You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Propes, Barry L " <ba...@citi.com> on 2007/04/24 19:11:38 UTC
anyone ever altered the Tomcat API to create a Login Attempt limit in the security constraint?
Any version? 4x. 5x?
I'm actually in the 4.1.3. series, but was wondering which class files I'd need to revise and customize.
I assume most if not all are in the /catalina/src/share/org/apache/catalina/ repository, and figured something like Authenticator.java or Session.java might need a method added to it, but wasn't sure what else would need to be done.
In other words, whereas in its initial state the security constraint will repeatedly forward/redirect to the Login error page set, I'd like to be able to create a customized method to send to another (secondary) error page, telling the user they've been locked out after 6 consecutive, unsuccessful attempts.
Is this at all possible to do in 4.1 or any other version?
Any feedback is welcomed.
Thanks!
Barry
Re: anyone ever altered the Tomcat API to create a Login Attempt limit in the security constraint?
Posted by Johnny Kewl <jo...@kewlstuff.co.za>.
I think you would be better off writing a little authentication code inside
your servlets...
However if you want to modify tomcat, you'll find that stuff in
package org.apache.catalina.authenticator;
public class BasicAuthenticator
all I wanted to to say is that some browsers like IE do their own thing.
Like for example... send this standard challenge to IE repeatedly
response.setStatus(response.SC_UNAUTHORIZED); // I.e.,
401
response.setHeader("WWW-Authenticate", "BASIC
realm=\"User Check\"");
and you'll see after a few tries.... it gives up anyway ;)
not much a Tomcat can do to change that....
----- Original Message -----
From: "Propes, Barry L " <ba...@citi.com>
To: "Tomcat Users List" <us...@tomcat.apache.org>
Sent: Tuesday, April 24, 2007 7:11 PM
Subject: anyone ever altered the Tomcat API to create a Login Attempt limit
in the security constraint?
Any version? 4x. 5x?
I'm actually in the 4.1.3. series, but was wondering which class files I'd
need to revise and customize.
I assume most if not all are in the /catalina/src/share/org/apache/catalina/
repository, and figured something like Authenticator.java or Session.java
might need a method added to it, but wasn't sure what else would need to be
done.
In other words, whereas in its initial state the security constraint will
repeatedly forward/redirect to the Login error page set, I'd like to be able
to create a customized method to send to another (secondary) error page,
telling the user they've been locked out after 6 consecutive, unsuccessful
attempts.
Is this at all possible to do in 4.1 or any other version?
Any feedback is welcomed.
Thanks!
Barry
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org