Results 1 to 4 of 4
  1. #1
    javaArchitect is offline Member
    Join Date
    Oct 2009
    Posts
    2
    Rep Power
    0

    Smile any ideas for implementing the lockout

    hi,
    does anyone have any ideas for implementing the lockout after user attempts a number of times to guess user logn/password. i am getting a hard time deciding to put it in database v.s. Application context v.s. some server cache which is available in webspere.



    Any Ideas?

  2. #2
    travishein's Avatar
    travishein is offline Senior Member
    Join Date
    Sep 2009
    Location
    Canada
    Posts
    684
    Rep Power
    6

    Default

    how about a servlet filter ?
    where the current login form would submit to a login handler url right.
    ataching a servlet filter to that handle url could just set, or increment a counter variable on the user's session.
    and if the login attempt count is > N, the login handler would then do the work to set the account locked.
    note the login handler would also want to reset the login attempt counter session variable on successufl login and logout

  3. #3
    javaArchitect is offline Member
    Join Date
    Oct 2009
    Posts
    2
    Rep Power
    0

    Default

    Quote Originally Posted by travishein View Post
    how about a servlet filter ?
    where the current login form would submit to a login handler url right.
    ataching a servlet filter to that handle url could just set, or increment a counter variable on the user's session.
    and if the login attempt count is > N, the login handler would then do the work to set the account locked.
    note the login handler would also want to reset the login attempt counter session variable on successufl login and logout
    thanks for your reply,
    but the problem is there can be multiple sessions opened if a user wants to try hacking into the systems. so each time open new session and try it. will never lock out wont it. i know the lockout should be on username but where to store it so that we can catch the attempts being made.

  4. #4
    travishein's Avatar
    travishein is offline Senior Member
    Join Date
    Sep 2009
    Location
    Canada
    Posts
    684
    Rep Power
    6

    Default

    ah, so then have the login checker, work with the username, storing the number of login bad passwords directly onto the profile object in the database ?
    or maybe an application level map, which would be transient only on app server restarts.

Similar Threads

  1. Need Project Ideas
    By javaesh in forum New To Java
    Replies: 9
    Last Post: 05-24-2013, 03:56 PM
  2. Need ideas here
    By Manfizy in forum New To Java
    Replies: 0
    Last Post: 07-30-2009, 08:07 AM
  3. out of ideas
    By v1nsai in forum New To Java
    Replies: 2
    Last Post: 03-27-2009, 01:35 AM
  4. Any Ideas for a Project?
    By quddusaliquddus in forum Advanced Java
    Replies: 19
    Last Post: 12-19-2008, 04:22 PM
  5. Merging Ideas
    By CompleteBeginner in forum New To Java
    Replies: 1
    Last Post: 05-19-2008, 02:15 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •