Package org.keycloak.models.sessions.infinispan.stream

Class LoginFailuresLifespanUpdate

java.lang.Object

org.keycloak.models.sessions.infinispan.stream.LoginFailuresLifespanUpdate

All Implemented Interfaces:

BiConsumer<org.infinispan.Cache<LoginFailureKey,SessionEntityWrapper<LoginFailureEntity>>,Map.Entry<LoginFailureKey,SessionEntityWrapper<LoginFailureEntity>>>

@ProtoTypeId(65620)
public class LoginFailuresLifespanUpdate
extends Object
implements BiConsumer<org.infinispan.Cache<LoginFailureKey,SessionEntityWrapper<LoginFailureEntity>>,Map.Entry<LoginFailureKey,SessionEntityWrapper<LoginFailureEntity>>>

A BiConsumer that updates the lifespan of login failure cache entries based on realm lockout policies.

This class is used to recalculate and update the time-to-live (TTL) for login failure records stored in the Infinispan cache. The lifespan is determined by the realm's brute force protection settings, including whether permanent lockout is enabled and the maximum number of temporary lockouts allowed.

The class is serializable via Infinispan ProtoStream to support distributed cache operations in remote caches.

Constructor Summary

Constructors

Constructor	Description
LoginFailuresLifespanUpdate(long maxDeltaTimeMillis, int maxTemporaryLockouts, boolean permanentLockout)	Creates a new login failures lifespan update operation with the specified lockout policy parameters.

Method Summary

Modifier and Type	Method	Description
void	accept(org.infinispan.Cache<LoginFailureKey,SessionEntityWrapper<LoginFailureEntity>> cache, Map.Entry<LoginFailureKey,SessionEntityWrapper<LoginFailureEntity>> entry)	Updates the lifespan of a login failure cache entry based on the configured lockout policy.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface java.util.function.BiConsumer

andThen

Constructor Details

LoginFailuresLifespanUpdate

@ProtoFactory
public LoginFailuresLifespanUpdate(long maxDeltaTimeMillis,
 int maxTemporaryLockouts,
 boolean permanentLockout)

Creates a new login failures lifespan update operation with the specified lockout policy parameters.

This constructor is annotated with ProtoFactory to enable Infinispan ProtoStream serialization for remote cache operations.

Parameters:

maxDeltaTimeMillis - The maximum time window in milliseconds for tracking failures

maxTemporaryLockouts - The maximum number of temporary lockouts allowed

permanentLockout - Whether permanent lockout is enabled

Method Details

accept

public void accept(org.infinispan.Cache<LoginFailureKey,SessionEntityWrapper<LoginFailureEntity>> cache,
 Map.Entry<LoginFailureKey,SessionEntityWrapper<LoginFailureEntity>> entry)

Updates the lifespan of a login failure cache entry based on the configured lockout policy.

The new lifespan is calculated using SessionTimeouts.getLoginFailuresLifespanMs(org.keycloak.models.RealmModel, org.keycloak.models.ClientModel, org.keycloak.models.sessions.infinispan.entities.LoginFailureEntity) which considers the current failure count, permanent lockout settings, and maximum delta time. The cache entry is updated using flags that optimize performance by avoiding locks and ignoring return values.

Specified by:

accept in interface BiConsumer<org.infinispan.Cache<LoginFailureKey,SessionEntityWrapper<LoginFailureEntity>>,Map.Entry<LoginFailureKey,SessionEntityWrapper<LoginFailureEntity>>>

Parameters:

cache - The Infinispan cache containing login failure entries

entry - The cache entry to update with its key and wrapped login failure entity