Skip to main content
The LoginServer class is the main entry point for the authentication server, managing client connections, account validation, and GameServer registration. Source: org.l2jmobius.loginserver.LoginServer
Location: java/org/l2jmobius/loginserver/LoginServer.java:47

Overview

LoginServer is a singleton service that:
  • Accepts client connections on port 2106
  • Validates account credentials against the database
  • Manages GameServer registrations on port 9014
  • Enforces flood protection and security policies
  • Handles banned accounts and IP addresses

Class Structure

public class LoginServer extends FloodProtectorListener

Key Constants

PROTOCOL_REV
int
default:"0x0102"
Login protocol revision number (258)
LOGGER
Logger
Logger instance for LoginServer events

Initialization Sequence

The LoginServer follows this startup sequence:
1

Database Initialization

DatabaseFactory.init();
Establishes connection pool to the authentication database
2

Thread Pool Setup

ThreadPool.init();
Configures thread pools for handling client connections
3

Login Controller

LoginController.load();
Loads RSA key pairs for password encryption
4

GameServer Table

GameServerTable.getInstance();
Initializes the registry of connected GameServers
5

Ban List Loading

loadBanFile();
Loads banned accounts and IP addresses
6

GameServer Listener

_gameServerListener = new GameServerListener();
_gameServerListener.start();
Starts listening for GameServer connections on port 9014

Core Methods

getInstance()

public static LoginServer getInstance()
Returns the singleton LoginServer instance. Returns: The active LoginServer instance

shutdown()

public void shutdown(boolean restart)
Gracefully shuts down the LoginServer.
restart
boolean
Whether to restart after shutdown
Behavior:
  1. Stops accepting new connections
  2. Disconnects all active clients
  3. Saves server state to database
  4. Closes database connections
  5. Exits JVM (if not restarting)

addGameServerLogin()

public void addGameServerLogin(int id, byte[] hexId, String address)
Registers a GameServer with the LoginServer.
id
int
required
GameServer ID (1-127)
hexId
byte[]
required
Hexadecimal authentication key
address
String
required
GameServer IP address

Configuration

LoginServer is configured through login/config/Server.ini: 
# Network Configuration
LoginHost = 0.0.0.0
LoginPort = 2106

# GameServer Communication
GameServerLoginHost = *
GameServerLoginPort = 9014

# Security
EnableFloodProtection = True
FastConnectionLimit = 15
NormalConnectionTime = 700
FastConnectionTime = 350
MaxConnectionPerIP = 50

# Auto-Create Accounts
AutoCreateAccounts = True

# Scheduled Restart
LoginServerScheduleRestart = False
LoginServerScheduleRestartTime = 24

Security Features

Flood Protection

The LoginServer implements several flood protection mechanisms: 
FastConnectionLimit = 15        // Max connections in FastConnectionTime
NormalConnectionTime = 700      // Normal connection interval (ms)
FastConnectionTime = 350        // Fast connection detection window (ms)

MaxConnectionPerIP = 50         // Max simultaneous connections per IP
Prevents IP-based DDoS attacks
Automatically bans IPs after repeated failed login attemptsConfigurable thresholds in LoginConfig.java

Password Encryption

Client passwords are encrypted using RSA before transmission: 
// RSA key pair generation in LoginController
private void generateRSAKeys() throws GeneralSecurityException
{
    KeyPairGenerator keygen = KeyPairGenerator.getInstance("RSA");
    keygen.initialize(new RSAKeyGenParameterSpec(1024, RSAKeyGenParameterSpec.F4));
    _keyPairs = new ScrambledKeyPair[KEYS_SIZE];
    
    for (int i = 0; i < KEYS_SIZE; i++)
    {
        _keyPairs[i] = new ScrambledKeyPair(keygen.generateKeyPair());
    }
}

Database Schema

LoginServer uses these tables: accounts
  • login - Account username
  • password - Hashed password (SHA-256)
  • access_level - Account privilege level
  • lastactive - Last login timestamp
  • lastIP - Last login IP address
gameservers
  • server_id - GameServer ID (1-127)
  • hexid - Authentication hexadecimal key
  • host - Internal server IP

Usage Example

Starting the LoginServer

cd dist/login
./startLoginServer.sh    # Linux/Mac
# or
startLoginServer.bat     # Windows

Monitoring Logs

tail -f log/java.log
Expected startup output: 
LoginServer is now listening on *:2106
Listening for GameServers on *:9014

Stopping the Server

# Graceful shutdown
kill -SIGTERM <pid>

# Or use admin command (if configured)
telnet localhost 7001
shutdown
  • GameServer - Game server that connects to LoginServer
  • DatabaseFactory - Database connection management
  • LoginController - Account authentication and validation
  • GameServerTable - Registry of connected GameServers
  • LoginClient - Represents a connected client session

Troubleshooting

Solution: Check if another service is using the port
sudo lsof -i :2106
netstat -an | grep 2106
Change LoginPort in Server.ini if needed
Solution: Verify GameServer hexid and IP configuration
  1. Check gameservers table in database
  2. Verify GameServerLoginHost and GameServerLoginPort in Server.ini
  3. Ensure firewall allows port 9014
Solution: Check Database.ini configuration
URL = jdbc:mysql://localhost/l2jmobiusc4
Login = l2jmobius
Password = your_password
Test connection:
mysql -u l2jmobius -p l2jmobiusc4
Solution: Enable in Server.ini
AutoCreateAccounts = True
Restart LoginServer for changes to take effect

Best Practices

Production Deployment:
  • Disable auto-create accounts (AutoCreateAccounts = False)
  • Enable flood protection
  • Use strong database passwords
  • Configure firewall rules (allow 2106 for clients, 9014 for GameServers only)
  • Monitor failed login attempts
  • Schedule regular database backups
  • Use RSA key rotation for enhanced security

Performance Monitoring

Monitor LoginServer health with these metrics: 
// In LoginServer.java
LOGGER.info("Active connections: " + getConnectionCount());
LOGGER.info("Registered GameServers: " + GameServerTable.getInstance().getRegisteredGameServers().size());
Recommended monitoring:
  • Active connections - Track concurrent users
  • Failed logins per hour - Detect brute force attacks
  • Average login time - Database performance indicator
  • Memory usage - JVM heap monitoring

Build docs developers (and LLMs) love

Get started for freeTalk to us