fixes

services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java

@@ -51,12 +51,12 @@ public class AuthenticationProcessor {
     protected ClientConnection connection;
     protected UriInfo uriInfo;
     protected KeycloakSession session;
-    protected BruteForceProtector protector;
     protected EventBuilder event;
     protected HttpRequest request;
     protected String flowId;
     protected String flowPath;
     protected boolean browserFlow;
+    protected BruteForceProtector protector;
     /**
      * This could be an error message forwarded from another authenticator
      */
@@ -523,7 +523,7 @@ public class AuthenticationProcessor {
             if (username == null) {
 
             } else {
-                protector.failedLogin(realm, username, connection);
+                getBruteForceProtector().failedLogin(realm, username, connection);
 
             }
         }
@@ -796,7 +796,7 @@ public class AuthenticationProcessor {
         if (authenticatedUser == null) return;
         if (!authenticatedUser.isEnabled()) throw new AuthenticationFlowException(AuthenticationFlowError.USER_DISABLED);
         if (realm.isBruteForceProtected()) {
-            if (protector.isTemporarilyDisabled(session, realm, authenticatedUser.getUsername())) {
+            if (getBruteForceProtector().isTemporarilyDisabled(session, realm, authenticatedUser.getUsername())) {
                 throw new AuthenticationFlowException(AuthenticationFlowError.USER_TEMPORARILY_DISABLED);
             }
         }