Brian, What is your purpose for tracking failed login attempts? Auditing?
-Scott -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia On Fri, Apr 10, 2009 at 8:11 PM, Pieslak, Brian <[email protected]> wrote: > I tried to get caught up on the account lockout discussions from the > archives, but I never really saw a clear answer to what I'm trying to > accomplish. > > I need the ability to track failed login attempts. > I see in the login-webflow.xml where the "authenticationViaFormAction" bean > is used for the authentication flow. > > I'm thinking its possible to modify the "submit" action state to look like > the following: > > <action-state id="submit"> > <action bean="authenticationViaFormAction" method="submit" /> > <transition on="warn" to="warn" /> > <transition on="success" to="sendTicketGrantingTicket" /> > <transition on="error" to="trackFailedLogin" /> > </action-state> > <action-state id="trackFailedLogin"> > <action bean="trackFailedLoginAction" /> > <transition on="success" to="viewLoginForm" /> > </action-state> > Where I'm inserting my own "trackFailedLogin" action-state, taking my > action (which is successful) and then returning to the "viewLoginForm". I > also still need the loginForm to display the "Invalid Username Or Password" > message. > > So 2 questions: > 1.) Does this seem like a good approach, or should I be doing this another > way? > 2.) Will my comment about the loginForm knowing its in an error state > work, or does the transition of my new action bean need to return "error" in > order to keep the webflow in an error state? > > Thanks for the help, > -Brian > > > -- > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
