Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 49938 invoked from network); 24 Apr 2007 17:45:34 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 24 Apr 2007 17:45:34 -0000 Received: (qmail 57106 invoked by uid 500); 24 Apr 2007 17:45:28 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 56836 invoked by uid 500); 24 Apr 2007 17:45:28 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 56825 invoked by uid 99); 24 Apr 2007 17:45:28 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 24 Apr 2007 10:45:28 -0700 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: neutral (herse.apache.org: local policy) Received: from [196.25.240.83] (HELO ctb-mesg-2-3.saix.net) (196.25.240.83) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 24 Apr 2007 10:45:20 -0700 Received: from animal (dsl-243-126-58.telkomadsl.co.za [41.243.126.58]) by ctb-mesg-2-3.saix.net (Postfix) with SMTP id AA3C3227E for ; Tue, 24 Apr 2007 19:44:53 +0200 (SAST) Message-ID: <001201c78698$486ea430$0300000a@animal> From: "Johnny Kewl" To: "Tomcat Users List" References: <3A55348B50FD2A40AAA40ABA16C6B6D60ABA7DF5@EXNJMB23.nam.nsroot.net> Subject: Re: anyone ever altered the Tomcat API to create a Login Attempt limit in the security constraint? Date: Tue, 24 Apr 2007 19:44:57 +0200 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2869 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962 X-Antivirus: avast! (VPS 000730-2, 2007/04/03), Outbound message X-Antivirus-Status: Clean X-Virus-Checked: Checked by ClamAV on apache.org I think you would be better off writing a little authentication code inside your servlets... However if you want to modify tomcat, you'll find that stuff in package org.apache.catalina.authenticator; public class BasicAuthenticator all I wanted to to say is that some browsers like IE do their own thing. Like for example... send this standard challenge to IE repeatedly response.setStatus(response.SC_UNAUTHORIZED); // I.e., 401 response.setHeader("WWW-Authenticate", "BASIC realm=\"User Check\""); and you'll see after a few tries.... it gives up anyway ;) not much a Tomcat can do to change that.... ----- Original Message ----- From: "Propes, Barry L " To: "Tomcat Users List" Sent: Tuesday, April 24, 2007 7:11 PM Subject: anyone ever altered the Tomcat API to create a Login Attempt limit in the security constraint? Any version? 4x. 5x? I'm actually in the 4.1.3. series, but was wondering which class files I'd need to revise and customize. I assume most if not all are in the /catalina/src/share/org/apache/catalina/ repository, and figured something like Authenticator.java or Session.java might need a method added to it, but wasn't sure what else would need to be done. In other words, whereas in its initial state the security constraint will repeatedly forward/redirect to the Login error page set, I'd like to be able to create a customized method to send to another (secondary) error page, telling the user they've been locked out after 6 consecutive, unsuccessful attempts. Is this at all possible to do in 4.1 or any other version? Any feedback is welcomed. Thanks! Barry --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org