Bookshelf Home | Contents | Index | PDF     

Implementation Guide for Oracle Self-Service E-Billing > Customizing User Management >

Customizing Account Lockout

You can customize the maximum attempt thresholds in the Account Lockout use case.

Oracle Self-Service E-Billing locks a user account after a maximum number of attempts (5) to enter information during the following use cases:

  • Log In. When an end user tries to log into the application.
  • Forgot and Reset Password. When an end user tries to enter a user name, account number, or service number.
  • Forgot and Reset Password. When an end user tries to enter a security question or security answer.

By default, each of these activities uses the same threshold. You can specify one new threshold for all three activities, or set a different threshold value for each activity.

To configure the maximum attempt thresholds

  1. Edit the user.xma.xml file, found in the EDX_HOME\xma\config\modules\umf directory.
  2. In the IUserManager JavaBean, three lockers are defined as properties under the tag, each associated with one action. All three lockers reference one locker, which means all three actions have the same threshold value (maximum number of attempts). You can specify one new value for the max_attempts property, or specify a different locker and configure the threshold for each activity:

    <bean id="IUserManager"

    class="com.edocs.common.umf.core.UserManager">

    <property name="userManagerDao">

    <ref local="userManagerDao"/>

    </property>

    <property name="loginLocker">

    <ref local="locker"/>

    </property>

    <property name="forgotPwdAccountLocker">

    <ref local="locker"/>

    </property>

    <property name="forgotPwdSecQstLocker">

    <ref local="locker"/>

    </property>

    </bean>

    <bean id="locker" class="com.edocs.common.umf.core.Locker">

    <property name="max_attempts" value="5"/>

    </bean>

Using APIs

In the action layer, you can call the hasActionThresholdReached method to judge whether an action reached the maximum attempt threshold:

IUserService usrService=EBillingServiceFactory.getUserService();

usrService. hasActionThresholdReached(user, action);

The method hasActionThresholdReached adds the specific number of times attempted by 1, then compares the number of attempts with the maximum threshold. If the threshold is reached, the method returns true; if the threshold is not reached, it returns false.

    
Implementation Guide for Oracle Self-Service E-Billing Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Legal Notices.