[rules-users] Design question for user login monitoring

Greg Barton greg_barton at yahoo.com
Thu Jun 10 11:56:17 EDT 2010 

First SWAG:

Input to the rules need only be the results of login attempts, an object something like this based on the requirements you've provided:

public class LoginAttempt {
  public final String userId;
  public final String source; 
  public final boolean successful;
}

Requirement 1 is pretty simple.  You can use a sliding time window for that.

Requirement 2 is a but more complex.  I assume it's also time limited, even though that's not stated.  (Or at least limited to the last N login attempts.)  The definition of "varies only slightly" will be interesting.  You can use string distance inside an aggregation, taking one login attempt as a "prototype" then aggregating all other recent login attempts that are withing a given radius of the prototype.

Requirement 3 may not be time limited, but much more than the others if it's over the lifetime of a license.  This is another use of aggregate.  Just aggregate a Set of login sources for a user's attempts and check if it's size is greater than 1.

About your issues:

1) Do you mean a singleton rules session, tracking all user logins?  If so, yes, that's the approach I'd take.
2) The rule actions should call some external service to report user shenanigans.  You could store a reference to this service as a global variable. (Or inject it from an IOC framework like Spring, if you're into that sort of thing. :) )

--- On Thu, 6/10/10, Earnie Dyke <earniedyke at yahoo.com> wrote:

> From: Earnie Dyke <earniedyke at yahoo.com>
> Subject: [rules-users] Design question for user login monitoring
> To: rules-users at lists.jboss.org
> Date: Thursday, June 10, 2010, 10:14 AM
> 
> Greetings all,
> 
> I have web app that I want to add user login monitoring to.
> The intent would
> be to identify hack attempts such as:
> 
> 1. same user attempting login with invalid password over
> period of time
> 2. multiple failed login attempts with user id that varies
> only slightly
> 3. logins by the same user from multiple computers (license
> sharing)
> 
> I believe I can do this with Fusion based rules but I have
> some design
> issues that I cannot resolve:
> 
> 1. Since the login data is not tied to a specific user, I
> would like to have
> a singleton that collects the data and reasons over it.
> Should I use an
> MBean for this?
> 2. Because I have a singleton who to I get results for a
> specific users
> login attempt (I need to kick the user out)?
> 
> Any other suggestions would be welcome.
> 
> Thanks!
> 
> Earnie!
> -- 
> View this message in context: http://drools-java-rules-engine.46999.n3.nabble.com/Design-question-for-user-login-monitoring-tp885841p885841.html
> Sent from the Drools - User mailing list archive at
> Nabble.com.
> _______________________________________________
> rules-users mailing list
> rules-users at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/rules-users
>

More information about the rules-users mailing list