cuba.bruteForceProtection.enabled which enable locking the user after n number of trials
But we are expecting the same to happen on the REST API but unfortunately we still get the Bad credentials not Login Exception with details although the Log shows that
How to enable such functionality on REST APIs
Below is sample logs on our application
Login failed: com.haulmont.cuba.security.global.LoginException: The number of unsuccessful login attempts exceeded. Your account is blocked for 60 seconds
23:12:35.096 INFO c.h.a.r.a.a.CubaUserAuthenticationProvider- REST API authentication failed: [xxx.xxx@xxx.com](mailto:xxx.xxx@xxx.com) 127.0.0.1
23:12:35.096 WARN o.s.s.o.p.endpoint.TokenEndpoint - Handling error: InvalidGrantException, Bad credentials
Hi,
I could not reproduce the problem, it works on a sample project. The user was blocked after 5 attempts to login through endpoint: app/rest/v2/oauth/token.
Please check property values using Administration -> Application properties: cuba.bruteForceProtection.maxLoginAttemptsNumber. Default value: 5 cuba.bruteForceProtection.blockIntervalSec. Default value: 60.
Sample log:
14:28:38.214 WARN o.s.s.o.p.endpoint.TokenEndpoint - Handling error: InvalidGrantException, Bad credentials
14:28:38.943 INFO c.h.c.s.a.AuthenticationServiceBean - Login failed: com.haulmont.cuba.security.global.AccountLockedException: The number of unsuccessful login attempts exceeded. Your account is blocked for 60 seconds
14:28:38.948 INFO c.h.a.r.a.a.CubaUserAuthenticationProvider- Blocked user login attempt: login=admin, ip=0:0:0:0:0:0:0:1
14:28:38.949 WARN o.s.s.o.p.endpoint.TokenEndpoint - Handling error: InvalidGrantException, User temporarily blocked
In addition, check the property cuba.checkPasswordOnClient value in web application properties.