A PasswordHandler base class that implements logic to block IP addresses that engage in too many unsuccessful login attempts. The
goal is to limit the damage that a dictionary-based password attack can achieve. We implement this with a token-based strategy;
failures are regularly forgotten, and only build up when they occur faster than expiry.
Method Summary
public synchronized boolean
authenticate(javax.servlet.ServletRequest request, String netid, String password) Returns true if the given request comes from an IP address whose allotment of failed login attemps is within reasonable
bounds; false otherwise.
Returns true if the given request comes from an IP address whose allotment of failed login attemps is within reasonable
bounds; false otherwise. Note: We don't actually validate the user and password; this functionality must be implemented by
subclasses.