You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Rob Cartier <rc...@snet.net> on 2002/03/09 04:35:45 UTC

help: logging failed login attempts

I have been searching high and low trying
to find a way to catch failed login attempts after
form authentication fails. Currently in my web.xml
file it just gets re-directed to the errorpage
but I want to record it

All I want to capture is the username (j_username) that was attempted
so I can log it and keep track of the failures to lock
the account.

everything else is available from the cgi variable
getRequest..etc... methods.

Posted this a few times but nobody as responded
is this even available 

Rob Cartier

--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>

RE: help: logging failed login attempts

Posted by Rob Cartier <rc...@snet.net>.

I am using the j_security_check class and dont know where I can
grab the j_username value

attached are the parts that I am using for my loginpage
The errorpage just returns a null when doing a getRemoteUser()


<loginpage.jsp>

<h2>Login page </h2>
<form method="POST" action="j_security_check">
<table border="0" cell padding="0" width=480>
 <tr>
    <td  nowrap><font face="Fixedsys">Username:</font></td>
    <td ><input type="text" name="j_username"></td>
 </tr>
 <tr>
    <td nowrap><font face="Fixedsys">Password:</font></td>
    <td ><input type="password" name="j_password"></td>
 <tr>
 <tr>
 	<td > </td>
	<td><input type="submit" value="Login"></td>
 </tr>
<br>

<web.xml snippet>

  <!-- Define the Login Configuration for this Application -->
   <!-- Define the Login Configuration for this Application -->
  <login-config>
    <auth-method>FORM</auth-method>
    <realm-name>test app</realm-name>
    <form-login-config>
	<form-login-page>/loginpage.jsp</form-login-page>
	<form-error-page>/errorpage.jsp</form-error-page>
    </form-login-config>
  </login-config>

-----Original Message-----
From: Scott Shorter [mailto:shorter@caradas.com]
Sent: Saturday, March 09, 2002 7:49 AM
To: 'Tomcat Users List'
Subject: RE: help: logging failed login attempts


This may not be the answer you are looking for, but if you implement the
login form yourself, you can log failed login attempts however you want
to...
-
Scott

> -----Original Message-----
> From: Rob Cartier [mailto:rcartier@snet.net] 
> Sent: Friday, March 08, 2002 10:36 PM
> To: 'Tomcat Users List'
> Subject: help: logging failed login attempts
> Importance: High
> 
> 
> I have been searching high and low trying
> to find a way to catch failed login attempts after
> form authentication fails. Currently in my web.xml
> file it just gets re-directed to the errorpage
> but I want to record it
> 
> All I want to capture is the username (j_username) that was 
> attempted so I can log it and keep track of the failures to 
> lock the account.
> 
> everything else is available from the cgi variable 
> getRequest..etc... methods.
> 
> Posted this a few times but nobody as responded
> is this even available 
> 
> Rob Cartier
> 
> --
> To unsubscribe:   <ma...@jakarta.apache.org>
> For additional commands: <ma...@jakarta.apache.org>
> Troubles with the list: <ma...@jakarta.apache.org>
> 


--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>



--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>

RE: help: logging failed login attempts

Posted by Scott Shorter <sh...@caradas.com>.

This may not be the answer you are looking for, but if you implement the
login form yourself, you can log failed login attempts however you want
to...
-
Scott

> -----Original Message-----
> From: Rob Cartier [mailto:rcartier@snet.net] 
> Sent: Friday, March 08, 2002 10:36 PM
> To: 'Tomcat Users List'
> Subject: help: logging failed login attempts
> Importance: High
> 
> 
> I have been searching high and low trying
> to find a way to catch failed login attempts after
> form authentication fails. Currently in my web.xml
> file it just gets re-directed to the errorpage
> but I want to record it
> 
> All I want to capture is the username (j_username) that was 
> attempted so I can log it and keep track of the failures to 
> lock the account.
> 
> everything else is available from the cgi variable 
> getRequest..etc... methods.
> 
> Posted this a few times but nobody as responded
> is this even available 
> 
> Rob Cartier
> 
> --
> To unsubscribe:   <ma...@jakarta.apache.org>
> For additional commands: <ma...@jakarta.apache.org>
> Troubles with the list: <ma...@jakarta.apache.org>
> 


--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>