Feature List

Previous topic

Password Provider

Next topic

LDAP plugin design

This Page


This documentation is for OMERO 5.2. This version is now in maintenance mode and will only be updated in the event of critical bugs or security concerns. OMERO 5.3 is expected in the first quarter of 2017.


All the Password Provider implementations provided by default publish a “LoginAttemptMessage” every time they check a password value. This permits any org.springframework.context.ApplicationListener<LoginAttemptMessage> to react to the login. Only one implementation is active by default (as of 4.2.1): which throttles logins after a given number of failed attempts. Configuration for this listener is available in Security: # Number of failed attempts before throttling begins # Time in milliseconds

A more sophisticated listener would lock the user’s account until an administrator intervenes. This is the goal of #3139.