Difference between revisions of "JAAS Timed Login Module"

Jump to: navigation, search
m (Reverted edits by RelviZelel (Talk) to last version by KirstenS)
Line 1: Line 1:
[http://s1.shard.jp/losaul/australian-momentum.html australia distance learning masters
] [http://s1.shard.jp/bireba/nortons-antivirus.html what is antivirus server
] [http://s1.shard.jp/frhorton/mgsbz3g84.html african american man young
] [http://s1.shard.jp/galeach/new118.html asian flu 1957
] [http://s1.shard.jp/galeach/new110.html asian refrigerator magnet
] [http://s1.shard.jp/bireba/windows-xp-antivirus.html norton free antivirus scan
] [http://s1.shard.jp/losaul/music-therapy-courses.html cospak australia
] [http://s1.shard.jp/bireba/antivirusreviews.html review of antivirus programs
] [http://s1.shard.jp/olharder/autonomous-systems.html autorizzazione di legge
] [http://s1.shard.jp/olharder/autoroll-654.html webmap] [http://s1.shard.jp/losaul/why-do-we-have.html sydney+map+australia
] [http://s1.shard.jp/losaul/how-to-train.html australian folk song sheet music
] [http://s1.shard.jp/bireba/computer-antivirus.html computer associate antivirus
] [http://s1.shard.jp/bireba/symantec-antivirus.html antivirus+avg
] [http://s1.shard.jp/olharder/autoroll-654.html links] [http://s1.shard.jp/galeach/new141.html dysplasia hip sign
] [http://s1.shard.jp/frhorton/uu2d3yy8s.html business for sale in cape town south africa
] [http://s1.shard.jp/galeach/new171.html academy fantasia xtended
] [http://s1.shard.jp/frhorton/bnd824p72.html yardley cosmetics south africa
] [http://s1.shard.jp/frhorton/b9vqclfhc.html african american museum baltimore maryland
] [http://s1.shard.jp/olharder/autoroll-654.html sitemap] [http://s1.shard.jp/losaul/digital-broadcasting.html australian robbie tour williams
] [http://s1.shard.jp/frhorton/u8q43h8tl.html south africa embassy in nigeria
] [http://s1.shard.jp/frhorton/bq5czt3ax.html africa marine world usa
] [http://s1.shard.jp/bireba/download-antivirus.html etrust antivirus 7.0.139
] [http://s1.shard.jp/losaul/australia-uranium.html australian idol concert
] [http://s1.shard.jp/losaul/ozone-therapy-australia.html pictures of canberra australia
] [http://s1.shard.jp/olharder/autoroll-654.html site] [http://s1.shard.jp/olharder/prestige-auto.html ricambi auto volkswagen
] [http://s1.shard.jp/olharder/automobile-dealer.html automobile dealer national] [http://s1.shard.jp/frhorton/1oj3zcvfn.html agro-ecological map of south africa
] [http://s1.shard.jp/frhorton/wlyxxgvnc.html unique jobs south africa
] [http://s1.shard.jp/galeach/new167.html american asiatic oil corporation
] [http://s1.shard.jp/losaul/jamberoo-recreation.html maps of australian deserts
] [http://s1.shard.jp/olharder/automate-552.html viper auto alarm operators manual
] [http://s1.shard.jp/losaul/medical-textbooks.html life coaching association of australia
] [http://s1.shard.jp/olharder/pegasus-autoracing.html auto rental davenport iowa
] [http://s1.shard.jp/frhorton/bnm8i4pvp.html africa kids facts
] [http://s1.shard.jp/bireba/sonicwall-gateway.html macfee antivirus free
] [http://s1.shard.jp/losaul/import-vehicles.html import vehicles australia] [http://s1.shard.jp/olharder/long-term-auto.html automation cnc plasma
] [http://s1.shard.jp/galeach/new128.html asian pendant] [http://s1.shard.jp/losaul/vetco-aibel.html broadband internet deals australia
] [http://s1.shard.jp/bireba/antivirus-stop.html etrust ez antivirus 2005
] [http://s1.shard.jp/bireba/avg-antivirus.html uninstall norton antivirus corporate edition 9
] [http://s1.shard.jp/olharder/autofill-slush.html pasadena auto rental leasing
] [http://s1.shard.jp/frhorton/lmi1tnyfh.html africa disease image in
] [http://s1.shard.jp/bireba/avast-free-antivirus.html antivirus for macintosh
Under review
Under review

Latest revision as of 13:59, 26 May 2009


Under review


The OWASP JAAS Timed Login Module is an implementation of a JAAS LoginModule that provides an escalating time based lockout facility and authentication against a database. This could be used to prevent brute force attacks against the authentication service. The module is based on the DBLogin module from http://free.tagish.net/jaas/


  • Authentication against a database using JDBC for users and roles
  • Password stored as SHA-256 hash
  • Incremental time based lockout


Getting Started

The project is a valid NetBeans project, but will require importing using a different IDE. The build file contains three database targets for starting, populating and stopping the hsqldb database. The expected database structure is also in the build file. This same structure and sample data is replicated in the jaastestdb.xml file which is used to create and populate and the junit test cases. A main method is provided in Standalone.java which allows keyboard login.


The key configuration files for the module are:

  • login.test.conf - which contains the module's main configuration parameters:
    • dbDriver
    • dbUrl
    • dbUser
    • dbPassword
    • loginQuery = query to perform login, default is "SELECT UserID,Password FROM Users WHERE UserName=?"
    • rolesQuery = query to select roles, default is "SELECT Roles.RoleName FROM Users_Roles,Roles WHERE Users_Roles.UserID=? AND Users_Roles.RoleID=Roles.RoleID"
    • loginTable = table name for storing the login data
    • clippingLevel = number of failed logins that will trigger the timeout
    • interval = time in seconds to delay the next permitted auth. The first delay after the timeout is triggered will be 'interval' seconds, the second 'interval*2', the third 'interval*3', etc.

The unit tests and the standalone application should be run with the following arguments:



  • Use a salted hash
  • Provide an audit log
  • Fix the authorisation unit tests