User lockout is a complex thing. A simpler approach might be to just add a
one second wait for each consecutive failed login attempt. That would stop
any dictionary attack. I agree that it is important that Glassfish is
equipped with something of this sort out-of-the-box.
--
[Message sent by forum member 'tmpsa']
View Post: http://forums.java.net/node/703075