@Override
@Transactional
public void onAuthenticationFailure(
HttpServletRequest request, HttpServletResponse response, AuthenticationException exception)
throws IOException, ServletException {
// Wrong password or username
if (exception instanceof BadCredentialsException) {
MotechUser motechUser =
motechUsersDao.findByUserName(exception.getAuthentication().getName());
int failureLoginLimit = settingService.getFailureLoginLimit();
if (motechUser != null && failureLoginLimit > 0) {
int failureLoginCounter = motechUser.getFailureLoginCounter();
failureLoginCounter++;
if (failureLoginCounter > failureLoginLimit && motechUser.isActive()) {
motechUser.setUserStatus(UserStatus.BLOCKED);
failureLoginCounter = 0;
LOGGER.debug("User {} has been blocked", motechUser.getUserName());
}
motechUser.setFailureLoginCounter(failureLoginCounter);
motechUsersDao.update(motechUser);
}
if (motechUser != null && !motechUser.isActive()) {
LOGGER.debug("Redirecting to " + userBlockedUrl);
redirectStrategy.sendRedirect(request, response, userBlockedUrl);
return;
}
}
super.onAuthenticationFailure(request, response, exception);
}
private void prepareSettingService() {
when(settingService.getNumberOfDaysToChangePassword()).thenReturn(DAYS_TO_CHANGE_PASSWORD);
}
