Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Grails plugin enables blocking user account after few attampts with incorect credentials. Preventing brute-force attacks

branch: master

Fetching latest commit…

Octocat-spinner-32-eaf2f5

Cannot retrieve the latest commit at this time

Octocat-spinner-32 grails-app
Octocat-spinner-32 src
Octocat-spinner-32 .classpath
Octocat-spinner-32 .gitignore
Octocat-spinner-32 .project
Octocat-spinner-32 BruteforceDefenderGrailsPlugin.groovy
Octocat-spinner-32 README.md
Octocat-spinner-32 application.properties
README.md

Brute-force Defender Plugin Info

Description

Plugin adds functionality of blocking user account after a configured number of failed login, thus countering brute-force attacks. Plugin is working on top of configured Spring Security Core plugin with its UserDetails.

Installation

Dependencies

  • plugin depents on Spring Security Core plugin

From grails plugin reposity

  • follow instrations here grails.org/plugin/bruteforce-defender
  • add compile ":bruteforce-defender:1.0" to BuildConfig.groovy

Install from pre-compliled

Build from sources

  • clone repo git clone https://github.com/grygoriy/bruteforcedefender.git
  • build plugin grails package-plugin
  • you should see plugin zip file in plugin directory
  • use grails install-plugin <path to file>

Configuration

Add to your Config.groovy next lines

grails.plugins.springsecurity.useSecurityEventListener = true

bruteforcedefender {
    time = 5
    allowedNumberOfAttempts = 3
}

Logging

To enable logging, add next lines in your Config.groovy

log4j = {
    ....
    environments {
        development {
            debug 'grails.app.services.com.grygoriy.bruteforcedefender'
        }
    }
}

Demo application

Here is demo application that you can just run and look how it is working. https://github.com/stokito/s2-brutforce-example. Thanks to @stokito

Grygoriy Mykhalyuno

www.grygoriy.com

email@grygoriy.com

Bitdeli Badge

Something went wrong with that request. Please try again.