Package com.oorian.security

Class BruteForceProtection

java.lang.Object
com.oorian.security.BruteForceProtection
public class BruteForceProtection extends Object
Tracks failed authentication attempts and enforces lockout policies.

BruteForceProtection maintains per-key (username or IP address) counters of failed authentication attempts. When the configured threshold is exceeded, the key is locked out for the configured duration. Optionally, progressive delays can be applied between attempts.

This class is thread-safe and uses in-memory storage with automatic expiration of stale entries.

Usage:


 BruteForceProtection protection = BruteForceProtection.getInstance();

 // Check before allowing authentication
 if (protection.isLockedOut("admin")) {
     long remaining = protection.getRemainingLockoutMillis("admin");
     // Deny access, show lockout message
 }

 // Record a failed attempt
 protection.recordFailedAttempt("admin");

 // Clear on successful authentication
 protection.recordSuccessfulAttempt("admin");
Since:
2.1
Version:
1.0
Author:
Marvin P. Warble Jr.
See Also:

  • Method Details

    • getInstance

      public static BruteForceProtection getInstance()
      Returns the singleton BruteForceProtection instance.
      Returns:
      the instance, or null if brute-force protection is not configured

    • isLockedOut

      public boolean isLockedOut(String key)
      Checks whether the specified key is currently locked out.
      Parameters:
      key - the identifier (username, IP address, or combined key)
      Returns:
      true if the key is locked out

    • getRemainingLockoutMillis

      public long getRemainingLockoutMillis(String key)
      Returns the remaining lockout time in milliseconds for the specified key.
      Parameters:
      key - the identifier
      Returns:
      the remaining lockout time, or 0 if not locked out

    • getDelayMillis

      public long getDelayMillis(String key)
      Returns the progressive delay in milliseconds that should be applied before the next attempt for the specified key.

      If progressive delay is disabled, returns 0. Otherwise, the delay is calculated as: baseDelay * 2^(attempts - 1), capped at the lockout duration.

      Parameters:
      key - the identifier
      Returns:
      the delay in milliseconds, or 0 if no delay

    • recordFailedAttempt

      public void recordFailedAttempt(String key)
      Records a failed authentication attempt for the specified key.
      Parameters:
      key - the identifier (username, IP address, or combined key)

    • recordSuccessfulAttempt

      public void recordSuccessfulAttempt(String key)
      Records a successful authentication, clearing any failed attempt history.
      Parameters:
      key - the identifier

    • getAttemptCount

      public int getAttemptCount(String key)
      Returns the number of failed attempts for the specified key.
      Parameters:
      key - the identifier
      Returns:
      the attempt count, or 0 if no attempts recorded

    • clear

      public void clear()
      Clears all tracked attempt data.