I would probably override DaoAuthenticationProcider or JdbcDaoImpl depending on what level you actually need to do things. If you just want to log, then probably the JdbcDaoImpl is the cleanest place to do it. W/regards to locking, it's somewhat of a function of how this is going to interact with other pieces of the system.
Steve Bendiola wrote:
Colin,
Let me clarify. The DaoAuthenticationProvider implementation calls the AuthenticationDao that I provide to retrieve a User, password, and it's granted authorities. The DefaultPassword encoder just compares the passwords. I would need a callback somewhere to allow my application to lock/log the account on unsuccessful attempts. Does this make sense?
Steve
-----Original Message----- From: Colin Sampaleanu [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 12, 2004 9:13 AM To: [EMAIL PROTECTED] Subject: Re: [Acegisecurity-developer] DaoAuthenticationProvider
Steve,
I'm not sure exactly what you're asking? The existing code will catch an invalid login attempt without any problems.
Can you describe your use case a bit better?
Regards, Colin
Steve Bendiola wrote:
I want to use the dao providers, but was wondering, what is the recommended way of catching an invalid login attempt? PasswordEncoder or extending DaoAuthenticationProvider?
Thanks
------------------------------------------------------- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click _______________________________________________ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
