Hi,
How to lock users after lock out for 3 or specific number of unsuccessful login attempts
To activate bruteforce protection add to application.properties:
jmix.security.bruteforceprotection.enabled = true
jmix.security.bruteforceprotection.max-login-attempts-number = 3
jmix.security.bruteforceprotection.block-interval = 300
2 Likes
Hi,
Can we just lock the user by maintaining counter of attempts in database and unlock that user from front end if required
Hi Adnan,
You can implement your own solution.
Look at how BruteForceProtectionAuthenticationChecks.java is designed - it just handles AuthenticationFailureBadCredentialsEvent and other Spring Security events.