-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott and Kevin,
Scott Smith wrote: > I'm using Tomcat 5.5 and using dataSourceRealm to do authentication. I > need to track bad logins. In particular, I want to track any logins > where the password is wrong. I also want to track the remote server's > IP address that provides a bad login. I also had this requirement and switched from using Tomcat's built-in authentication and authorization to using Securityfilter (securityfilter.sourceforge.net). You can implement your own Realm (which I did, which looks a lot like Tomcat's DataSourceRealm) and you have your choice of interfaces: one that looks like Tomcat's realm (just username + password), or a more useful one that simply takes a request object. Using this more useful interface, you can write your own realm that is capable or logging failed logins including IP address. What's nice about using securityfilter instead of writing your own Tomcat realms is that they are portable across app servers as well as releases of Tomcat (because the API is not frozen from major release to major release of Tomcat). I'd be happy to share code with you if you're interested. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHJzET9CaO5/Lv0PARAoVVAJ9dLVf6h5y/R8iQDt89G3J2sVpwsgCgvG4l tGdJtyrM86189rLmPlgDpqo= =Djip -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]