User {} has been blocked", motechUser.getUserName());
        }
        motechUser.setFailureLoginCounter(failureLoginCounter);
        motechUsersDao.update(motechUser);
      }

      if (motechUser != null && !motechUser.isActive()) {
        LOGGER.debug("Redirecting to " + userBlockedUrl);
        redirectStrategy.sendRedirect(request, response, userBlockedUrl);
        return;
      }
    }
    super.onAuthenticationFailure(request, response, exception);
  }
 @Test
 public void shouldNotActivateInvalidUser() {
   motechUserService.register(
       "userName",
       "password",
       "1234",
       "",
       asList("IT_ADMIN", "DB_ADMIN"),
       Locale.ENGLISH,
       UserStatus.BLOCKED,
       null);
   motechUserService.activateUser("userName1");
   MotechUser motechUser = usersDataService.findByUserName("userName");
   assertFalse(motechUser.isActive());
 }