I'd be glad to write it inside my own, but I figured using the security constraint, you were bound to their classes.
-----Original Message----- From: Johnny Kewl [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 24, 2007 12:45 PM To: Tomcat Users List Subject: Re: anyone ever altered the Tomcat API to create a Login Attempt limit in the security constraint? I think you would be better off writing a little authentication code inside your servlets... However if you want to modify tomcat, you'll find that stuff in package org.apache.catalina.authenticator; public class BasicAuthenticator all I wanted to to say is that some browsers like IE do their own thing. Like for example... send this standard challenge to IE repeatedly response.setStatus(response.SC_UNAUTHORIZED); // I.e., 401 response.setHeader("WWW-Authenticate", "BASIC realm=\"User Check\""); and you'll see after a few tries.... it gives up anyway ;) not much a Tomcat can do to change that.... ----- Original Message ----- From: "Propes, Barry L " <[EMAIL PROTECTED]> To: "Tomcat Users List" <users@tomcat.apache.org> Sent: Tuesday, April 24, 2007 7:11 PM Subject: anyone ever altered the Tomcat API to create a Login Attempt limit in the security constraint? Any version? 4x. 5x? I'm actually in the 4.1.3. series, but was wondering which class files I'd need to revise and customize. I assume most if not all are in the /catalina/src/share/org/apache/catalina/ repository, and figured something like Authenticator.java or Session.java might need a method added to it, but wasn't sure what else would need to be done. In other words, whereas in its initial state the security constraint will repeatedly forward/redirect to the Login error page set, I'd like to be able to create a customized method to send to another (secondary) error page, telling the user they've been locked out after 6 consecutive, unsuccessful attempts. Is this at all possible to do in 4.1 or any other version? Any feedback is welcomed. Thanks! Barry --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]