如何保护用户页面免受暴力攻击(How can I protect user pages from brute-force attack)

 我想获得关于以下内容的建议： 
 
 我使用jsp在Tomcat上进行 网络应用程序 ，在这里用户输入登录名和密码后（两者都是自动定义的，在帐户创建后不会更改）能够进入他们的个人页面。 
 
 我想使用服务器上的ArrayList和用户的登录ID对用户帐户进行一些保护，其中一些登录ID的登录成功次数将保持不变（一段时间后线程创建量值为零）。 
 
 如果金额大于某个定义值 - 阻止登录（直到清除金额）并发送给用户电子邮件链接，在服务器内部单击将内部值设置为0后， 我会研究这个，但是我的问题是关于这种方法是否正确，以及这样的ArrayList将满足需求： 
 
List<User> users = Collections.synchronizedList(userList);
 
 并使用同步set和get方法访问它。 
 其目的是为了抵御暴力攻击 （手动或者甚至是服务器驱动）。 
 
 有没有办法防范访问攻击（在短时间内进行许多登录尝试）？ 
 
 提前致谢。 

I'd like to get your advice about following: 
 
I have web-application on Tomcat using jsp, where users after entering their login and password (both are defined automatically and not changed after account creation) are able to enter their personal page. 
 
I want to make some protection for user accounts using ArrayList on server with users' login ids, where amount of not successful logins for some login ids will be hold (there will be thread making amount value zero after some time period). 
 
In case amount is bigger than some defined value - block login (until amount cleaned) and send to user email link, after clicking on which amount value will be set to 0 internally in server. I will work on that, but my question is about if this approach is correct one and such ArrayList will satisfy needs: 
 
List<User> users = Collections.synchronizedList(userList);
 
and access it using synchronized set and get methods.
 The aim is to get protection against brute-force attacks (manual or maybe even server driven).
 
Is there a way to defend against access attacks (making many login attempts in short periods of time)?
 
Thanks in advance.

原文：https://stackoverflow.com/questions/34151920