Bookshelf Home | Contents | Index | PDF     

Implementation Guide for Oracle Billing Insight > Customizing User Management >

Customizing Account Lockout

You can customize the maximum attempt thresholds in the Account Lockout use case.

Oracle Billing Insight locks a user account after a maximum number of attempts (5) to enter information during the following use cases:

  • Log In. When a user tries to log into the application.
  • Forgot and Reset Password. When a user tries to enter a user name, account number, or service number.
  • Forgot and Reset Password. When a user tries to enter a security question or security answer.

By default, each of these activities uses the same threshold. You can specify one new threshold for all three activities, or set a different threshold value for each activity.

To configure the maximum attempt thresholds

  1. Open the user.xma.xml file, located in the EDX_HOME\xma\config\modules\umf directory.
  2. In the IUserManager JavaBean, three lockers are defined as properties under the tag, each associated with one action. All three lockers reference one locker, which means all three actions have the same threshold value (maximum number of attempts). You can specify one new value for the max_attempts property, or specify a different locker and configure the threshold for each activity:

    <bean id="IUserManager"
    class="com.edocs.common.umf.core.UserManager">
    <property name="userManagerDao"> <ref local="userManagerDao"/> </property>
    <property name="loginLocker"><ref local="locker"/> </property>
    <property name="forgotPwdAccountLocker"> <ref local="locker"/> </property> <property name="forgotPwdSecQstLocker"> <ref local="locker"/> </property>
    </bean><bean id="locker" class="com.edocs.common.umf.core.Locker">
    <property name="max_attempts" value="5"/></bean>

In the action layer, you can call the hasActionThresholdReached method to judge whether an action reached the maximum attempt threshold:

IUserService usrService=EBillingServiceFactory.getUserService();
usrService. hasActionThresholdReached(user, action);

The method hasActionThresholdReached adds the specific number of times attempted by 1, then compares the number of attempts with the maximum threshold. If the threshold is reached, the method returns true. If the threshold is not reached, then it returns false.

Customizing Reactivate Account Lockout

You can customize the Reactivate Account Lockout use case. An Assisted Service administrator user can reactivate a locked out account. In the action layer, you can call reactivateAccount API to reactivate an account:

IUserService usrService=EBillingServiceFactory.getUserService();
usrService. reactivateAccount(usrId, audit);

These APIs use the following parameters:

  • usrId. User ID. The user's account will be reactivated.
  • audit. Audit data of the reactivate user account action.
    
Implementation Guide for Oracle Billing Insight Copyright © 2016, Oracle and/or its affiliates. All rights reserved. Legal Notices.