I'm using Tomcat 5.5 and using dataSourceRealm to do authentication. I need to track bad logins. In particular, I want to track any logins where the password is wrong. I also want to track the remote server's IP address that provides a bad login.
It appears that I can track bad logins by creating a class derived from dataSourceRealm and then overriding the authenticate() methods. I'll then make the call to dataSourceRealm's authenticate, check for null as the return and conclude it's a bad login if it is null. I can then track the info from there. However, I don't know how to get the remote server's IP address (request.getRemoteAddr()). Does anyone have a suggestion? Does the general approach seem reasonable? Scott
