Author: hfnukal Date: 2011-08-08 10:25:29 -0400 (Mon, 08 Aug 2011) New Revision: 7007 Added: epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-war/component/ epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-war/component/web/ epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-war/component/web/security/ epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-war/component/web/security/src/ epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-war/component/web/security/src/main/ epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-war/component/web/security/src/main/java/ epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-war/component/web/security/src/main/java/org/ epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-war/component/web/security/src/main/java/org/exoplatform/ epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-war/component/web/security/src/main/java/org/exoplatform/web/ epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-war/component/web/security/src/main/java/org/exoplatform/web/security/ epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-war/component/web/security/src/main/java/org/exoplatform/web/security/errorlogin/ epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-war/component/web/security/src/main/java/org/exoplatform/web/security/errorlogin/ErrorLoginFilter.java epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-war/component/web/security/src/main/java/org/exoplatform/web/security/errorlogin/InvalidAttemptKey.java epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-war/component/web/security/src/main/java/org/exoplatform/web/security/errorlogin/InvalidLoginAttemptsService.java epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-war/component/web/security/src/main/java/org/exoplatform/web/security/errorlogin/InvalidLoginPolicy.java epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-war/component/web/security/src/main/java/org/exoplatform/web/security/errorlogin/LoginDetectorFilter.java Modified: epp/portal/branches/EPP_5_2_Branch/portlet/exoadmin/src/main/java/org/exoplatform/account/webui/component/UIRegisterForm.java epp/portal/branches/EPP_5_2_Branch/portlet/exoadmin/src/main/java/org/exoplatform/account/webui/component/UIRegisterInputSet.java epp/portal/branches/EPP_5_2_Branch/web/portal/src/main/webapp/WEB-INF/conf/configuration.xml epp/portal/branches/EPP_5_2_Branch/web/portal/src/main/webapp/WEB-INF/web.xml epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-war/src/main/webapp/WEB-INF/conf/configuration.xml Log: JBEPP-808 add ability to send email on registration and x successive failures Modified: epp/portal/branches/EPP_5_2_Branch/portlet/exoadmin/src/main/java/org/exoplatform/account/webui/component/UIRegisterForm.java =================================================================== --- epp/portal/branches/EPP_5_2_Branch/portlet/exoadmin/src/main/java/org/exoplatform/account/webui/component/UIRegisterForm.java 2011-08-08 08:59:59 UTC (rev 7006) +++ epp/portal/branches/EPP_5_2_Branch/portlet/exoadmin/src/main/java/org/exoplatform/account/webui/component/UIRegisterForm.java 2011-08-08 14:25:29 UTC (rev 7007) @@ -19,10 +19,9 @@ package org.exoplatform.account.webui.component; -import org.exoplatform.portal.webui.CaptchaValidator; -import org.exoplatform.portal.webui.UICaptcha; -import org.exoplatform.portal.webui.util.Util; +import org.exoplatform.portal.registration.PostRegistrationService; import org.exoplatform.services.organization.OrganizationService; +import org.exoplatform.services.organization.User; import org.exoplatform.services.organization.UserHandler; import org.exoplatform.web.application.ApplicationMessage; import org.exoplatform.webui.application.WebuiRequestContext; @@ -45,9 +44,6 @@ import java.util.ArrayList; import java.util.List; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpSession; - import nl.captcha.Captcha; /** @@ -65,6 +61,8 @@ { private final static String[] ACTIONS = {"Subscribe", "Reset"}; + + static final String ATTR_USER = "UIRegisterForm$User"; public UIRegisterForm() throws Exception { @@ -121,9 +119,14 @@ if (registerInput.save(userHandler, context)) { - //TODO: Send email and add Account Activating feature + //TODO: Add Account Activating feature UIApplication uiApp = context.getUIApplication(); - uiApp.addMessage(new ApplicationMessage("UIRegisterForm.registerWithSuccess.message", null)); + uiApp.addMessage(new ApplicationMessage("UIRegisterForm.registerWithSuccess.message", null)); + + // Send mail to administrator after successful registration of user + PostRegistrationService postRegistrationService = uiApp.getApplicationComponent(PostRegistrationService.class); + User user = (User)context.getAttribute(ATTR_USER); + postRegistrationService.sendMailAfterSuccessfulRegistration(user); } //Invalidate the capcha Modified: epp/portal/branches/EPP_5_2_Branch/portlet/exoadmin/src/main/java/org/exoplatform/account/webui/component/UIRegisterInputSet.java =================================================================== --- epp/portal/branches/EPP_5_2_Branch/portlet/exoadmin/src/main/java/org/exoplatform/account/webui/component/UIRegisterInputSet.java 2011-08-08 08:59:59 UTC (rev 7006) +++ epp/portal/branches/EPP_5_2_Branch/portlet/exoadmin/src/main/java/org/exoplatform/account/webui/component/UIRegisterInputSet.java 2011-08-08 14:25:29 UTC (rev 7007) @@ -20,7 +20,6 @@ import javax.portlet.PortletPreferences; -import org.exoplatform.portal.pom.config.Utils; import org.exoplatform.portal.webui.CaptchaValidator; import org.exoplatform.portal.webui.UICaptcha; import org.exoplatform.services.organization.Query; @@ -173,6 +172,9 @@ userHandler.createUser(user, true);//Broadcast user creaton event reset();//Reset the input form + + // save user as attribute to WebuiRequestContext for later use + context.setAttribute(UIRegisterForm.ATTR_USER, user); return true; } } Modified: epp/portal/branches/EPP_5_2_Branch/web/portal/src/main/webapp/WEB-INF/conf/configuration.xml =================================================================== --- epp/portal/branches/EPP_5_2_Branch/web/portal/src/main/webapp/WEB-INF/conf/configuration.xml 2011-08-08 08:59:59 UTC (rev 7006) +++ epp/portal/branches/EPP_5_2_Branch/web/portal/src/main/webapp/WEB-INF/conf/configuration.xml 2011-08-08 14:25:29 UTC (rev 7007) @@ -55,4 +55,7 @@ <import>war:/conf/mail/portal-mail-configuration.xml</import> <import>war:/conf/portal/portal-configuration.xml</import> <import>war:/conf/portal/application-registry-configuration.xml</import> + + <!-- Administration improvements --> + <import>war:/conf/admin/admin-configuration.xml</import> </configuration> Modified: epp/portal/branches/EPP_5_2_Branch/web/portal/src/main/webapp/WEB-INF/web.xml =================================================================== --- epp/portal/branches/EPP_5_2_Branch/web/portal/src/main/webapp/WEB-INF/web.xml 2011-08-08 08:59:59 UTC (rev 7006) +++ epp/portal/branches/EPP_5_2_Branch/web/portal/src/main/webapp/WEB-INF/web.xml 2011-08-08 14:25:29 UTC (rev 7007) @@ -74,7 +74,7 @@ <filter> <filter-name>RestEncodingFilter</filter-name> <filter-class>org.exoplatform.services.rest.servlet.RestEncodingFilter</filter-class> - <init-param> + <init-param> <param-name>REQUEST_ENCODING</param-name> <param-value>UTF-8</param-value> </init-param> @@ -99,6 +99,18 @@ <filter-class>org.exoplatform.container.web.PortalContainerFilter</filter-class> </filter> + <!-- Uncomment ErrorLoginFilter and LoginDetectorFilter for sending mail after successive number of bad login attempts. --> + <!-- + <filter> + <filter-name>ErrorLoginFilter</filter-name> + <filter-class>org.exoplatform.web.security.errorlogin.ErrorLoginFilter</filter-class> + </filter> + <filter> + <filter-name>LoginDetectorFilter</filter-name> + <filter-class>org.exoplatform.web.security.errorlogin.LoginDetectorFilter</filter-class> + </filter> + --> + <filter-mapping> <filter-name>PortalContainerFilter</filter-name> <url-pattern>/*</url-pattern> Added: epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-war/component/web/security/src/main/java/org/exoplatform/web/security/errorlogin/ErrorLoginFilter.java =================================================================== --- epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-war/component/web/security/src/main/java/org/exoplatform/web/security/errorlogin/ErrorLoginFilter.java (rev 0) +++ epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-war/component/web/security/src/main/java/org/exoplatform/web/security/errorlogin/ErrorLoginFilter.java 2011-08-08 14:25:29 UTC (rev 7007) @@ -0,0 +1,68 @@ +/****************************************************************************** + * JBoss, a division of Red Hat * + * Copyright 2010, Red Hat Middleware, LLC, and individual * + * contributors as indicated by the @authors tag. See the * + * copyright.txt in the distribution for a full listing of * + * individual contributors. * + * * + * This is free software; you can redistribute it and/or modify it * + * under the terms of the GNU Lesser General Public License as * + * published by the Free Software Foundation; either version 2.1 of * + * the License, or (at your option) any later version. * + * * + * This software is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * Lesser General Public License for more details. * + * * + * You should have received a copy of the GNU Lesser General Public * + * License along with this software; if not, write to the Free * + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. * + ******************************************************************************/ +package org.exoplatform.web.security.errorlogin; + +import java.io.IOException; + +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; + +import org.exoplatform.container.web.AbstractFilter; + +/** + * Filter should be called to detect invalid login attempt to portal. + * + * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a> + * @version $Revision$ + */ +public class ErrorLoginFilter extends AbstractFilter +{ + + @Override + public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, + ServletException + { + HttpServletRequest httpRequest = (HttpServletRequest)request; + + // get informations about user + String clientIPAddress = request.getRemoteAddr(); + String sessionID = httpRequest.getSession().getId(); + String username = httpRequest.getParameter("j_username"); + + // Call InvalidLoginService, which can perform some actions (aka send mail to portal administrator) + InvalidLoginAttemptsService invalidLoginService = (InvalidLoginAttemptsService)getContainer().getComponentInstanceOfType(InvalidLoginAttemptsService.class); + invalidLoginService.badLoginAttempt(sessionID, username, clientIPAddress); + + // Continue with request + chain.doFilter(request, response); + } + + @Override + public void destroy() + { + } + +} Added: epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-war/component/web/security/src/main/java/org/exoplatform/web/security/errorlogin/InvalidAttemptKey.java =================================================================== --- epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-war/component/web/security/src/main/java/org/exoplatform/web/security/errorlogin/InvalidAttemptKey.java (rev 0) +++ epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-war/component/web/security/src/main/java/org/exoplatform/web/security/errorlogin/InvalidAttemptKey.java 2011-08-08 14:25:29 UTC (rev 7007) @@ -0,0 +1,91 @@ +/****************************************************************************** + * JBoss, a division of Red Hat * + * Copyright 2010, Red Hat Middleware, LLC, and individual * + * contributors as indicated by the @authors tag. See the * + * copyright.txt in the distribution for a full listing of * + * individual contributors. * + * * + * This is free software; you can redistribute it and/or modify it * + * under the terms of the GNU Lesser General Public License as * + * published by the Free Software Foundation; either version 2.1 of * + * the License, or (at your option) any later version. * + * * + * This software is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * Lesser General Public License for more details. * + * * + * You should have received a copy of the GNU Lesser General Public * + * License along with this software; if not, write to the Free * + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. * + ******************************************************************************/ +package org.exoplatform.web.security.errorlogin; + +import org.exoplatform.commons.utils.Safe; + +/** + * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a> + * @version $Revision$ + */ +class InvalidAttemptKey +{ + private final String sessionId; + private final String username; + private final String hostname; + + private InvalidAttemptKey(String sessionId, String username, String hostname) + { + this.sessionId = sessionId; + this.username = username; + this.hostname = hostname; + } + + public static InvalidAttemptKey createKey(InvalidLoginPolicy policy, String sessionId, String username, String hostname) + { + switch (policy) + { + case SESSION: return new InvalidAttemptKey(sessionId, null, null); + + case SESSION_AND_USER: return new InvalidAttemptKey(sessionId, username, null); + + case SERVER: return new InvalidAttemptKey(null, null, hostname); + + default: throw new IllegalArgumentException("Non-expected value of InvalidLoginPolicy."); + } + } + + public boolean equals(Object obj) + { + if (obj == this) + { + return true; + } + if (obj instanceof InvalidAttemptKey) + { + InvalidAttemptKey that = (InvalidAttemptKey)obj; + return Safe.equals(sessionId, that.sessionId) && Safe.equals(username, that.username) && Safe.equals(hostname, that.hostname); + } + return false; + } + + public int hashCode() + { + int result = 1234567; + if (sessionId != null) + { + result = sessionId.hashCode(); + } + if (username != null) + { + result = result ^ username.hashCode(); + } + if (hostname != null) + { + result = result ^ hostname.hashCode(); + } + return result; + } + +} + Added: epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-war/component/web/security/src/main/java/org/exoplatform/web/security/errorlogin/InvalidLoginAttemptsService.java =================================================================== --- epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-war/component/web/security/src/main/java/org/exoplatform/web/security/errorlogin/InvalidLoginAttemptsService.java (rev 0) +++ epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-war/component/web/security/src/main/java/org/exoplatform/web/security/errorlogin/InvalidLoginAttemptsService.java 2011-08-08 14:25:29 UTC (rev 7007) @@ -0,0 +1,200 @@ +/****************************************************************************** + * JBoss, a division of Red Hat * + * Copyright 2010, Red Hat Middleware, LLC, and individual * + * contributors as indicated by the @authors tag. See the * + * copyright.txt in the distribution for a full listing of * + * individual contributors. * + * * + * This is free software; you can redistribute it and/or modify it * + * under the terms of the GNU Lesser General Public License as * + * published by the Free Software Foundation; either version 2.1 of * + * the License, or (at your option) any later version. * + * * + * This software is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * Lesser General Public License for more details. * + * * + * You should have received a copy of the GNU Lesser General Public * + * License along with this software; if not, write to the Free * + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. * + ******************************************************************************/ +package org.exoplatform.web.security.errorlogin; + +import java.util.concurrent.ConcurrentHashMap; +import java.util.concurrent.ConcurrentMap; + +import org.exoplatform.container.xml.InitParams; +import org.exoplatform.services.mail.MailService; +import org.gatein.common.logging.Logger; +import org.gatein.common.logging.LoggerFactory; + +/** + * Service can be used to track invalid login attempts of users and do some actions when + * some number of successive login attempts is detected. + * + * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a> + * @version $Revision$ + */ +public class InvalidLoginAttemptsService +{ + private static final Logger log = LoggerFactory.getLogger(InvalidLoginAttemptsService.class); + + /** + * If false, then feature of sending mails to administrator about bad login attempts is disabled. + */ + private final Boolean sendMailEnabled; + + /** + * Number of successive invalid login attempts of user, after the mail will be send. + */ + private final Integer numberOfFailedAttempts; + + /** + * Policy for indication that invalid login attempts are coming from same source. + * Valid values are SESSION, SESSION_AND_USER, SERVER. SESSION is default and it means that login attempts + * are coming from same HTTP session. SESSION_AND_USER is indicating login attempts of same user and from same HTTP session. + * SERVER means login attempts from same remote server. + */ + private final InvalidLoginPolicy invalidLoginPolicy; + + /** + * This will be used as 'from' header in admin mail + */ + private final String mailFrom; + + /** + * This should be admin e-mail address, where e-mail about invalid login attempts will be send. + */ + private final String mailTo; + + /** + * Subject of email about invalid login attempts. + */ + private final String mailSubject; + + /** + * Content of mail message, which will be send to administrator. + * Real content will be based on value of parameter "invalidLoginPolicy". Tokens like ${username}, ${sessionId}, ${hostname} will be replaced with real values from attacker. + */ + private final String mailMessage; + + /** + * MailService injected by exo kernel. + */ + private final MailService mailService; + + /** + * Helper map to track login attempts from different users. + */ + private final ConcurrentMap<InvalidAttemptKey, Integer> attemptMap = new ConcurrentHashMap<InvalidAttemptKey, Integer>(); + + public InvalidLoginAttemptsService(InitParams params, MailService mailService) + { + this.mailService = mailService; + this.sendMailEnabled = Boolean.valueOf(params.getValueParam("sendingMailsEnabled").getValue()); + this.numberOfFailedAttempts = Integer.parseInt(params.getValueParam("numberOfFailedAttempts").getValue()); + this.invalidLoginPolicy = InvalidLoginPolicy.valueOf(params.getValueParam("invalidLoginPolicy").getValue()); + this.mailFrom = params.getValueParam("mailFrom").getValue(); + this.mailTo = params.getValueParam("mailTo").getValue(); + this.mailSubject = params.getValueParam("mailSubject").getValue(); + this.mailMessage = params.getPropertiesParam("mailMessage").getProperty(invalidLoginPolicy.toString()); + } + + /** + * This should be called each time when invalid login attempt is detected (typically from HttpFilter) + * + * @param sessionId + * @param username + * @param hostname + */ + public void badLoginAttempt(String sessionId, String username, String hostname) + { + if (log.isDebugEnabled()) + { + log.debug(new StringBuilder("Detected invalid login attempt. Session id=").append(sessionId).append( + ", username=").append(username).append(", hostname=").append(hostname)); + } + if (numberOfFailedAttempts == 1) + { + sendMail(sessionId, username, hostname); + return; + } + + InvalidAttemptKey key = InvalidAttemptKey.createKey(invalidLoginPolicy, sessionId, username, hostname); + + // TODO: better synchronization + int currentCount = 1; + if (attemptMap.containsKey(key)) + { + currentCount = attemptMap.get(key) + 1; + if (currentCount == numberOfFailedAttempts) + { + sendMail(sessionId, username, hostname); + attemptMap.remove(key); + } + else + { + attemptMap.put(key, currentCount); + } + } + else + { + attemptMap.put(key, currentCount); + } + } + + /** + * This should be called each time successful login attempt is detected. We need to use it to clean previous bad attempts + * when we have good attempt. + * + * @param sessionId + * @param username + * @param hostname + */ + public void successfulLoginAttempt(String sessionId, String username, String hostname) + { + if (log.isDebugEnabled()) + { + log.debug(new StringBuilder("Detected successful login attempt. Session id=").append(sessionId).append( + ", username=").append(username).append(", hostname=").append(hostname)); + } + InvalidAttemptKey key = InvalidAttemptKey.createKey(invalidLoginPolicy, sessionId, username, hostname); + attemptMap.remove(key); + } + + private void sendMail(String sessionId, String username, String hostname) + { + // return if sending mails disabled in configuration. + if (!sendMailEnabled) + { + if (log.isDebugEnabled()) + { + log.debug("Sending of mails disabled. Mail won't be send about invalid login attempts."); + } + return; + } + + // replace tokens from configuration with real values. + String result = mailMessage.replaceAll("\\$\\{sessionId\\}", sessionId); + result = result.replaceAll("\\$\\{username\\}", username); + result = result.replaceAll("\\$\\{hostname\\}", hostname); + result = result.replaceAll("\\$\\{number\\}", String.valueOf(numberOfFailedAttempts)); + + try + { + if (log.isDebugEnabled()) + { + log.debug("Sending mail about the invalid login attempts. Mail message is: " + result); + } + mailService.sendMessage(mailFrom, mailTo, mailSubject, result); + } + catch (Exception e) + { + // log exception but not throw it when sending of mail happen + log.error("Error when sending mail to admin after detected invalid number of login attempts.", e); + } + } + +} Added: epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-war/component/web/security/src/main/java/org/exoplatform/web/security/errorlogin/InvalidLoginPolicy.java =================================================================== --- epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-war/component/web/security/src/main/java/org/exoplatform/web/security/errorlogin/InvalidLoginPolicy.java (rev 0) +++ epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-war/component/web/security/src/main/java/org/exoplatform/web/security/errorlogin/InvalidLoginPolicy.java 2011-08-08 14:25:29 UTC (rev 7007) @@ -0,0 +1,52 @@ +/****************************************************************************** + * JBoss, a division of Red Hat * + * Copyright 2010, Red Hat Middleware, LLC, and individual * + * contributors as indicated by the @authors tag. See the * + * copyright.txt in the distribution for a full listing of * + * individual contributors. * + * * + * This is free software; you can redistribute it and/or modify it * + * under the terms of the GNU Lesser General Public License as * + * published by the Free Software Foundation; either version 2.1 of * + * the License, or (at your option) any later version. * + * * + * This software is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * Lesser General Public License for more details. * + * * + * You should have received a copy of the GNU Lesser General Public * + * License along with this software; if not, write to the Free * + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. * + ******************************************************************************/ +package org.exoplatform.web.security.errorlogin; + +/** + * Policy for indication that invalid login attempts are coming from same source. For example: <br> + * If value is SERVER, then mail will be send after detection of 3 successive invalid login attempts from same remote server.<br> + * If value is SESSION, then mail will be send after detection of 3 successive invalid login attempts from same HTTP session.<br> + * etc. + * + * + * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a> + * @version $Revision$ + */ +public enum InvalidLoginPolicy +{ + /** + * SESSION is default and it means that login attempts are coming from same HTTP session. + */ + SESSION, + + /** + * SESSION_AND_USER is indicating login attempts of same user and from same HTTP session. + */ + SESSION_AND_USER, + + /** + * SERVER means login attempts from same remote server. + */ + SERVER + +} Added: epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-war/component/web/security/src/main/java/org/exoplatform/web/security/errorlogin/LoginDetectorFilter.java =================================================================== --- epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-war/component/web/security/src/main/java/org/exoplatform/web/security/errorlogin/LoginDetectorFilter.java (rev 0) +++ epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-war/component/web/security/src/main/java/org/exoplatform/web/security/errorlogin/LoginDetectorFilter.java 2011-08-08 14:25:29 UTC (rev 7007) @@ -0,0 +1,74 @@ +/****************************************************************************** + * JBoss, a division of Red Hat * + * Copyright 2010, Red Hat Middleware, LLC, and individual * + * contributors as indicated by the @authors tag. See the * + * copyright.txt in the distribution for a full listing of * + * individual contributors. * + * * + * This is free software; you can redistribute it and/or modify it * + * under the terms of the GNU Lesser General Public License as * + * published by the Free Software Foundation; either version 2.1 of * + * the License, or (at your option) any later version. * + * * + * This software is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * Lesser General Public License for more details. * + * * + * You should have received a copy of the GNU Lesser General Public * + * License along with this software; if not, write to the Free * + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. * + ******************************************************************************/ +package org.exoplatform.web.security.errorlogin; + +import java.io.IOException; + +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; + +import org.exoplatform.container.web.AbstractFilter; +import org.exoplatform.services.security.ConversationState; + +/** + * Filter should be called to detect successful login of user into portal and call InvalidLoginAttemptsService. + * + * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a> + * @version $Revision$ + */ +public class LoginDetectorFilter extends AbstractFilter +{ + private static final String ATTR_LOGIN_DETECTED = "LoginDetectorFilter.loginDetected"; + + @Override + public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, + ServletException + { + HttpServletRequest httpRequest = (HttpServletRequest)request; + ConversationState state = ConversationState.getCurrent(); + + if (state != null) + { + if (state.getAttribute(ATTR_LOGIN_DETECTED) == null) + { + String clientIPAddress = request.getRemoteAddr(); + String sessionID = httpRequest.getSession().getId(); + String username = httpRequest.getRemoteUser(); + state.setAttribute(ATTR_LOGIN_DETECTED, true); + + InvalidLoginAttemptsService invalidLoginService = (InvalidLoginAttemptsService)getContainer().getComponentInstanceOfType(InvalidLoginAttemptsService.class); + invalidLoginService.successfulLoginAttempt(sessionID, username, clientIPAddress); + } + } + chain.doFilter(request, response); + } + + @Override + public void destroy() + { + } + +} Modified: epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-war/src/main/webapp/WEB-INF/conf/configuration.xml =================================================================== --- epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-war/src/main/webapp/WEB-INF/conf/configuration.xml 2011-08-08 08:59:59 UTC (rev 7006) +++ epp/portal/branches/EPP_5_2_Branch/wsrp-integration/extension-war/src/main/webapp/WEB-INF/conf/configuration.xml 2011-08-08 14:25:29 UTC (rev 7007) @@ -28,4 +28,7 @@ xmlns="http://www.exoplaform.org/xml/ns/kernel_1_1.xsd"> <import profiles="jboss">war:/conf/wsrp/wsrp-configuration.xml</import> <import profiles="jboss">war:/conf/wsrp/jcr-configuration.xml</import> + + <!-- Administration improvements --> + <import>war:/conf/admin/admin-configuration.xml</import> </configuration>