Tarpit.java

package com.mastfrog.acteur.auth;

import com.google.inject.ImplementedBy;
import com.mastfrog.acteur.HttpEvent;

/**
 * Used by AuthenticateBasicActeur.  Too many failed password attempts and
 * you go in the tar pit - first responses are delayed, then blocked altogether.
 * <p/>
 * Callers are identified by default by their IP address, but you can inject a
 * TarpitCacheKeyFactory to look at cookies or whatever you want.
 *
 * @author Tim Boudreau
 */
@ImplementedBy(TarpitImpl.class)
public interface Tarpit {
    public static final String SETTINGS_KEY_TARPIT_EXPIRATION_TIME_MINUTES
            = "tarpit.default.expiration.minutes";
    public static final int DEFAULT_TARPIT_EXPIRATION_TIME_MINUTES = 5;

    /**
     * Add an entry to the tarpit for failing to authenticate, incrementing
     * the count if necessary.
     *
     * @param evt The http request
     * @return The updated number of bad requests
     */
    public int add(HttpEvent evt);
    /**
     * Get the number of bad requests
     * @param evt An http request
     * @return The
     */
    public int count(HttpEvent evt);

    public void remove(HttpEvent evt);
}