Done at http://issues.appfuse.org/browse/APF-540
Matt Raible-3 wrote:
>
> This sounds like a bug. Can you please enter it in JIRA?
>
> Thanks,
>
> Matt
>
> On 12/1/06, kkus <[EMAIL PROTECTED]> wrote:
>>
>> Thanks, Matt. I still found a tiny i18n bug in login.js as below,
>>
>> function passwordHint() {
>> if ($("j_username").value.length == 0) {
>> alert("The <fmt:message key="label.username"/> field must be
>> filled in to get a password hint sent to you.");
>>
>> We need use <fmt.message> only in alert otherwise it will cause i18n
>> issue.
>>
>>
>> Matt Raible-3 wrote:
>> >
>> > The commented out <c:out> gives you the exact error message. The
>> > reason we don't use it is because we don't want to tell users that
>> > they have an invalid username (or password). A generic
>> > "authentication failed" message is generally better from a security
>> > standpoint.
>> >
>> > Matt
>> >
>> > On 11/30/06, kkus <[EMAIL PROTECTED]> wrote:
>> >>
>> >> Now I am implementing account lock feature. I can find message
>> generated
>> >> from
>> >> Acegi as below after I failed to login 3 times,
>> >>
>> >> [appfuse] WARN [http-8080-Processor25]
>> >> LoggerListener.onApplicationEvent(55)
>> >> | Authentication event AuthenticationFailureLockedEvent: a; details:
>> >> [EMAIL PROTECTED]: RemoteIpAddress:
>> >> 127.0.0.1;
>> >> SessionId: A05D31E26DA6DECF3285B187876D3394; exception: User account
>> is
>> >> locked
>> >>
>> >> But in LoginForm.jsp there is an error message check as below.
>> >>
>> >> <c:if test="${param.error != null}">
>> >> <li class="error">
>> >> <c:url value= "
>> >> alt="<fmt:message key="icon.warning"/>" class="icon" />
>> >> <fmt:message key="errors.password.mismatch"/>
>> >> <!--<c:out
>> >> value="${sessionScope.ACEGI_SECURITY_LAST_EXCEPTION.message}"/>-->
>> >> </li>
>> >> </c:if>
>> >>
>> >> This error check always shows me password mismatch even though my
>> account
>> >> is
>> >> locked. So I need a mechanism to tell if it is a password mismatch or
>> >> account locked. param.error always return value true in these two
>> cases,
>> >> obviously I can't rely on it. Do you know any param settings which I
>> can
>> >> use
>> >> for this purpose? Thanks!
>> >>
>> >>
>> >> Matt Raible-3 wrote:
>> >> >
>> >> > I don't see a problem with this solution if it works. That's the
>> most
>> >> > important thing after all. ;-)
>> >> >
>> >> > Matt
>> >> >
>> >> > On 11/30/06, kkus <[EMAIL PROTECTED]> wrote:
>> >> >>
>> >> >> In that listner, what is general problem if I provide a HashMap to
>> >> store
>> >> >> username and login count when login fails, and clear HashMap for
>> that
>> >> >> user
>> >> >> when login suceeds? Thanks!
>> >> >>
>> >> >>
>> >> >> Matt Raible-3 wrote:
>> >> >> >
>> >> >> > If believe Acegi allows you to control this, but unfortunately, I
>> >> >> > don't know the configuration settings.
>> >> >> >
>> >> >> > Matt
>> >> >> >
>> >> >> > On 11/30/06, kkus <[EMAIL PROTECTED]> wrote:
>> >> >> >>
>> >> >> >> I went to acegi forum about this issue and found it seems we
>> have
>> >> to
>> >> >> >> create a
>> >> >> >> field in db to store attempted tries of failing login - mainly
>> >> since
>> >> >> at
>> >> >> >> that
>> >> >> >> point we don't have any session yet.
>> >> >> >>
>> >> >> >> I am wondering if there is another way to keep record of failing
>> >> >> login.
>> >> >> >> Sample code which I have done is as below,
>> >> >> >>
>> >> >> >> public class ApplicationSecurityListener implements
>> >> >> ApplicationListener {
>> >> >> >>
>> >> >> >> public void onApplicationEvent(ApplicationEvent event) {
>> >> >> >> if (event instanceof AuthorizationFailureEvent)
>> {
>> >> >> >> AuthorizationFailureEvent
>> >> >> >> authorizationFailureEvent =
>> >> >> >> (AuthorizationFailureEvent) event;
>> >> >> >> //need a way to record counts of login here -
>> don't
>> >> >> want
>> >> >> >> store it in db
>> >> >> >>
>> >> >> >> Any idea?
>> >> >> >> --
>> >> >> >> View this message in context:
>> >> >> >>
>> >> >>
>> >>
>> http://www.nabble.com/locking-account-afer-several-tries-of-login-tf2735347s2369.html#a7630999
>> >> >> >> Sent from the AppFuse - User mailing list archive at Nabble.com.
>> >> >> >>
>> >> >> >>
>> >> ---------------------------------------------------------------------
>> >> >> >> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> >> >> >> For additional commands, e-mail: [EMAIL PROTECTED]
>> >> >> >>
>> >> >> >>
>> >> >> >
>> >> >> >
>> >> >> > --
>> >> >> > http://raibledesigns.com
>> >> >> >
>> >> >> >
>> >> ---------------------------------------------------------------------
>> >> >> > To unsubscribe, e-mail: [EMAIL PROTECTED]
>> >> >> > For additional commands, e-mail: [EMAIL PROTECTED]
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >>
>> >> >> --
>> >> >> View this message in context:
>> >> >>
>> >>
>> http://www.nabble.com/locking-account-afer-several-tries-of-login-tf2735347s2369.html#a7632633
>> >> >> Sent from the AppFuse - User mailing list archive at Nabble.com.
>> >> >>
>> >> >>
>> ---------------------------------------------------------------------
>> >> >> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> >> >> For additional commands, e-mail: [EMAIL PROTECTED]
>> >> >>
>> >> >>
>> >> >
>> >> >
>> >> > --
>> >> > http://raibledesigns.com
>> >> >
>> >> >
>> ---------------------------------------------------------------------
>> >> > To unsubscribe, e-mail: [EMAIL PROTECTED]
>> >> > For additional commands, e-mail: [EMAIL PROTECTED]
>> >> >
>> >> >
>> >> >
>> >>
>> >> --
>> >> View this message in context:
>> >>
>> http://www.nabble.com/locking-account-afer-several-tries-of-login-tf2735347s2369.html#a7633514
>> >> Sent from the AppFuse - User mailing list archive at Nabble.com.
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> >> For additional commands, e-mail: [EMAIL PROTECTED]
>> >>
>> >>
>> >
>> >
>> > --
>> > http://raibledesigns.com
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: [EMAIL PROTECTED]
>> > For additional commands, e-mail: [EMAIL PROTECTED]
>> >
>> >
>> >
>>
>> --
>> View this message in context:
>> http://www.nabble.com/locking-account-afer-several-tries-of-login-tf2735347s2369.html#a7639315
>> Sent from the AppFuse - User mailing list archive at Nabble.com.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
>
> --
> http://raibledesigns.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
--
View this message in context:
http://www.nabble.com/locking-account-afer-several-tries-of-login-tf2735347s2369.html#a7645461
Sent from the AppFuse - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
