> I have a custom realm / login module for a web app in
> Glassfish v3.
> However, I haven't found out how to do the
> following:
> * After failing x times, the user is blocked.
> However, how can I warn him, if the login returns
> just a boolean, and if false, there's no way to
> retrieve the reason?
[i]One way to do this currently would be to turn Security audit on . Using a custom security auditing implementation, you could get the failure count .[/i]
> * I need to log the IP address of the user which is
> being logged in. However, how can I access the
> HttpServletRequest from within the Realm / Login
> Module?
[i]Could you please raise an RFE for this?
Currently, one way to do this would be to use a SAM (JSR 196) module through which you could access the HttpServletRequest method. Authentication can then be delegated to the custom login modules. [/i]
>
> Thanks in advance.
[Message sent by forum member 'nitkal']
http://forums.java.net/jive/thread.jspa?messageID=469341