Login Behaviour

2
Hi Guys, I am trying to make the Mendix application more secure. I would like to block the user’s account after 5 consecutive bad login attempts. In default, it will unlock after a few minutes, but my requirement is to re-activate the user by Admin and not automatically after few minutes. Please advise how to implement this. Thanks in advance...
asked
2 answers
4

Hi Ragul,

Here's a simple solution that works when you only have local users and nothing fancy like SSO..
It might be sufficient for you and does not require JAVA..

Add a Before Commit event handler to Account. In the event handler set Active to false if Blocked is true (see image).
Now the user account is deactived completely, the systems does not reactivate the user, that must be done manually by an Admin.

Note that the console/log will start showing that ‘account is not active’ rather then ‘user is blocked’, but the effect is the same.

Hope that helps,
Jeroen

 

answered
2

Hi Ragul,

As Jeroen said, it's only applicable when directly logging into the Mendix app (local login), not via SSO.

You can manage to overwrite the default login procedure of the Mendix platform with some custom Java, but be aware that it can be harder to upgrade (for example from Mx 8 to Mx 9).

If you go this path, it requires some Java knowledge; personally I would prefer Jeroen's solution and say to the business: it's 3 times, not 5 ;-)

Here are some screenshots and code snippets that should give a jump-start:

  • Create a new Java action which is called in your after startup microflow, it doesn't need any input parameters.
  • Write in the JavaAction something like this, to add the loginActionListener and the CustomLoginAction:
// BEGIN USER CODE

	LoginActionListener loginActionListener = new LoginActionListener();

	loginActionListener.addReplaceEvent(CustomLoginAction.class.getName());

	Core.addUserAction(CustomLoginAction.class);

	Core.addListener(loginActionListener);

	
	return true;

// END USER CODE
  • Continue the steps as described by Bart Groot on his website

  • Adapt the code to do the check for 5 times instead of 3 by handling the exception yourself.

Again: think twice before you implement this, but it is possible!

Cheers,

Johan

answered