You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Rob Cartier <rc...@snet.net> on 2002/03/09 04:35:45 UTC
help: logging failed login attempts
I have been searching high and low trying
to find a way to catch failed login attempts after
form authentication fails. Currently in my web.xml
file it just gets re-directed to the errorpage
but I want to record it
All I want to capture is the username (j_username) that was attempted
so I can log it and keep track of the failures to lock
the account.
everything else is available from the cgi variable
getRequest..etc... methods.
Posted this a few times but nobody as responded
is this even available
Rob Cartier
--
To unsubscribe: <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>
RE: help: logging failed login attempts
Posted by Rob Cartier <rc...@snet.net>.
I am using the j_security_check class and dont know where I can
grab the j_username value
attached are the parts that I am using for my loginpage
The errorpage just returns a null when doing a getRemoteUser()
<loginpage.jsp>
<h2>Login page </h2>
<form method="POST" action="j_security_check">
<table border="0" cell padding="0" width=480>
<tr>
<td nowrap><font face="Fixedsys">Username:</font></td>
<td ><input type="text" name="j_username"></td>
</tr>
<tr>
<td nowrap><font face="Fixedsys">Password:</font></td>
<td ><input type="password" name="j_password"></td>
<tr>
<tr>
<td > </td>
<td><input type="submit" value="Login"></td>
</tr>
<br>
<web.xml snippet>
<!-- Define the Login Configuration for this Application -->
<!-- Define the Login Configuration for this Application -->
<login-config>
<auth-method>FORM</auth-method>
<realm-name>test app</realm-name>
<form-login-config>
<form-login-page>/loginpage.jsp</form-login-page>
<form-error-page>/errorpage.jsp</form-error-page>
</form-login-config>
</login-config>
-----Original Message-----
From: Scott Shorter [mailto:shorter@caradas.com]
Sent: Saturday, March 09, 2002 7:49 AM
To: 'Tomcat Users List'
Subject: RE: help: logging failed login attempts
This may not be the answer you are looking for, but if you implement the
login form yourself, you can log failed login attempts however you want
to...
-
Scott
> -----Original Message-----
> From: Rob Cartier [mailto:rcartier@snet.net]
> Sent: Friday, March 08, 2002 10:36 PM
> To: 'Tomcat Users List'
> Subject: help: logging failed login attempts
> Importance: High
>
>
> I have been searching high and low trying
> to find a way to catch failed login attempts after
> form authentication fails. Currently in my web.xml
> file it just gets re-directed to the errorpage
> but I want to record it
>
> All I want to capture is the username (j_username) that was
> attempted so I can log it and keep track of the failures to
> lock the account.
>
> everything else is available from the cgi variable
> getRequest..etc... methods.
>
> Posted this a few times but nobody as responded
> is this even available
>
> Rob Cartier
>
> --
> To unsubscribe: <ma...@jakarta.apache.org>
> For additional commands: <ma...@jakarta.apache.org>
> Troubles with the list: <ma...@jakarta.apache.org>
>
--
To unsubscribe: <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>
--
To unsubscribe: <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>
RE: help: logging failed login attempts
Posted by Scott Shorter <sh...@caradas.com>.
This may not be the answer you are looking for, but if you implement the
login form yourself, you can log failed login attempts however you want
to...
-
Scott
> -----Original Message-----
> From: Rob Cartier [mailto:rcartier@snet.net]
> Sent: Friday, March 08, 2002 10:36 PM
> To: 'Tomcat Users List'
> Subject: help: logging failed login attempts
> Importance: High
>
>
> I have been searching high and low trying
> to find a way to catch failed login attempts after
> form authentication fails. Currently in my web.xml
> file it just gets re-directed to the errorpage
> but I want to record it
>
> All I want to capture is the username (j_username) that was
> attempted so I can log it and keep track of the failures to
> lock the account.
>
> everything else is available from the cgi variable
> getRequest..etc... methods.
>
> Posted this a few times but nobody as responded
> is this even available
>
> Rob Cartier
>
> --
> To unsubscribe: <ma...@jakarta.apache.org>
> For additional commands: <ma...@jakarta.apache.org>
> Troubles with the list: <ma...@jakarta.apache.org>
>
--
To unsubscribe: <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>