如何在Spring Security中限制登录尝试? [英] How can I limit login attempts in Spring Security?
本文介绍了如何在Spring Security中限制登录尝试?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
Spring Security中是否有一些配置或可用模块来限制登录尝试(理想情况下,我希望在后续失败尝试之间增加等待时间)?如果没有,应该使用API的哪一部分?
Is there some configuration or available module in Spring Security to limit login attempts (ideally, I'd like to have an increasing wait time between subsequent failed attempts)? If not, which part of the API should be used for this?
推荐答案
实施AuthenticationFailureHandler,该方法将更新数据库中的计数/时间.我不会指望使用该会话,因为攻击者无论如何都不会发送cookie.
Implement an AuthenticationFailureHandler that updates a count/time in the DB. I wouldn't count on using the session because the attacker is not going to be sending cookies anyway.
这篇关于如何在Spring Security中限制登录尝试?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
