Externo wrote: > Sorry by my English. > > How I can guess login and password strings of an user, from error page (JSP) > using "Form Based Authentication of Tomcat"? > > I need know it to lock the count each 3 error tries (if login is ok but > password is bad, insteed).
Something like enhanced security mode in some OSes? > Methods 'getRemoteUser', 'isUserInRole' and 'getUserPrincipal' of > HttpServletRequest interface have this result: If no user has been > authenticated, returns null, false and null respectly. For this reason, they > aren't utils for me. > > If I donīt know login what user writed, I can't lock his/her count. > > Exist solution for this? Thanks Only to write your own authentication module. That shouldn't be too hard. Nix. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
