Lock out for 3 unsuccessful login attempts

Hi,

How to lock users after lock out for 3 or specific number of unsuccessful login attempts

To activate bruteforce protection add to application.properties:

jmix.security.bruteforceprotection.enabled = true
jmix.security.bruteforceprotection.max-login-attempts-number = 3
jmix.security.bruteforceprotection.block-interval = 300
2 Likes

Hi,

Can we just lock the user by maintaining counter of attempts in database and unlock that user from front end if required

Hi Adnan,

You can implement your own solution.

Look at how BruteForceProtectionAuthenticationChecks.java is designed - it just handles AuthenticationFailureBadCredentialsEvent and other Spring Security events.