keycloak-aplcache

diff --git a/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/AttackDetectionResource.java b/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/AttackDetectionResource.java
new file mode 100644
index 0000000..7888cad
--- /dev/null
+++ b/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/AttackDetectionResource.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.admin.client.resource;
+
+import org.jboss.resteasy.annotations.cache.NoCache;
+
+import javax.ws.rs.DELETE;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.MediaType;
+import java.util.Map;
+
+/**
+ * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
+ */
+public interface AttackDetectionResource {
+
+    @GET
+    @Path("brute-force/usernames/{username}")
+    @NoCache
+    @Produces(MediaType.APPLICATION_JSON)
+    Map<String, Object> bruteForceUserStatus(@PathParam("username") String username);
+
+    @Path("brute-force/usernames/{username}")
+    @DELETE
+    void clearBruteForceForUser(@PathParam("username") String username);
+
+    @Path("brute-force/usernames")
+    @DELETE
+    void clearAllBruteForce();
+
+}

diff --git a/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/RealmResource.java b/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/RealmResource.java
index 86548ec..456bc01 100644
--- a/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/RealmResource.java
+++ b/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/RealmResource.java
@@ -154,4 +154,7 @@ public interface RealmResource {
     @Consumes(MediaType.APPLICATION_JSON)
     AuthenticationManagementResource flows();
 
+    @Path("attack-detection")
+    AttackDetectionResource attackDetection();
+
 }

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AttackDetectionResourceTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AttackDetectionResourceTest.java
new file mode 100644
index 0000000..be405a4
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AttackDetectionResourceTest.java
@@ -0,0 +1,94 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.testsuite.admin;
+
+import org.jboss.arquillian.graphene.page.Page;
+import org.jboss.arquillian.test.api.ArquillianResource;
+import org.junit.Test;
+import org.keycloak.admin.client.resource.AttackDetectionResource;
+import org.keycloak.common.util.Time;
+import org.keycloak.representations.idm.RealmRepresentation;
+import org.keycloak.testsuite.pages.LoginPage;
+import org.keycloak.testsuite.util.OAuthClient;
+import org.keycloak.testsuite.util.UserBuilder;
+
+import java.util.Map;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+/**
+ * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
+ */
+public class AttackDetectionResourceTest extends AbstractAdminTest {
+
+    @ArquillianResource
+    private OAuthClient oauthClient;
+
+    @Override
+    public void configureTestRealm(RealmRepresentation testRealm) {
+        testRealm.setBruteForceProtected(true);
+        testRealm.setFailureFactor(2);
+
+        testRealm.getUsers().add(UserBuilder.create().username("test-user2").password("password").build());
+    }
+
+    @Test
+    public void test() {
+        AttackDetectionResource detection = adminClient.realm("test").attackDetection();
+
+        assertBruteForce(detection.bruteForceUserStatus("test-user@localhost"), 0, false, false);
+
+        oauthClient.doLogin("test-user@localhost", "invalid");
+        oauthClient.doLogin("test-user@localhost", "invalid");
+        oauthClient.doLogin("test-user@localhost", "invalid");
+
+        oauthClient.doLogin("test-user2", "invalid");
+        oauthClient.doLogin("test-user2", "invalid");
+        oauthClient.doLogin("nosuchuser", "invalid");
+
+        assertBruteForce(detection.bruteForceUserStatus("test-user@localhost"), 3, true, true);
+        assertBruteForce(detection.bruteForceUserStatus("test-user2"), 2, true, true);
+        assertBruteForce(detection.bruteForceUserStatus("nosuchuser"), 0, false, false);
+
+        detection.clearBruteForceForUser("test-user@localhost");
+
+        assertBruteForce(detection.bruteForceUserStatus("test-user@localhost"), 0, false, false);
+        assertBruteForce(detection.bruteForceUserStatus("test-user2"), 2, true, true);
+
+        detection.clearAllBruteForce();
+
+        assertBruteForce(detection.bruteForceUserStatus("test-user@localhost"), 0, false, false);
+        assertBruteForce(detection.bruteForceUserStatus("test-user2"), 0, false, false);
+    }
+
+    private void assertBruteForce(Map<String, Object> status, Integer expectedNumFailures, Boolean expectedFailure, Boolean expectedDisabled) {
+        assertEquals(4, status.size());
+        assertEquals(expectedNumFailures, status.get("numFailures"));
+        assertEquals(expectedDisabled, status.get("disabled"));
+        if (expectedFailure) {
+            assertEquals("127.0.0.1", status.get("lastIPFailure"));
+            Long lastFailure = (Long) status.get("lastFailure");
+            assertTrue(lastFailure < (System.currentTimeMillis() + 1) && lastFailure > (System.currentTimeMillis() - 10000));
+        } else {
+            assertEquals("n/a", status.get("lastIPFailure"));
+            assertEquals("0", status.get("lastFailure").toString());
+        }
+    }
+
+}