mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-10-08 14:51:49 +00:00
REPO-1687: ACE-5662: The AuthenticationServiceImpl.ProtectedUser is not suitable for clustered cache
- Added additional check to avoid problems with very small usernames. git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/BRANCHES/DEV/5.2.N/root@133443 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
@@ -179,8 +179,11 @@ public class AuthenticationServiceImpl extends AbstractAuthenticationService imp
|
|||||||
if (protectedUser.getNumLogins() == protectionLimit && logger.isWarnEnabled())
|
if (protectedUser.getNumLogins() == protectionLimit && logger.isWarnEnabled())
|
||||||
{
|
{
|
||||||
// Shows only first 2 symbols of the username and masks all other character with '*'
|
// Shows only first 2 symbols of the username and masks all other character with '*'
|
||||||
logger.warn(String.format(BRUTE_FORCE_ATTACK_DETECTED,
|
if (userName.length() >= 2)
|
||||||
userName.substring(0,2) + new String(new char[(userName.length() - 2)]).replace("\0", "*")));
|
{
|
||||||
|
logger.warn(String.format(BRUTE_FORCE_ATTACK_DETECTED,
|
||||||
|
userName.substring(0,2) + new String(new char[(userName.length() - 2)]).replace("\0", "*")));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
protectedUsersCache.put(userName, protectedUser);
|
protectedUsersCache.put(userName, protectedUser);
|
||||||
|
Reference in New Issue
Block a user