Thanks for your advice Ole, I've done some researches on Geronimo and it seems overkill to me. It seems best for me to write a simple filter using session to control the attempting.
Thanks, Li Wei Nan ----- Original Message ----- From: "Ole Ersoy" <[EMAIL PROTECTED]> To: "Yale CAS mailing list" <[email protected]> Sent: Friday, February 08, 2008 4:26 AM Subject: Re: Is there a way to protect login page against a frequent submit? > Hi Li, > > You can do this with a servlet filter that intercepts cas login requests. > You would have to get the principal user, see if they have attempted to > login with a specified time period, and redirect them to another page > explaining that they have made too many login attempts and that they must > wait X minutes before attempting again. I think Geronimo has something > like this built in, but I'm still looking around for a standalone > implementation. > > Cheers, > - Ole > > > > Li Wei Nan wrote: >> Hi Everyone, >> >> Is there a plug-in or something like custom view could be used in >> cas-webapps to protect cas from malicious credential/principal sniffer? >> >> Or maybe there's some configuration I can do in tomcat to achieve >> this goal which I don't know yet? >> >> Thank you for your helps, >> >> Li Wei Nan >> _______________________________________________ >> Yale CAS mailing list >> [email protected] >> http://tp.its.yale.edu/mailman/listinfo/cas >> > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
