maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Carlos Sanchez (JIRA)" <>
Subject [jira] Commented: (CONTINUUM-796) Disable account on login failures
Date Fri, 25 Aug 2006 19:24:48 GMT
    [ ] 
Carlos Sanchez commented on CONTINUUM-796:


Common Problem #3: How do I disable a user after a number of failed logins?

A common user requirement is to disable / lock an account after a number of failed login attempts.
Acegi itself does not provide anything "out of the box", however in your application you can
implement and register an org.springframework.context.ApplicationListener. Inside your application
event listener you can then check for an instanceof the particular AuthenticationFailureEvent
and then call your application user management interface to update the user details.

For example:

     public void onApplicationEvent(ApplicationEvent event) {
       // check failed event
       if(event instanceof AuthenticationFailurePasswordEvent){
          // call user management interface to increment failed login attempts, etc.
          . . .

> Disable account on login failures
> ---------------------------------
>                 Key: CONTINUUM-796
>                 URL:
>             Project: Continuum
>          Issue Type: Sub-task
>            Reporter: Carlos Sanchez
> We can hook into acegi authz event system to get unsuccessful logins and add the counter.
> After a definer number (eg. 3) of unsucessful consecutive logins the account must be

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
For more information on JIRA, see:


View raw message