tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nikola Milutinovic <Nikola.Milutino...@ev.co.yu>
Subject Re: Form Based Authentication, getting login and password
Date Sat, 05 Oct 2002 10:13:19 GMT
Externo wrote:

> Sorry by my English.
> 
> How I can guess login and password strings of an user, from error page (JSP)
> using "Form Based Authentication of Tomcat"?
> 
> I need know it to lock the count each 3 error tries (if login is ok but
> password is bad, insteed).


Something like enhanced security mode in some OSes?


> Methods 'getRemoteUser', 'isUserInRole' and 'getUserPrincipal' of
> HttpServletRequest interface have this result: If no user has been
> authenticated, returns null, false and null respectly. For this reason, they
> aren't utils for me.
> 
> If I donĀ“t know login what user writed, I can't lock his/her count.
> 
> Exist solution for this? Thanks

Only to write your own authentication module. That shouldn't be too hard.

Nix.


--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message