[ http://jira.codehaus.org/browse/CONTINUUM-796?page=comments#action_73340 ] Carlos Sanchez commented on CONTINUUM-796: ------------------------------------------
>From http://acegisecurity.org/faq.html Common Problem #3: How do I disable a user after a number of failed logins? A common user requirement is to disable / lock an account after a number of failed login attempts. Acegi itself does not provide anything "out of the box", however in your application you can implement and register an org.springframework.context.ApplicationListener. Inside your application event listener you can then check for an instanceof the particular AuthenticationFailureEvent and then call your application user management interface to update the user details. For example: public void onApplicationEvent(ApplicationEvent event) { // check failed event if(event instanceof AuthenticationFailurePasswordEvent){ // call user management interface to increment failed login attempts, etc. . . . } } > Disable account on login failures > --------------------------------- > > Key: CONTINUUM-796 > URL: http://jira.codehaus.org/browse/CONTINUUM-796 > Project: Continuum > Issue Type: Sub-task > Reporter: Carlos Sanchez > > We can hook into acegi authz event system to get unsuccessful logins and add > the counter. > After a definer number (eg. 3) of unsucessful consecutive logins the account > must be disabled. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
