OMERO

Downloads
Feature List
Licensing

Previous topic

Password Provider

Next topic

LDAP plugin design

This Page

Note

This documentation is for OMERO 5.2. This version is now in maintenance mode and will only be updated in the event of critical bugs or security concerns. OMERO 5.3 is expected in the first quarter of 2017.

LoginAttemptListenerΒΆ

All the Password Provider implementations provided by default publish a “LoginAttemptMessage” every time they check a password value. This permits any org.springframework.context.ApplicationListener<LoginAttemptMessage> to react to the login. Only one implementation is active by default (as of 4.2.1): ome.security.auth.LoginAttemptListener which throttles logins after a given number of failed attempts. Configuration for this listener is available in Security:

omero.security.login_failure_throttle_count=1 # Number of failed attempts before throttling begins
omero.security.login_failure_throttle_time=3000 # Time in milliseconds

A more sophisticated listener would lock the user’s account until an administrator intervenes. This is the goal of #3139.