I think a custom authentication handler is probably the right way to do this, given the plugin architecture. For example, if you are using openLDAP as your authentication back end and you have the password policy overlay in place, the back end database takes care of failed login tracking etc.
Craig On Sat, 2009-04-11 at 08:41 -0400, Pieslak, Brian wrote: > I came up with a simpler solution that seems to be working for me, but > it seems highly customized to my needs. > > Rather than messing with login-webflow.xml, and I subclassed > org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler to > create my own JDBC authenticationHandler to handle my custom logic. > This allows me to add my additional queries to my jdbc > authenticationHandler bean in deployerConfigContext.xml. > > Its not elegant, but it does seem to be working just fine. > -Brian > > ______________________________________________________________________ > From: Scott Battaglia [[email protected]] > Sent: Friday, April 10, 2009 11:50 PM > To: [email protected] > Subject: Re: [cas-user] tracking failed login attempts > > > Brian, > > What is your purpose for tracking failed login attempts? Auditing? > > -Scott > > -Scott Battaglia > PGP Public Key Id: 0x383733AA > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > > On Fri, Apr 10, 2009 at 8:11 PM, Pieslak, Brian <[email protected]> > wrote: > I tried to get caught up on the account lockout discussions > from the archives, but I never really saw a clear answer to > what I'm trying to accomplish. > > I need the ability to track failed login attempts. > I see in the login-webflow.xml where the > "authenticationViaFormAction" bean is used for the > authentication flow. > > I'm thinking its possible to modify the "submit" action state > to look like the following: > > <action-state id="submit"> > <action bean="authenticationViaFormAction" > method="submit" /> > <transition on="warn" to="warn" /> > <transition on="success" to="sendTicketGrantingTicket" /> > <transition on="error" to="trackFailedLogin" /> > </action-state> > > <action-state id="trackFailedLogin"> > <action bean="trackFailedLoginAction" /> > <transition on="success" to="viewLoginForm" /> > </action-state> > > Where I'm inserting my own "trackFailedLogin" action-state, > taking my action (which is successful) and then returning to > the "viewLoginForm". I also still need the loginForm to > display the "Invalid Username Or Password" message. > > So 2 questions: > 1.) Does this seem like a good approach, or should I be doing > this another way? > 2.)Will my comment about the loginForm knowing its in an error > state work, or does the transition of my new action bean need > to return "error" in order to keep the webflow in an error > state? > > Thanks for the help, > -Brian > > > -- > You are currently subscribed to [email protected] as: > [email protected] > > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
