This documentation is for OMERO 4.4 and is no longer being updated, to see the documentation for the latest release, refer to http://openmicroscopy.org/site/support/omero/
All the Password Provider implementations provided by default publish a “LoginAttemptMessage” every time they check a password value. This permits any org.springframework.context.ApplicationListener<LoginAttemptMessage> to react to the login. Only one implementation is active by default (as of 4.2.1): ome.security.auth.LoginAttemptListener which throttles logins after a given number of failed attempts. Configuration for this listener is available in etc/omero.properties:
omero.security.login_failure_throttle_count=1 # Number of failed attempts before throttling begins
omero.security.login_failure_throttle_time=3000 # Time in milliseconds
A more sophisticated listener would lock the user’s account until an administrator intervenes. This is the goal of #3139.