Account lock implementation in Spring Security

applicationContext.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
                           http://www.springframework.org/schema/beans/spring-beans-3.0.xsd">
    ...
    <bean class="your.application.package.LoginFailureEventListenter">
        <property name="loginAttemptsThreshold" value="5" />
    </bean>
    ...
</beans>

LoginFailureEventListenter.java

public class LoginFailureEventListenter implements
        ApplicationListener<AuthenticationFailureBadCredentialsEvent> {

    // アカウントロックをかける連続認証失敗回数の閾値
    private int loginAttemptsThreshold;

    public void setLoginAttemptsThreshold(int threshold) {
        this.loginAttemptsThreshold = threshold;
    }

    @Override
    public void onApplicationEvent(AuthenticationFailureBadCredentialsEvent event) {
        if (event.getException().getClass().equals(UsernameNotFoundException.class)) {
            // 存在しないユーザ名の場合は無視
            return;
        }

        String userId = event.getAuthentication().getName();

        recordLoginAttempts(userId);

        int failedLoginAttempts = countFailedLoginAttempts(userId);
        if (failedLoginAttempts == loginAttemptsThreshold) {
            lockoutUser(userId);
        }
    }

    // ログイン失敗の情報を DB に記録...
    private void recordLoginAttempts(String userId) {
        // ...
    }

    // 何回連続でログインに失敗したかの情報を返す
    private int countFailedLoginAttempts(String userId) {
        // ...
    }

    // アカウントをロックアウトする
    private void lockoutUser(String userId) {
        // ...
    }
}