You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Nikola Milutinovic <Ni...@ev.co.yu> on 2002/10/05 12:13:19 UTC

Re: Form Based Authentication, getting login and password

Externo wrote:

> Sorry by my English.
> 
> How I can guess login and password strings of an user, from error page (JSP)
> using "Form Based Authentication of Tomcat"?
> 
> I need know it to lock the count each 3 error tries (if login is ok but
> password is bad, insteed).


Something like enhanced security mode in some OSes?


> Methods 'getRemoteUser', 'isUserInRole' and 'getUserPrincipal' of
> HttpServletRequest interface have this result: If no user has been
> authenticated, returns null, false and null respectly. For this reason, they
> aren't utils for me.
> 
> If I don´t know login what user writed, I can't lock his/her count.
> 
> Exist solution for this? Thanks

Only to write your own authentication module. That shouldn't be too hard.

Nix.


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>