- 22 May, 2026 1 commit
-
-
linxu authored
-
- 08 May, 2026 1 commit
-
-
Implement login attempt tracking and rate limiting to prevent brute-force attacks: - Add LoginAttemptService to track failed attempts per username with configurable max attempts (5), lockout duration (30min), and attempt window (15min) - Add LoginAttemptFilter to block requests before authentication when account is locked, returns HTTP 429 - Add AuthenticationFailureListener to record failed attempts - Add AuthenticationSuccessListener to clear attempts on success - Update RESTAuthenticationFailureHandler to return generic 'Invalid credentials' message to prevent username enumeration - Update SsoSecurityConfig to add filter before authentication - Add security.login.* configuration properties to application.yml The implementation uses in-memory tracking with automatic cleanup after lockout period expires.
linxu authored
-
- 16 Apr, 2026 1 commit
-
-
linxu authored
-
- 02 Mar, 2026 1 commit
-
-
linxu authored
-
- 30 May, 2025 1 commit
-
-
linxu authored
-
- 07 Feb, 2025 1 commit
-
-
linxu authored
-
- 14 Jan, 2025 2 commits
- 20 Dec, 2022 1 commit
-
-
mahx authored
-
- 02 Sep, 2022 1 commit
-
-
linxu authored
-
- 31 Aug, 2022 1 commit
-
-
linxu authored
-
- 13 May, 2022 2 commits
- 29 Mar, 2022 1 commit
-
-
linxu authored
-
- 24 Nov, 2021 1 commit
-
-
linxu authored
-
- 09 Nov, 2021 1 commit
-
-
linxu authored
-
- 19 Oct, 2021 1 commit
-
-
linxu authored
-
- 18 Oct, 2021 1 commit
-
-
linxu authored
-
- 21 May, 2021 1 commit
-
-
linxu authored
-
- 19 May, 2021 1 commit
-
-
linxu authored
-
- 17 May, 2021 4 commits
- 04 Feb, 2021 1 commit
-
-
linxu authored
-
- 24 Jul, 2020 1 commit
-
-
linxu authored
-
- 28 Feb, 2020 1 commit
-
-
lanmw authored
-
- 27 Feb, 2020 1 commit
-
-
lanmw authored
-
- 04 Jul, 2019 2 commits
- 01 Jul, 2019 2 commits
- 24 Jun, 2019 8 commits
