On 05-May-2011, at 12:43 PM, forums_at_java.net wrote:
> I'm building a Web application that would go live soon. I want to use a
> JDBC Realm and the default glassfish j_security_check to authenticate my
> users. however It seems pretty simple to me. I want to be able to prevent
> brute force attacks on my site. so far, putting in the wrong user name and
> password multiple times doesn't seem to cause any kind of red flag to be
> raised.
>
Sorry, Glassfish JDBC Realm does not have password retry limits/Account-lockout. You will have to write some custom code.
> I understand that the other option will be to create custom login modules and
> callback handlers etc. but I would really like to keep things as simple as
> possible.I would appreciate if anyone can tell me the various security
> features that glassfish offers.
>
> Thanks
>
>
> --
>
> [Message sent by forum member 'greenkode']
>
> View Post: http://forums.java.net/node/798494
>
>