Example 11 with ApplicationSession
use of com.hack23.cia.model.internal.application.system.impl.ApplicationSession in project cia by Hack23.
the class LoginBlockedAccessImpl method blockBySessionOrIpFailedLoginAttempts.
/**
* Block by session or ip failed login attempts.
*
* @param sessionId
* the session id
* @param loginBlockResultImpl
* the login block result impl
*/
private void blockBySessionOrIpFailedLoginAttempts(final String sessionId, final LoginBlockResultImpl loginBlockResultImpl) {
final ApplicationSession applicationSession = applicationSessionDAO.findFirstByProperty(ApplicationSession_.sessionId, sessionId);
if (applicationSession != null) {
final ApplicationConfiguration maxLoginAttemptsBySession = applicationConfigurationService.checkValueOrLoadDefault(MAX_FAILED_LOGIN_ATTEMPTS_RECENT_HOUR_PER_SESSION, BLOCKS_ANY_LOGIN_ATTEMPTS_AFTER_THIS_NUMBER_IS_REACHED, ConfigurationGroup.AUTHENTICATION, LoginBlockedAccessImpl.class.getSimpleName(), LOGIN_BLOCKER, BLOCKS_LOGIN_ATTEMPTS, APPLICATION_AUTHENTICATION_ALLOW_MAX_RECENT_FAILED_LOGINS_BY_SESSION, DEFAULT_MAX_LOGIN_ATTEMPTS);
final List<ApplicationActionEvent> failedLoginsByThisSession = applicationActionEventDAO.findListByProperty(new Object[] { sessionId, ApplicationOperationType.AUTHENTICATION, ServiceResult.FAILURE.toString() }, ApplicationActionEvent_.sessionId, ApplicationActionEvent_.applicationOperation, ApplicationActionEvent_.applicationMessage);
if (failedLoginsByThisSession.size() > NumberUtils.toInt(maxLoginAttemptsBySession.getPropertyValue(), DEFAULT_MAX_LOGINS)) {
loginBlockResultImpl.setBlocked(true);
loginBlockResultImpl.addMessages(BLOCKED_BY_MORE_THAN_5_LOGIN_ATTEMPTS_BY_THIS_SESSION);
}
if (!("0:0:0:0:0:0:0:1".equals(applicationSession.getIpInformation()) || "127.0.0.1".equals(applicationSession.getIpInformation()))) {
final List<ApplicationSession> applicationSessionsByIp = applicationSessionDAO.findListByProperty(ApplicationSession_.ipInformation, applicationSession.getIpInformation());
final List<String> sessionIdsWithIp = applicationSessionsByIp.stream().map(ApplicationSession::getSessionId).collect(Collectors.toList());
final List<ApplicationActionEvent> applicationEventsWithIp = applicationActionEventDAO.findListByPropertyInList(ApplicationActionEvent_.sessionId, sessionIdsWithIp.toArray(new Object[sessionIdsWithIp.size()]));
final Date oneHourAgo = new Date(System.currentTimeMillis() - ONE_HOUR);
final Map<Boolean, List<ApplicationActionEvent>> recentOldLoginAttemptsMap = applicationEventsWithIp.stream().filter((final ApplicationActionEvent x) -> x.getApplicationOperation() == ApplicationOperationType.AUTHENTICATION && x.getApplicationMessage().equals(ServiceResult.FAILURE.toString())).collect(Collectors.groupingBy((final ApplicationActionEvent x) -> x.getCreatedDate().after(oneHourAgo)));
final List<ApplicationActionEvent> recentFailedLogins = recentOldLoginAttemptsMap.get(Boolean.TRUE);
final ApplicationConfiguration maxLoginAttemptsByIp = applicationConfigurationService.checkValueOrLoadDefault(MAX_FAILED_LOGIN_ATTEMPTS_RECENT_HOUR_PER_IP, BLOCKS_ANY_LOGIN_ATTEMPTS_AFTER_THIS_NUMBER_IS_REACHED, ConfigurationGroup.AUTHENTICATION, LoginBlockedAccessImpl.class.getSimpleName(), LOGIN_BLOCKER, BLOCKS_LOGIN_ATTEMPTS, APPLICATION_AUTHENTICATION_ALLOW_MAX_RECENT_FAILED_LOGINS_BY_IP, DEFAULT_MAX_LOGIN_ATTEMPTS);
if (recentFailedLogins != null && recentFailedLogins.size() > NumberUtils.toInt(maxLoginAttemptsByIp.getPropertyValue(), DEFAULT_MAX_LOGINS_BY_IP)) {
loginBlockResultImpl.setBlocked(true);
loginBlockResultImpl.addMessages(BLOCKED_BY_MORE_THAN_5_RECENT_LOGIN_ATTEMPTS_BY_THIS_IP);
}
}
}
}
Also used :
ApplicationSession(com.hack23.cia.model.internal.application.system.impl.ApplicationSession)
Date(java.util.Date)
ApplicationActionEvent(com.hack23.cia.model.internal.application.system.impl.ApplicationActionEvent)
ArrayList(java.util.ArrayList)
List(java.util.List)
ApplicationConfiguration(com.hack23.cia.model.internal.application.system.impl.ApplicationConfiguration)
Example 12 with ApplicationSession
use of com.hack23.cia.model.internal.application.system.impl.ApplicationSession in project cia by Hack23.
the class ApplicationSessionDAOITest method findListByPropertyTest.
/**
* Find list by property test.
*
* @throws Exception
* the exception
*/
@Test
public void findListByPropertyTest() throws Exception {
final ApplicationSession applicationSession = createApplicationSession();
final List<ApplicationSession> all = applicationSessionDAO.getAll();
final List<ApplicationSession> findListByProperty = applicationSessionDAO.findListByProperty(ApplicationSession_.ipInformation, all.iterator().next().getIpInformation());
assertNotNull(findListByProperty);
assertFalse(findListByProperty.isEmpty());
}
Also used :
ApplicationSession(com.hack23.cia.model.internal.application.system.impl.ApplicationSession)
Test(org.junit.Test)
Example 13 with ApplicationSession
use of com.hack23.cia.model.internal.application.system.impl.ApplicationSession in project cia by Hack23.
the class ApplicationSessionDAOITest method mergeTest.
/**
* Merge test.
*
* @throws Exception
* the exception
*/
@Test
public void mergeTest() throws Exception {
final ApplicationSession applicationSession = createApplicationSession();
final ApplicationSession mergedApplicationSession = applicationSessionDAO.merge(applicationSession);
mergedApplicationSession.setOperatingSystem("Merged");
applicationSessionDAO.merge(mergedApplicationSession);
ApplicationSession loaddedApplicationSession = applicationSessionDAO.load(applicationSession.getHjid());
assertNotNull(loaddedApplicationSession);
assertEquals(applicationSession, loaddedApplicationSession);
}
Also used :
ApplicationSession(com.hack23.cia.model.internal.application.system.impl.ApplicationSession)
Test(org.junit.Test)
Example 14 with ApplicationSession
use of com.hack23.cia.model.internal.application.system.impl.ApplicationSession in project cia by Hack23.
the class ApplicationSessionDAOITest method findFirstByPropertyTest.
/**
* Find first by property test.
*
* @throws Exception
* the exception
*/
@Test
public void findFirstByPropertyTest() throws Exception {
final ApplicationSession applicationSession = createApplicationSession();
final List<ApplicationSession> all = applicationSessionDAO.getAll();
final ApplicationSession findFirstByProperty = applicationSessionDAO.findFirstByProperty(ApplicationSession_.ipInformation, all.iterator().next().getIpInformation());
assertNotNull(findFirstByProperty);
}
Also used :
ApplicationSession(com.hack23.cia.model.internal.application.system.impl.ApplicationSession)
Test(org.junit.Test)
Example 15 with ApplicationSession
use of com.hack23.cia.model.internal.application.system.impl.ApplicationSession in project cia by Hack23.
the class ApplicationSessionDAOITest method loadTest.
/**
* Load test.
*
* @throws Exception
* the exception
*/
@Test
public void loadTest() throws Exception {
final ApplicationSession applicationSession = createApplicationSession();
final List<ApplicationSession> all = applicationSessionDAO.getAll();
final ApplicationSession firstValue = all.iterator().next();
final ApplicationSession load = applicationSessionDAO.load(firstValue.getHjid());
assertEquals(firstValue, load);
}
Also used :
ApplicationSession(com.hack23.cia.model.internal.application.system.impl.ApplicationSession)
Test(org.junit.Test)
Aggregations
ApplicationSession (com.hack23.cia.model.internal.application.system.impl.ApplicationSession)21
Test (org.junit.Test)14
Date (java.util.Date)5
CreateApplicationSessionRequest (com.hack23.cia.service.api.action.application.CreateApplicationSessionRequest)4
AbstractServiceFunctionalIntegrationTest (com.hack23.cia.service.impl.AbstractServiceFunctionalIntegrationTest)4
Secured (org.springframework.security.access.annotation.Secured)4
ApplicationActionEvent (com.hack23.cia.model.internal.application.system.impl.ApplicationActionEvent)3
UserAccount (com.hack23.cia.model.internal.application.user.impl.UserAccount)2
CreateApplicationEventResponse (com.hack23.cia.service.api.action.application.CreateApplicationEventResponse)2
CreateApplicationSessionResponse (com.hack23.cia.service.api.action.application.CreateApplicationSessionResponse)2
VerticalLayout (com.vaadin.ui.VerticalLayout)2
PerfTest (org.databene.contiperf.PerfTest)2
Required (org.databene.contiperf.Required)2
ApplicationConfiguration (com.hack23.cia.model.internal.application.system.impl.ApplicationConfiguration)1
ManageUserAccountRequest (com.hack23.cia.service.api.action.admin.ManageUserAccountRequest)1
ManageUserAccountResponse (com.hack23.cia.service.api.action.admin.ManageUserAccountResponse)1
CreateApplicationEventRequest (com.hack23.cia.service.api.action.application.CreateApplicationEventRequest)1
DestroyApplicationSessionRequest (com.hack23.cia.service.api.action.application.DestroyApplicationSessionRequest)1
DestroyApplicationSessionResponse (com.hack23.cia.service.api.action.application.DestroyApplicationSessionResponse)1
RegisterUserRequest (com.hack23.cia.service.api.action.application.RegisterUserRequest)1
