On Sat, 2006-08-26 at 14:56 -0700, Robert Blumen wrote: > With the event-listening approach, > I see that you could track the number of > failed attempts, but how would that tie > back into preventing additional attempts > after the limit was exceeded? Wouldn't > you have to modify the authentication > processing at some point?
Generally your custom UserDetailsService will return a UserDetails with the appropriate flag to indicate the account is locked. The AuthenticationProvider will then automatically throw the corresponding exception. Cheers Ben ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Home: http://acegisecurity.org Acegisecurity-developer mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
