Block user after n trials of wrong username and password

abd.ibrahim.allam · November 12, 2019, 8:34am

Hi Team ,

Is their is any way to block the user if he tried to login to the system n number of times with wrong username and password.

Then take action to send notification to support team the user “xyz” is trying to login to the system with wrong credentials to support him.

Peter_Liang · November 12, 2019, 9:10am

For your first requirement, there is an OOTB function called bruteForceProtection. Not sure if that is what you need.

cuba.bruteForceProtection.enabled
Enables a mechanism for the protection against password brute force cracking.

cuba.bruteForceProtection.blockIntervalSec
Blocking interval in seconds after exceeding a maximum number of failed login attempts, if the cuba.bruteForceProtection.enabled property is on.

cuba.bruteForceProtection.maxLoginAttemptsNumber
A maximum number of failed login attempts for the combination of user login and IP address, if the cuba.bruteForceProtection.enabled property is on.

You can find the detail of the above setting in URL below.
https://doc.cuba-platform.com/manual-latest/app_properties_reference.html

Your second requirement can be done with customization.

krivopustov · November 14, 2019, 6:26am

To be more specific, you can override com.haulmont.cuba.security.app.BruteForceProtectionBean in the core module to send the notification.