tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Johnny Kewl" <j...@kewlstuff.co.za>
Subject Re: anyone ever altered the Tomcat API to create a Login Attempt limit in the security constraint?
Date Tue, 24 Apr 2007 17:44:57 GMT

I think you would be better off writing a little authentication code inside 
your servlets...
However if you want to modify tomcat, you'll find that stuff in

package org.apache.catalina.authenticator;
public class BasicAuthenticator

all I wanted to to say is that some browsers like IE do their own thing.
Like for example... send this standard challenge to IE repeatedly

                    response.setStatus(response.SC_UNAUTHORIZED); // I.e., 
401
                    response.setHeader("WWW-Authenticate", "BASIC 
realm=\"User Check\"");

and you'll see after a few tries.... it gives up anyway ;)
not much a Tomcat can do to change that....




----- Original Message ----- 
From: "Propes, Barry L " <barry.l.propes@citi.com>
To: "Tomcat Users List" <users@tomcat.apache.org>
Sent: Tuesday, April 24, 2007 7:11 PM
Subject: anyone ever altered the Tomcat API to create a Login Attempt limit 
in the security constraint?


Any version? 4x. 5x?

I'm actually in the 4.1.3. series, but was wondering which class files I'd 
need to revise and customize.

I assume most if not all are in the /catalina/src/share/org/apache/catalina/ 
repository, and figured something like Authenticator.java or Session.java 
might need a method added to it, but wasn't sure what else would need to be 
done.

In other words, whereas in its initial state the security constraint will 
repeatedly forward/redirect to the Login error page set, I'd like to be able 
to create a customized method to send to another (secondary) error page, 
telling the user they've been locked out after 6 consecutive, unsuccessful 
attempts.

Is this at all possible to do in 4.1 or any other version?

Any feedback is welcomed.

Thanks!

Barry


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message