com.jcorporate.expresso.core.security
Class DelayThread

java.lang.Object
  java.lang.Thread
      com.jcorporate.expresso.core.security.DelayThread

All Implemented Interfaces:

Runnable

public class DelayThread

extends Thread

Simple class called to suspend thread execution for x many seconds before offering a retry to login. Helps to slow down brute force attacks. [a 40,000 word dictionary attack prolonged by 3 seconds a piece adds potentially 33 hours to the attack time. Yes this can be partially bypassed through simultaneous requests, but it still adds significant reponse time]

Why this class instead of just sleep(3000) or whatever? The answer is that this thread is often called from multi-thread handling servers with only one instance. You can't just call sleep() without becoming the Monitor "Owner", but synchronized(this) will sleep the whole login object. Thus effective keeping all login processing happening. A definite DOS attack. Thus we sleep the requesting thread while waiting on this "lock object"

What about people issuing bad requests in parallel? Simple! It all has to queue up for a lock on a single instance. Thus delay may be signicantly longer if lots of people are issuing bad requests. Thus creating an effective CPU choke point.

Since:

Expresso v3.0

Author:

Michael Rimov

Field Summary

protected Object	lockObject
protected static DelayThread	theInstance

Fields inherited from class java.lang.Thread

MAX_PRIORITY, MIN_PRIORITY, NORM_PRIORITY

Constructor Summary

DelayThread()

DelayThread(int numSeconds)
Create the object and when run, pause for x number of seconds.

Method Summary

static void	delay() Executed in the main thread.
static void	delay(int numSeconds) Executed in the main thread.
int	getDelay() return the current setting for number of seconds to delay
static void	kill() Function interrupts the thread so that it exits.
void	run() Execution path - simply pause for secondsDelay number of seconds.
void	setDelay(int numSeconds) Sets the number of seconds to delay when run.

Methods inherited from class java.lang.Thread

activeCount, checkAccess, countStackFrames, currentThread, destroy, dumpStack, enumerate, getContextClassLoader, getName, getPriority, getThreadGroup, holdsLock, interrupt, interrupted, isAlive, isDaemon, isInterrupted, join, join, join, resume, setContextClassLoader, setDaemon, setName, setPriority, sleep, sleep, start, stop, stop, suspend, toString, yield

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

theInstance

protected static DelayThread theInstance

lockObject

protected volatile Object lockObject

Constructor Detail

DelayThread

public DelayThread()

DelayThread

public DelayThread(int numSeconds)

Create the object and when run, pause for x number of seconds.

Parameters:

numSeconds - the number of seconds to pause when this thread runs.

Method Detail

setDelay

public void setDelay(int numSeconds)

Sets the number of seconds to delay when run.

Parameters:

numSeconds - The number of seconds to run.

getDelay

public int getDelay()

return the current setting for number of seconds to delay

Returns:

integer in seconds for delaying things.

run

public void run()

Execution path - simply pause for secondsDelay number of seconds.

delay

public static void delay()

Executed in the main thread. Simply will return when the delay is complete.

kill

public static void kill()

Function interrupts the thread so that it exits. Mainly used for shutdown procedures.

delay

public static void delay(int numSeconds)

Executed in the main thread. Simply will return when the delay is complete.

Parameters:

numSeconds - - The number of seconds to delay