(If I understand what you have implemented) The only thing with this approach is that if you are storing "state" in a Map in memory..then if your application is rebooted, then you will lose that state. So if you had a few failed login attempts, then restarted the app... then I assume a user would start with a clean slate..and be getting more login attempts than usual?
However whatever works for your application.. I personally implemented something however, I stored the attempts and state in the database. One other thing that you may need to do, is to also (if you are caching the UserDetails) is to remove the user from the cache. I had an issue where I would exceed my login attempts, however the state returned was not accurate since it was coming from the userCache. So, anytime you update the User details you may need to also remove the user from the userCache. This way you will ensure that you are getting the most up to date User info from the database, and not from the cache. Cheers, Mark On 9/25/05, mannobug <[EMAIL PROTECTED]> wrote: > hi Mark thanks a lot for your advice. > I decide to use an HashMap set by my authnetication provider instead a > comloumn on my DB. This implementation for my application is enaught because > when a login fails, username and password fail attempts are set on hash > table. After the limit max_passwd_mistake, i call my BO to set the relative > field enabled on my schema. If the user is able to log (capture > AuthenticationSuccessEvent) at first attempt nothing appened on my map, if > the user, for example, after 3 attemps can log (capture > AuthenticationSuccessEvent), his/her record on my HashMap is delete. This, > maybe, it's not really scalable but it's useful to use DB only in the case > that i have to lock the user. What do you think about? It can be a good > solution? > Kind regards > Emmanuele > > > ------------------------------------------------------- > SF.Net email is sponsored by: > Tame your development challenges with Apache's Geronimo App Server. > Download it for free - -and be entered to win a 42" plasma tv or your very > own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php > _______________________________________________ > Home: http://acegisecurity.sourceforge.net > Acegisecurity-developer mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer > ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php _______________________________________________ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
