스프링 보안 3을 사용하고 있습니다.로그인 실패 후 스프링 보안 차단
잘못된 사용자/패스 조합으로 로그인을 시도했습니다. 3 개 잘못된 시도 후, 나는 올바른 사용자/패스 조합 가득,하지만 여전히 반환
Your login attempt was not successful, try again.
Reason: Bad credentials
에 난 그냥 서버를 다시 시작하고 미세 로그인 할 수 있기 때문에 그 (가지) OK의 개발하지만 생산 I에 누군가 암호를 잊어 버릴 때마다 서버를 다시 시작할 수 없습니다.
타임 아웃 후에도 로그인 할 수 있다고 생각했지만 로그인하지 못할 수도 있습니다.
앱 보안 web.xml을
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd">
<context:property-placeholder location="file:${PROPERTIES_HOME}/app.properties" ignore-unresolvable="true"/>
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/**" access="hasRole('ROLE_USER')"/>
<session-management>
<concurrency-control max-sessions="3" error-if-maximum-exceeded="false"/>
</session-management>
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="userService" />
</authentication-manager>
<user-service id="userService">
<user name="foo" password="bar" authorities="ROLE_USER"/>
</user-service>
</beans:beans>
web.xml을
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<display-name>PM app</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:app-service-context.xml
classpath:app-dao-context.xml
/WEB-INF/app-web-security.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
<servlet>
<servlet-name>pmapp-web</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>app-web</servlet-name>
<url-pattern>/app/*</url-pattern>
</servlet-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>CXFServlet</servlet-name>
<servlet-class>org.apache.cxf.transport.servlet.CXFServlet</servlet-class>
<load-on-startup>3</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>CXFServlet</servlet-name>
<url-pattern>/services/*</url-pattern>
</servlet-mapping>
<mime-mapping>
<extension>js</extension>
<mime-type>text/javascript</mime-type>
</mime-mapping>
<filter>
<filter-name>urlRewriteFilter</filter-name>
<filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>urlRewriteFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<resource-ref>
<res-ref-name>jdbc/App</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
<mapped-name>App</mapped-name>
</resource-ref>
</web-app>
나는 사용자가 N분가 (해제)에 하나 로그인 후 수 또는 수를 설정하려면 사용자를 차단하기 전에 시도 횟수. 다른 아이디어는 환영합니다.
나는 스프링 3.0.6.RELEASE 봄 보안 3.0.6.RELEASE
감사를 사용하고 있습니다!
나에게도 문제가 해결되었습니다! –