The commented out <c:out> gives you the exact error message. The
reason we don't use it is because we don't want to tell users that
they have an invalid username (or password). A generic
"authentication failed" message is generally better from a security
standpoint.
Matt
On 11/30/06, kkus <[EMAIL PROTECTED]> wrote:
Now I am implementing account lock feature. I can find message generated from
Acegi as below after I failed to login 3 times,
[appfuse] WARN [http-8080-Processor25] LoggerListener.onApplicationEvent(55)
| Authentication event AuthenticationFailureLockedEvent: a; details:
[EMAIL PROTECTED]: RemoteIpAddress: 127.0.0.1;
SessionId: A05D31E26DA6DECF3285B187876D3394; exception: User account is
locked
But in LoginForm.jsp there is an error message check as below.
<c:if test="${param.error != null}">
<li class="error">
<c:url value= "
alt="<fmt:message key="icon.warning"/>" class="icon" />
<fmt:message key="errors.password.mismatch"/>
<!--<c:out
value="${sessionScope.ACEGI_SECURITY_LAST_EXCEPTION.message}"/>-->
</li>
</c:if>
This error check always shows me password mismatch even though my account is
locked. So I need a mechanism to tell if it is a password mismatch or
account locked. param.error always return value true in these two cases,
obviously I can't rely on it. Do you know any param settings which I can use
for this purpose? Thanks!
Matt Raible-3 wrote:
>
> I don't see a problem with this solution if it works. That's the most
> important thing after all. ;-)
>
> Matt
>
> On 11/30/06, kkus <[EMAIL PROTECTED]> wrote:
>>
>> In that listner, what is general problem if I provide a HashMap to store
>> username and login count when login fails, and clear HashMap for that
>> user
>> when login suceeds? Thanks!
>>
>>
>> Matt Raible-3 wrote:
>> >
>> > If believe Acegi allows you to control this, but unfortunately, I
>> > don't know the configuration settings.
>> >
>> > Matt
>> >
>> > On 11/30/06, kkus <[EMAIL PROTECTED]> wrote:
>> >>
>> >> I went to acegi forum about this issue and found it seems we have to
>> >> create a
>> >> field in db to store attempted tries of failing login - mainly since
>> at
>> >> that
>> >> point we don't have any session yet.
>> >>
>> >> I am wondering if there is another way to keep record of failing
>> login.
>> >> Sample code which I have done is as below,
>> >>
>> >> public class ApplicationSecurityListener implements
>> ApplicationListener {
>> >>
>> >> public void onApplicationEvent(ApplicationEvent event) {
>> >> if (event instanceof AuthorizationFailureEvent) {
>> >> AuthorizationFailureEvent
>> >> authorizationFailureEvent =
>> >> (AuthorizationFailureEvent) event;
>> >> //need a way to record counts of login here - don't
>> want
>> >> store it in db
>> >>
>> >> Any idea?
>> >> --
>> >> View this message in context:
>> >>
>>
http://www.nabble.com/locking-account-afer-several-tries-of-login-tf2735347s2369.html#a7630999
>> >> Sent from the AppFuse - User mailing list archive at Nabble.com.
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> >> For additional commands, e-mail: [EMAIL PROTECTED]
>> >>
>> >>
>> >
>> >
>> > --
>> > http://raibledesigns.com
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: [EMAIL PROTECTED]
>> > For additional commands, e-mail: [EMAIL PROTECTED]
>> >
>> >
>> >
>>
>> --
>> View this message in context:
>>
http://www.nabble.com/locking-account-afer-several-tries-of-login-tf2735347s2369.html#a7632633
>> Sent from the AppFuse - User mailing list archive at Nabble.com.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
>
> --
> http://raibledesigns.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
--
View this message in context:
http://www.nabble.com/locking-account-afer-several-tries-of-login-tf2735347s2369.html#a7633514
Sent from the AppFuse - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
http://raibledesigns.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
