Hi,
I am trying to figure out how to lock out a user after 3 unsuccessful
attempts. I am using the formAuthenticator to log my user in (no explicit
login calls). One approach i am pursuing is to capture the exception thrown
when a login fails and maintain a session count. When the count hits 3, lock
the user out.
When i print this in the login.jsp, i get
"org.apache.shiro.authc.AuthenticationException".
<%
String errorDescription =
(String)request.getAttribute("shiroLoginFailure");
if (errorDescription!=null) {
%>
<%=errorDescription%>
<%
}
%>
This does not tell me if the login failed because the credentials failed to
match or if openLDAP was not available in the backend (server down). How can
i get Shiro to throw a more specific error (InvalidCredentials, etc...) to
help me detect a failed login and lock out a user?
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/Decoding-AuthenticationException-on-login-jsp-tp7578525.html
Sent from the Shiro User mailing list archive at Nabble.com.
