feat(jans-auth-server): Add configurable rate limiting for authentication endpoints to prevent brute-force attacks #12664 by yuriyz · Pull Request #12868 · JanssenProject/jans (original) (raw)
…tion endpoints to prevent brute-force attacks #12664
Signed-off-by: YuriyZ yzabrovarniy@gmail.com
Signed-off-by: yuriyz yzabrovarniy@gmail.com
[![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4)
yurem previously approved these changes Dec 19, 2025
Signed-off-by: YuriyZ yzabrovarniy@gmail.com
Signed-off-by: yuriyz yzabrovarniy@gmail.com
…nd and period from rate limiting rules.
Signed-off-by: YuriyZ yzabrovarniy@gmail.com
Signed-off-by: yuriyz yzabrovarniy@gmail.com
…miting
Signed-off-by: YuriyZ yzabrovarniy@gmail.com
Signed-off-by: yuriyz yzabrovarniy@gmail.com
Signed-off-by: YuriyZ yzabrovarniy@gmail.com
Signed-off-by: yuriyz yzabrovarniy@gmail.com
Signed-off-by: YuriyZ yzabrovarniy@gmail.com
Signed-off-by: yuriyz yzabrovarniy@gmail.com
Signed-off-by: YuriyZ yzabrovarniy@gmail.com
Signed-off-by: yuriyz yzabrovarniy@gmail.com
Signed-off-by: YuriyZ yzabrovarniy@gmail.com
Signed-off-by: yuriyz yzabrovarniy@gmail.com
Signed-off-by: YuriyZ yzabrovarniy@gmail.com
Signed-off-by: yuriyz yzabrovarniy@gmail.com
Signed-off-by: YuriyZ yzabrovarniy@gmail.com
Signed-off-by: yuriyz yzabrovarniy@gmail.com
Signed-off-by: YuriyZ yzabrovarniy@gmail.com
Signed-off-by: yuriyz yzabrovarniy@gmail.com
[
Signed-off-by: YuriyZ yzabrovarniy@gmail.com
Signed-off-by: yuriyz yzabrovarniy@gmail.com
…ntation
Signed-off-by: YuriyZ yzabrovarniy@gmail.com
Signed-off-by: yuriyz yzabrovarniy@gmail.com
[
[
dagregi pushed a commit to dagregi/jans that referenced this pull request
…cation endpoints to prevent brute-force attacks JanssenProject#12664 (JanssenProject#12868)
- feat(jans-auth-server): Add configurable rate limiting for authentication endpoints to prevent brute-force attacks JanssenProject#12664 Signed-off-by: YuriyZ yzabrovarniy@gmail.com
Signed-off-by: yuriyz yzabrovarniy@gmail.com
- added rate limit configuration Signed-off-by: YuriyZ yzabrovarniy@gmail.com
Signed-off-by: yuriyz yzabrovarniy@gmail.com
- Removed redundant rate limiting configuration. We will use requestCound and period from rate limiting rules. Signed-off-by: YuriyZ yzabrovarniy@gmail.com
Signed-off-by: yuriyz yzabrovarniy@gmail.com
- Limited cached body size to 1MB to avoid Out Of Memory during rate limiting Signed-off-by: YuriyZ yzabrovarniy@gmail.com
Signed-off-by: yuriyz yzabrovarniy@gmail.com
- Added specific flag for rate limit logging (because it's very verbose) Signed-off-by: YuriyZ yzabrovarniy@gmail.com
Signed-off-by: yuriyz yzabrovarniy@gmail.com
- added rate limiting context Signed-off-by: YuriyZ yzabrovarniy@gmail.com
Signed-off-by: yuriyz yzabrovarniy@gmail.com
- Added test servlet input stream for comprehensive rate limiting testing Signed-off-by: YuriyZ yzabrovarniy@gmail.com
Signed-off-by: yuriyz yzabrovarniy@gmail.com
- Renamings to avoid confusion for rate liming rules Signed-off-by: YuriyZ yzabrovarniy@gmail.com
Signed-off-by: yuriyz yzabrovarniy@gmail.com
- Added rate limiting service implementation based on rules Signed-off-by: YuriyZ yzabrovarniy@gmail.com
Signed-off-by: yuriyz yzabrovarniy@gmail.com
- Added tests for rate limiting service Signed-off-by: YuriyZ yzabrovarniy@gmail.com
Signed-off-by: yuriyz yzabrovarniy@gmail.com
- docs: added documentation for rate limiting Signed-off-by: YuriyZ yzabrovarniy@gmail.com
Signed-off-by: yuriyz yzabrovarniy@gmail.com
- code improvements Signed-off-by: YuriyZ yzabrovarniy@gmail.com
Signed-off-by: yuriyz yzabrovarniy@gmail.com
- corrected key extractor in test to conform new isWellFormed() implementation Signed-off-by: YuriyZ yzabrovarniy@gmail.com
Signed-off-by: yuriyz yzabrovarniy@gmail.com
Signed-off-by: yuriyz yzabrovarniy@gmail.com
haileyesus2433 pushed a commit that referenced this pull request
…cation endpoints to prevent brute-force attacks #12664 (#12868)
- feat(jans-auth-server): Add configurable rate limiting for authentication endpoints to prevent brute-force attacks #12664 Signed-off-by: YuriyZ yzabrovarniy@gmail.com
Signed-off-by: yuriyz yzabrovarniy@gmail.com
- added rate limit configuration Signed-off-by: YuriyZ yzabrovarniy@gmail.com
Signed-off-by: yuriyz yzabrovarniy@gmail.com
- Removed redundant rate limiting configuration. We will use requestCound and period from rate limiting rules. Signed-off-by: YuriyZ yzabrovarniy@gmail.com
Signed-off-by: yuriyz yzabrovarniy@gmail.com
- Limited cached body size to 1MB to avoid Out Of Memory during rate limiting Signed-off-by: YuriyZ yzabrovarniy@gmail.com
Signed-off-by: yuriyz yzabrovarniy@gmail.com
- Added specific flag for rate limit logging (because it's very verbose) Signed-off-by: YuriyZ yzabrovarniy@gmail.com
Signed-off-by: yuriyz yzabrovarniy@gmail.com
- added rate limiting context Signed-off-by: YuriyZ yzabrovarniy@gmail.com
Signed-off-by: yuriyz yzabrovarniy@gmail.com
- Added test servlet input stream for comprehensive rate limiting testing Signed-off-by: YuriyZ yzabrovarniy@gmail.com
Signed-off-by: yuriyz yzabrovarniy@gmail.com
- Renamings to avoid confusion for rate liming rules Signed-off-by: YuriyZ yzabrovarniy@gmail.com
Signed-off-by: yuriyz yzabrovarniy@gmail.com
- Added rate limiting service implementation based on rules Signed-off-by: YuriyZ yzabrovarniy@gmail.com
Signed-off-by: yuriyz yzabrovarniy@gmail.com
- Added tests for rate limiting service Signed-off-by: YuriyZ yzabrovarniy@gmail.com
Signed-off-by: yuriyz yzabrovarniy@gmail.com
- docs: added documentation for rate limiting Signed-off-by: YuriyZ yzabrovarniy@gmail.com
Signed-off-by: yuriyz yzabrovarniy@gmail.com
- code improvements Signed-off-by: YuriyZ yzabrovarniy@gmail.com
Signed-off-by: yuriyz yzabrovarniy@gmail.com
- corrected key extractor in test to conform new isWellFormed() implementation Signed-off-by: YuriyZ yzabrovarniy@gmail.com
Signed-off-by: yuriyz yzabrovarniy@gmail.com
Signed-off-by: yuriyz yzabrovarniy@gmail.com Signed-off-by: haileyesus2433 haileyesusbe@gmail.com
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
[ Show hidden characters]({{ revealButtonHref }})