I am confused with the functioning of LockOutRealms in Tomcat. My questions are as follows-:
1. Say user at IP 10.10.10.1 has reached the maximum number of invalid login attempts and is locked out. Now say a user from 10.10.10.2 attempts to login, will Tomcat stop him too since he is trying to login for the first time ? If not then how does Tomcat keep track of users that are locked out ? Via there IP's ? 2. When a user is locked out what message is displayed ? Can I display a custom HTML page when a user has been locked out ? In other words how much control do I have over the lock out process and what error messages are shown ?
