@Override
  @Transactional
  public void onAuthenticationFailure(
      HttpServletRequest request, HttpServletResponse response, AuthenticationException exception)
      throws IOException, ServletException {
    // Wrong password or username
    if (exception instanceof BadCredentialsException) {
      MotechUser motechUser =
          motechUsersDao.findByUserName(exception.getAuthentication().getName());
      int failureLoginLimit = settingService.getFailureLoginLimit();
      if (motechUser != null && failureLoginLimit > 0) {
        int failureLoginCounter = motechUser.getFailureLoginCounter();
        failureLoginCounter++;
        if (failureLoginCounter > failureLoginLimit && motechUser.isActive()) {
          motechUser.setUserStatus(UserStatus.BLOCKED);
          failureLoginCounter = 0;
          LOGGER.debug("User {} has been blocked", motechUser.getUserName());
        }
        motechUser.setFailureLoginCounter(failureLoginCounter);
        motechUsersDao.update(motechUser);
      }

      if (motechUser != null && !motechUser.isActive()) {
        LOGGER.debug("Redirecting to " + userBlockedUrl);
        redirectStrategy.sendRedirect(request, response, userBlockedUrl);
        return;
      }
    }
    super.onAuthenticationFailure(request, response, exception);
  }
Пример #2
0
 private void prepareSettingService() {
   when(settingService.getNumberOfDaysToChangePassword()).thenReturn(DAYS_TO_CHANGE_PASSWORD);
 }