Hi Li,

You can do this with a servlet filter that intercepts cas login requests.  You 
would have to get the principal user, see if they have attempted to login with 
a specified time period, and redirect them to another page explaining that they 
have made too many login attempts and that they must wait X minutes before 
attempting again.  I think Geronimo has something like this built in, but I'm 
still looking around for a standalone implementation.

Cheers,
- Ole



Li Wei Nan wrote:
> Hi Everyone,
> 
>       Is there a plug-in or something like custom view could be used in  
> cas-webapps to protect cas from malicious credential/principal sniffer?
> 
>       Or maybe there's some configuration I can do in tomcat to achieve  
> this goal which I don't know yet?
> 
> Thank you for your helps,
> 
> Li Wei Nan
> _______________________________________________
> Yale CAS mailing list
> [email protected]
> http://tp.its.yale.edu/mailman/listinfo/cas
> 
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas

Reply via email to