Settings I'm using:
hllp.all.authmanager=ad
client.login.model=basic
apsv.security.enable=basic
When the credentials are correct I get one block of log details (and additional info after it, didn't include it):
When credentials are not correct this block is repeated ten more times (+ look at second code block) and each time AD increments it's login attempts counter and as a result the user gets blocked.
Can the login attempt amount be configured or is it not possible?
hllp.all.authmanager=ad
client.login.model=basic
apsv.security.enable=basic
When the credentials are correct I get one block of log details (and additional info after it, didn't include it):
Code:
13:59:17.916/1603490 [thd-11] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/apsv'; against '/apsv/**'
13:59:17.916/1603490 [thd-11] DEBUG o.s.security.web.FilterChainProxy - /apsv at position 1 of 15 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
13:59:17.917/1603491 [thd-11] DEBUG o.s.security.web.FilterChainProxy - /apsv at position 2 of 15 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
13:59:17.917/1603491 [thd-11] DEBUG o.s.security.web.FilterChainProxy - /apsv at position 3 of 15 in additional filter chain; firing Filter: 'HeaderWriterFilter'
13:59:17.917/1603491 [thd-11] DEBUG o.s.security.web.FilterChainProxy - /apsv at position 4 of 15 in additional filter chain; firing Filter: 'LogoutFilter'
13:59:17.917/1603491 [thd-11] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/apsv'; against '/logout'
13:59:17.917/1603491 [thd-11] DEBUG o.s.security.web.FilterChainProxy - /apsv at position 5 of 15 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
13:59:17.917/1603491 [thd-11] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /apsv' doesn't match 'POST /login
13:59:17.917/1603491 [thd-11] DEBUG o.s.security.web.FilterChainProxy - /apsv at position 6 of 15 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
13:59:17.917/1603491 [thd-11] DEBUG o.s.security.web.FilterChainProxy - /apsv at position 7 of 15 in additional filter chain; firing Filter: 'OECPSSOAuthFilter'
13:59:17.917/1603491 [thd-11] DEBUG o.s.security.web.FilterChainProxy - /apsv at position 8 of 15 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
13:59:17.917/1603491 [thd-11] DEBUG o.s.s.w.a.w.BasicAuthenticationFilter - Basic Authentication Authorization header found for user 'rudnikov_p'
13:59:17.918/1603492 [thd-11] DEBUG o.s.s.authentication.ProviderManager - Authentication attempt using org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider
When credentials are not correct this block is repeated ten more times (+ look at second code block) and each time AD increments it's login attempts counter and as a result the user gets blocked.
Code:
13:33:41.991/67565 [thd-1] DEBUG o.s.s.l.a.a.ActiveDirectoryLdapAuthenticationProvider - Authentication for user@my.local failed:javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09056B, comment: AcceptSecurityContext error, data 52e, v4f7c ]
13:33:41.991/67565 [thd-1] INFO o.s.s.l.a.a.ActiveDirectoryLdapAuthenticationProvider - Active Directory authentication failed: Supplied password was invalid
13:33:41.991/67565 [thd-1] DEBUG o.s.s.w.a.w.BasicAuthenticationFilter - Authentication request for failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials
13:33:41.992/67566 [thd-1] DEBUG o.s.s.w.h.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@10390f6c
13:33:41.992/67566 [thd-1] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
Can the login attempt amount be configured or is it not possible?