OMERO

Downloads
Feature List
Licensing

Previous topic

Password Provider

Next topic

LDAP plugin design

This Page

Note

This documentation is for the new OMERO 5.1. version. See the latest OMERO 5.0.x version or the previous versions page to find documentation for the OMERO version you are using if you have not upgraded yet.

LoginAttemptListenerΒΆ

All the Password Provider implementations provided by default publish a “LoginAttemptMessage” every time they check a password value. This permits any org.springframework.context.ApplicationListener<LoginAttemptMessage> to react to the login. Only one implementation is active by default (as of 4.2.1): ome.security.auth.LoginAttemptListener which throttles logins after a given number of failed attempts. Configuration for this listener is available in Security:

omero.security.login_failure_throttle_count=1 # Number of failed attempts before throttling begins
omero.security.login_failure_throttle_time=3000 # Time in milliseconds

A more sophisticated listener would lock the user’s account until an administrator intervenes. This is the goal of #3139.