Thanks for your advice Ole, I've done some researches on Geronimo and it 
seems overkill to me.
It seems best for me to write a simple filter using session to control the 
attempting.

Thanks,
Li Wei Nan

----- Original Message ----- 
From: "Ole Ersoy" <[EMAIL PROTECTED]>
To: "Yale CAS mailing list" <[email protected]>
Sent: Friday, February 08, 2008 4:26 AM
Subject: Re: Is there a way to protect login page against a frequent submit?


> Hi Li,
>
> You can do this with a servlet filter that intercepts cas login requests. 
> You would have to get the principal user, see if they have attempted to 
> login with a specified time period, and redirect them to another page 
> explaining that they have made too many login attempts and that they must 
> wait X minutes before attempting again.  I think Geronimo has something 
> like this built in, but I'm still looking around for a standalone 
> implementation.
>
> Cheers,
> - Ole
>
>
>
> Li Wei Nan wrote:
>> Hi Everyone,
>>
>> Is there a plug-in or something like custom view could be used in
>> cas-webapps to protect cas from malicious credential/principal sniffer?
>>
>> Or maybe there's some configuration I can do in tomcat to achieve
>> this goal which I don't know yet?
>>
>> Thank you for your helps,
>>
>> Li Wei Nan
>> _______________________________________________
>> Yale CAS mailing list
>> [email protected]
>> http://tp.its.yale.edu/mailman/listinfo/cas
>>
> _______________________________________________
> Yale CAS mailing list
> [email protected]
> http://tp.its.yale.edu/mailman/listinfo/cas
> 


_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas

Reply via email to