开发者

Glassfish JDBCRealm Login Exception

问答 作者:

I have a JDBCRealm setup in glasfish 3.1 with oracle11. My web app authentication works fine, but now I'd like to be able to react if someone fails to login 3 times in a row. Looking at my server log I can see that every time the login fails an exception is logged :

WARNING: WEB9102: Web Login Failed:
com.sun.enterprise.security.auth.login.common.LoginException: 
Login failed: Security Exception

Do you guys know any way of catching it programmatically in my java code? I tried googling it, but to no avail.

Or maybe you know a better solution altogether? Please share.

Thanks, Damo

UPDATE: I need to re-phrase the question (or explain the situation properly). Every time authentication fails I want to log it in my database. To do that I开发者_运维问答 need the username, timestamp, etc. Every time authentication fails the system will check failures count and if it's more than 3 it will lock the user's account. So, I could do it in my loginerror.jsp, but I need the username. Can't find it anywhere :). So far I experimented with a filter, but it appears that you can't filter on j_security_check url-patter (at least not in glassfish 3.1). So really, the main issue here is getting the username of the person that failed the login passed to loginerror.jsp (in any form: attribute, parameter, whatever). Will go and experiment with some java script and form submission.. hehe. Thanks.

You can only catch it if you take the login in your hands. Instead of submitting the form to j_security_check, you need to submit to a servlet which uses HttpServletRequest#login().

try {
    request.login(username, password);
} catch (ServletException e) {
    // Handle.
}

I think you could specify the form-error-page in web.xml.

You probably could specify a servlet there which redirects the user to the page you want to show.

http://download.oracle.com/docs/cd/E19798-01/821-1841/bncas/index.html#6nmq2cpkm

<login-config>
    <auth-method>FORM</auth-method>
    <realm-name>file</realm-name>
    <form-login-config>
        <form-login-page>/login.xhtml</form-login-page>
        <form-error-page>/error.xhtml</form-error-page>
    </form-login-config>
</login-config>

继续阅读:glassfishjakarta-eejdbcrealm

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9