Grails plugin enables blocking user account after few attampts with incorect credentials. Preventing brute-force attacks
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.

Brute-force Defender Plugin Info

##Description Plugin adds functionality of blocking user account after a configured number of failed login, thus countering brute-force attacks. Plugin is working on top of configured Spring Security Core plugin with its UserDetails.



  • plugin depents on Spring Security Core plugin

From grails plugin reposity

  • follow instrations here
  • add compile ":bruteforce-defender:1.0" to BuildConfig.groovy

Install from pre-compliled

Build from sources

  • clone repo git clone
  • build plugin grails package-plugin
  • you should see plugin zip file in plugin directory
  • use grails install-plugin <path to file>


Add to your Config.groovy next lines

grails.plugins.springsecurity.useSecurityEventListener = true

bruteforcedefender {
    time = 5
    allowedNumberOfAttempts = 3


To enable logging, add next lines in your Config.groovy

log4j = {
    environments {
        development {
            debug ''

Demo application

Here is demo application that you can just run and look how it is working. Thanks to @stokito

Grygoriy Mykhalyuno

Bitdeli Badge