tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nikola Milutinovic <>
Subject Re: Form Based Authentication, getting login and password
Date Sat, 05 Oct 2002 10:13:19 GMT
Externo wrote:

> Sorry by my English.
> How I can guess login and password strings of an user, from error page (JSP)
> using "Form Based Authentication of Tomcat"?
> I need know it to lock the count each 3 error tries (if login is ok but
> password is bad, insteed).

Something like enhanced security mode in some OSes?

> Methods 'getRemoteUser', 'isUserInRole' and 'getUserPrincipal' of
> HttpServletRequest interface have this result: If no user has been
> authenticated, returns null, false and null respectly. For this reason, they
> aren't utils for me.
> If I donĀ“t know login what user writed, I can't lock his/her count.
> Exist solution for this? Thanks

Only to write your own authentication module. That shouldn't be too hard.


To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message