I tried replying via email, but for some reason I don't see my reply here on the forum so I'm going to post again. If I randomly post it twice sorry for the double post!
I'm not 100% sure, but wouldn't you just create your own Authentication class instead of the default Form Authentication Filter? I would assume you could put all the data in the class and then set it what you want in the ini file. so if you want to login multiple times it will just have a counter going in your class and then will do w/e after th max amount. as for IPs and such I don't know whee you check that with Shiro, or Java, but I'm sure it isn't that hard. Cookies not too sure what data you can get from a Cookie check, but that again would go in your Java Class. As for everything else that again will have to be created in your class. http://shiro.apache.org/webapp-tutorial.html#step3 shiro.* lines At the top of the [main] section, there is a new line: shiro.loginUrl = /login.jsp This is a special configuration directive that tells Shiro “For any of Shiro’s default filters that have a loginUrl property, I want that property value to be set to /login.jsp.” This allows Shiro’s default authc filter (by default, a FormAuthenticationFilter) to know about the login page. This is necessary for the FormAuthenticationFilter to work correctly. http://shiro.apache.org/web.html#Web-DefaultFilters http://shiro.apache.org/static/1.2.1/apidocs/org/apache/shiro/web/filter/authc/FormAuthenticationFilter.html I haven't dabbled in this, but I had a buddy who did his own auth using JSF with Shiro. -- View this message in context: http://shiro-user.582556.n2.nabble.com/Does-Shiro-provide-suspicious-activity-detection-threat-detection-tp7580510p7580515.html Sent from the Shiro User mailing list archive at Nabble.com.
