Hi,
A while ago I created
https://java.net/jira/browse/JASPIC_SPEC-21
(Support for events). The idea there is that the authentication system
throws several events at various stages of the authentication process.
Via this basic and general mechanism a lot of higher level features
could be realized by applications, such as keeping track of logged-in
users, protecting against brute force attacks, increasing the session
time-out after a user logs in and more.
Now there are quite a number of areas of the Java EE security system
that could use attention and some of that has been discussed before,
but I don't think this relatively simple but powerful mechanism has
seen much discussion yet.
Therefore I was wondering what people think about this.
Kind regards,
Arjan Tijms
p.s.
Since there's no Security JSR yet (and thus no associated mailing
list) I posted this to the Java EE user's list, which I hope is the
next best place to discuss this.