Hi Roland, this depends on the authentication implementation you are using.
see also: http://jackrabbit.apache.org/faq.html#access-authentication regards marcel Roland Porath wrote:
Does anybody have an implementation of loginModule that actually does some authentication? The implementation that ships with 1.4 (SimpleLoginModule) does not reject invalid login attempts. Cheers roland
