Cannot disable users with disable(String reason) method

Question

Dear community,
I'd like to block users from login with user.disable("reason") method in my Servlet under certain condition.
I could read/write user properties, but the disable part doesn't work and I could still login with this user.

(code snippet attached below)
 
Did I miss something important to make it work?
Thanks a lot! 
 
UserManager userManager = ((JackrabbitSession) session).getUserManager();
Authorizable userAuth = userManager.getAuthorizable(userId);
User user = (User) userManager.getAuthorizable(userId);

if (userAuth != null) {

int totalCount = 1;
	SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
	Value[] userPropertyValueArray = userAuth.getProperty("profile/loginAttemptCount");

if (userPropertyValueArray != null) {
		int userFailureLoginCount = Integer.parseInt(userPropertyValueArray[0].toString());

if (userFailureLoginCount == 5) {						
			Date nowTime = new Date();						
			long time = 15 * 60 * 1000;
			Date lockUntil = new Date(nowTime.getTime() + time);
			userAuth.setProperty("profile/lockUntil",
					session.getValueFactory().createValue(sdf.format(lockUntil)));
			user.disable("Reach failure login limit");
			return;
			
		} else {
			totalCount = userFailureLoginCount + 1;
			userAuth.setProperty("profile/loginAttemptCount", session.getValueFactory().createValue(totalCount));
		}
	}
	
	userAuth.setProperty("profile/loginAttemptTimestamp",
			session.getValueFactory().createValue(sdf.format(new Date())));
}

session.save();
session.logout();

lukasz-m · Accepted Answer

Hi @yusheng,I did a quick check of disabled method usage and it worked fine on my end. In general it sets rep:disabled property with string value I have passed as an argument. This is a sample code.  UserManager userManager = ((JackrabbitSession) session).getUserManager();User user = (User) userManager.getAuthorizable("test");user.disable("Reach failure login limit");session.save();  I see one problem in your implementation, in below part of your code  if (userFailureLoginCount == 5) {Date nowTime = new Date();long time = 15 * 60 * 1000;Date lockUntil = new Date(nowTime.getTime() + time);userAuth.setProperty("profile/lockUntil",session.getValueFactory().createValue(sdf.format(lockUntil)));user.disable("Reach failure login limit");return;}   You are using return statement before you saved your changes, this is why user account is not disabled.Please remove return statement from the body of above if condition block, or add session.save before return. In other words currently you are not saving changes you did.Your code could look like below  if (userFailureLoginCount == 5) {  Date nowTime = new Date();  long time = 15 * 60 * 1000;  Date lockUntil = new Date(nowTime.getTime() + time);  userAuth.setProperty("profile/lockUntil",session.getValueFactory().createValue(sdf.format(lockUntil)));  user.disable("Reach failure login limit");  session.save();  return;}   or like that  if (userFailureLoginCount == 5) {  Date nowTime = new Date();  long time = 15 * 60 * 1000;  Date lockUntil = new Date(nowTime.getTime() + time);  userAuth.setProperty("profile/lockUntil",session.getValueFactory().createValue(sdf.format(lockUntil)));  user.disable("Reach failure login limit");}

arunpatidar · Answer

Could you please check below thread if this helpshttps://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/how-to-disable-user-login/m-p/180913

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded