Hi Li, You can do this with a servlet filter that intercepts cas login requests. You would have to get the principal user, see if they have attempted to login with a specified time period, and redirect them to another page explaining that they have made too many login attempts and that they must wait X minutes before attempting again. I think Geronimo has something like this built in, but I'm still looking around for a standalone implementation.
Cheers, - Ole Li Wei Nan wrote: > Hi Everyone, > > Is there a plug-in or something like custom view could be used in > cas-webapps to protect cas from malicious credential/principal sniffer? > > Or maybe there's some configuration I can do in tomcat to achieve > this goal which I don't know yet? > > Thank you for your helps, > > Li Wei Nan > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
