예제 #1
0
 private boolean isLoginThresholdEnable(HttpServletRequest request, SessionLog sessionLog) {
   boolean res = false;
   if (sessionLog.getNbSuccessiveLoginAttempts() >= LOGIN_THRESHOLD) {
     if (sessionLog.getLastLoginAttempts().getTime() + LOGIN_THRESHOLD_TIMEOUT
         > System.currentTimeMillis()) {
       res = true;
     }
   }
   return res;
 }
예제 #2
0
  @Override
  protected void doFilterInternal(
      HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
      throws ServletException, IOException {

    long timer = System.currentTimeMillis();
    SessionLog sessionLog = null;
    boolean ok = true;

    if (request.getSession(false) == null
        || request.getSession().getAttribute(SessionLog.class.getName()) == null) {
      if (hasToManySession(request)) {
        ok = false;
        handleTooManySession(request);
      } else {
        // create new session if needed
        HttpSession session = request.getSession();
        sessionLog = createNewSessionLog(request);
        session.setAttribute(SessionLog.class.getName(), sessionLog);
      }
    } else {
      sessionLog = (SessionLog) request.getSession().getAttribute(SessionLog.class.getName());
      if (!sessionLog.getIp().equalsIgnoreCase(RemoteInfoUtil.getClientIpAddr(request))) {
        request.getSession().invalidate();
        response.sendError(HttpServletResponse.SC_CONFLICT);
      } else {
        ok = false;
        populateSessionLog(request, sessionLog);
      }
    }

    if (ok) {
      if (sessionLog != null
          && isLoginAccess(request)
          && isLoginThresholdEnable(request, sessionLog)) {
        handleTooManyLoginAttempt(request);
      } else {
        filterChain.doFilter(request, response);
      }
      timer = System.currentTimeMillis() - timer;
      if (sessionLog != null) {
        sessionLog.addServerTime(timer);
      }
    }
  }
예제 #3
0
 private void populateSessionLog(HttpServletRequest request, SessionLog sessionLog) {
   if (isRessource(request)) {
     sessionLog.setNbRequestRessources(sessionLog.getNbRequestRessources() + 1);
   } else {
     sessionLog.setNbRequestPages(sessionLog.getNbRequestPages() + 1);
     if (request.getRequestURI().contains(GenericController.LOGIN_PROCESS_URL)) {
       if (sessionLog.getLastLoginAttempts() != null) {
         Date lastTry = sessionLog.getLastLoginAttempts();
         Date timeOut = new Date(lastTry.getTime() + LOGIN_THRESHOLD_TIMEOUT);
         if (timeOut.before(new Date())) {
           sessionLog.setNbSuccessiveLoginAttempts(1);
         } else {
           sessionLog.setNbSuccessiveLoginAttempts(sessionLog.getNbSuccessiveLoginAttempts() + 1);
         }
       } else {
         sessionLog.setNbSuccessiveLoginAttempts(1);
       }
       sessionLog.setLastLoginAttempts(new Date());
     }
   }
 }