Content Management and Capture

 View Only
Expand all | Collapse all

Monitoring failed logins

  • 1.  Monitoring failed logins

    Posted Fri January 05, 2024 03:12 PM

    Hello! This is my first time posting here, i genuinely had no idea there was such a large community for Content Navigator customizations. Recently I was tasked with developing a customization that would insert into an audit table anytime someone logged in or logged out/closed the browser window. This was achieved by using "aspect.after(Desktop,"onBeforeClose",function()" and "aspect.after(Desktop,"onLogin",function()" and I was wondering if there was a way to capture instances where someone enters incorrect login information? I tried to use "aspect.after(LoginDialog,"onLoginFailed",function()" but I didn't have much luck. It didn't seem to matter either if I used aspect.after , aspect.before, or aspect.around(), it just wouldn't fall into that statement. I would really appreciate any insight or information that might be helpful!

    Thank you!



    ------------------------------
    Christopher Hegel
    ------------------------------


  • 2.  RE: Monitoring failed logins

    Posted Mon January 08, 2024 03:50 AM
    Edited by Julian Fiegenbaum Mon January 08, 2024 04:33 AM

    Hi Christopher,

    you probably don't want to create audit information in the user's browser, where it can be freely manipulated by just using the dev tools. I would recommend to create a PluginResponseFilter/PluginRequestFilter on /logon in Java to keep track of logon attempts on the server side.

    EDIT: I should mention - whether the login failed, can be seen in the jsonResponse in the PluginResponseFilter. This would solve the original problem ;)



    ------------------------------
    Julian Fiegenbaum | ISR Information Products AG | Consultant | Germany
    ------------------------------



  • 3.  RE: Monitoring failed logins

    IBM Champion
    Posted Mon January 08, 2024 07:41 AM

    Hi,

    the previous answer is certainly a good one if looked from an ICN perspective alone. If this logging is done for security reasons it is better to either monitor the LDAP (authentication is done to the LDAP of a specific repository) or at least look at the WAS log.

     Regards,

    /gerold



    ------------------------------
    Gerold Krommer
    ------------------------------



  • 4.  RE: Monitoring failed logins

    Posted Mon January 08, 2024 08:08 AM

    Thank you for the info!



    ------------------------------
    Christopher Hegel
    ------------------------------



  • 5.  RE: Monitoring failed logins

    Posted Mon January 08, 2024 10:14 AM

    Also I am not sure if it is worth mentioning but currently, all the validation is handled on the java side, it just uses the JSP to call the plugin service. I tried adding request/response filters in the GeneralPlugin but it never seems to reach either of those request/response filters. I apologize if I'm missing something, I'm still really new to developing filters for this framework.

    The GeneralPlugin.java contains the getRequestFilters(){} method and has the

    "return new PluginRequestFilter[](

    new AuditRequestFilter()

    );"

    and the 

    getResponseFilters(){} which contains

    "return new PluginService[](

    new LoginAuditService()

    );"



    ------------------------------
    Christopher Hegel
    ------------------------------



  • 6.  RE: Monitoring failed logins

    Posted Fri January 19, 2024 12:02 PM

    Hi Julian,

    Thank you for the information! I do have one question though, for my request/response filters, what service should they be extending? Is there a login/logout service like: "/p8/openContentClass" that I would extend? Or how else would I have the filters monitor it? For the javascript, it's currently just monitoring these events: 

    aspect.after(Desktop,"onLogin",function(){ (login function)

    aspect.after(Desktop,"onBeforeClose",function(){  (logout function)

    I tried adding this to my request and response filters to try to test it but I had no luck:

        public String[] getFilteredServices() {
            return new String[] { "/p8/onLogin" };
        }

    I apologize for the long message. I'm just struggling to find a list of what services can be extended in the documentation online.

    Thank you for taking the time to read this,

    Chris



    ------------------------------
    Christopher Hegel
    ------------------------------



  • 7.  RE: Monitoring failed logins

    IBM Champion
    Posted Mon January 22, 2024 02:35 AM

    Hi Chris,

    A list of services that you can edit with filters can be found in navigator.ear under /WEB-INF/action-mapping.xml.
    The path attribute contains the filter expression for your request/response filter, the type attribute references the implementation of the ICN service:

    <action path="/logon" type="com.ibm.ecm.struts.actions.authentication.DesktopLogonAction" />
    <action path="/p8/logon" type="com.ibm.ecm.struts.actions.p8.P8LogonAction" />

    In the JavaScript/Dojo part you can find the corresponding call in the Desktop.logon function:  
    var request = Request.invokeServiceAPI("logon", null, {...

    You may have to look into the navigator.ear to identify suitable custom exits.

    regards



    ------------------------------
    Christoph Sünderkamp
    ------------------------------



  • 8.  RE: Monitoring failed logins

    Posted Mon January 22, 2024 06:09 AM

    Hi Christopher,

    basically what Christoph said. You could also have a look at the network tab of your browser's dev console, if you are unsure what terms to look for in the xml. Just have to sift through all the other stuff appearing there as well; so i tend to do this only when i'm totally lost...




    ------------------------------
    Julian Fiegenbaum | ISR Information Products AG | Consultant | Germany
    ------------------------------



  • 9.  RE: Monitoring failed logins

    Posted Mon January 22, 2024 10:13 AM

    Thank you guys for the info! I am still having one small issue though, I was able to successfully find the "logon" call but after adding it to my Request/Response filters, it still doesn't seem to land in them. I assume I must be making some simple mistake and I hate to ask for additional help but is there something I'm missing? 

    Here's how my request filter is built (just for testing):

    public class AuditRequestFilter  extends PluginRequestFilter {

        public String[] getFilteredServices() {
            return new String[] { "/p8/logon" };
        }

         public JSONObject filter(PluginServiceCallbacks callbacks,
          HttpServletRequest request, JSONArtifact jsonRequest)
          throws Exception {
                String login = "test";
          }

    }

    Then the GeneralPlugin.java has references to that request filter in getRequestFilters() like so:

    public PluginRequestFilter[] getRequestFilters() {
            return new PluginRequestFilter[] {
                    new AuditRequestFilter()
            };
        }

    For debug points, it lands in the getFilteredServices() but never lands in the filter(). I super appreciate your guys' patience and understanding with this. Currently, my audit logic that is in the jsp works but runs into issues if there are certain chrome settings so that's why I'm trying to have it handled mostly on the server/java side.

    Thanks,

    Chris



    ------------------------------
    Christopher Hegel
    ------------------------------



  • 10.  RE: Monitoring failed logins

    Posted Wed January 24, 2024 02:46 AM

    If you can get the break point at getFilteredServices() to work, i would try adding "/logon" without the p8 to the filtered services. I'm not always 100% when to use which to be honest, but it seems apparent that the mechanism doesn't trigger for "/p8/logon". Otherwise your code seems good to me.



    ------------------------------
    Julian Fiegenbaum | ISR Information Products AG | Consultant | Germany
    ------------------------------



  • 11.  RE: Monitoring failed logins

    Posted Wed January 24, 2024 02:52 PM

    Hey Julian,

    That seems to have fixed it! (I also was running into a websphere caching issue that I completely overlooked) I'll have to do a lot of digging and experimenting to see if I can get it to monitor when people switch desktops and/or when people just close the browser window instead of manually clicking "logoff" but I now at least have a place to start! Thank you!!

    Thanks,

    Chris



    ------------------------------
    Christopher Hegel
    ------------------------------