Scott, Its for both auditing & account locking. I have a specific requirement for how the auditing & account locking are accomplished - both tables in a MySql database. I have a separate user management application that my customer support agents use where they can go in an unlock an account for a user before the lockout period expires, so that's the primary reason I need this data in the MySql database
I have seen the ThrottleBy... classes discussed as ways of implementing account locking, and I'm not opposed to using that approach. I'd just need to see if either my requirements can change or how I could persist that information to my MySql database. -Brian ________________________________ From: Scott Battaglia [[email protected]] Sent: Friday, April 10, 2009 11:50 PM To: [email protected] Subject: Re: [cas-user] tracking failed login attempts Brian, What is your purpose for tracking failed login attempts? Auditing? -Scott -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia On Fri, Apr 10, 2009 at 8:11 PM, Pieslak, Brian <[email protected]<mailto:[email protected]>> wrote: I tried to get caught up on the account lockout discussions from the archives, but I never really saw a clear answer to what I'm trying to accomplish. I need the ability to track failed login attempts. I see in the login-webflow.xml where the "authenticationViaFormAction" bean is used for the authentication flow. I'm thinking its possible to modify the "submit" action state to look like the following: <action-state id="submit"> <action bean="authenticationViaFormAction" method="submit" /> <transition on="warn" to="warn" /> <transition on="success" to="sendTicketGrantingTicket" /> <transition on="error" to="trackFailedLogin" /> </action-state> <action-state id="trackFailedLogin"> <action bean="trackFailedLoginAction" /> <transition on="success" to="viewLoginForm" /> </action-state> Where I'm inserting my own "trackFailedLogin" action-state, taking my action (which is successful) and then returning to the "viewLoginForm". I also still need the loginForm to display the "Invalid Username Or Password" message. So 2 questions: 1.) Does this seem like a good approach, or should I be doing this another way? 2.) Will my comment about the loginForm knowing its in an error state work, or does the transition of my new action bean need to return "error" in order to keep the webflow in an error state? Thanks for the help, -Brian -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
