Externo wrote:
Sorry by my English.
How I can guess login and password strings of an user, from error page (JSP)
using Form Based Authentication of Tomcat?
I need know it to lock the count each 3 error tries (if login is ok but
password is bad, insteed).
Something like enhanced security mode in some OSes?
Methods 'getRemoteUser', 'isUserInRole' and 'getUserPrincipal' of
HttpServletRequest interface have this result: If no user has been
authenticated, returns null, false and null respectly. For this reason, they
aren't utils for me.
If I don´t know login what user writed, I can't lock his/her count.
Exist solution for this? Thanks
Only to write your own authentication module. That shouldn't be too hard.
Nix.
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]