Ok, I've picked up Chris's patch and was able to cobble together something. Is there any guidance as to how a web app can subscribe to something like this? I was thinking a singleton class with a register/unregister, but I'm not sure how the tc community feels about singletons. It could also cause some issues with webapps unloading and causing classloader leaks. It would probably be better to have a registration hook somewhere in catalina servlet land. Basically a webapp can cast the servlet context to a tomcat class then register it's own listener. Standard context perhaps?
On Sat, Aug 18, 2018 at 9:58 AM, Alex O'Ree <alexo...@apache.org> wrote: > after looking at the code, it's not a simple 1 liner and would require a > number of api changes. I was able to get it working, but it is a large > change set. Anyone that extends or builds a custom one of these: > -Realm > -AuthenticatorBase > requires some changes. They are quick to make but it's a large impact. I'm > not sure how this community feels about API changes and backwards > compatibility. > > For the PR, do you all have a branch naming strategy? > > On Sat, Aug 18, 2018 at 8:20 AM, Alex O'Ree <spyhunte...@gmail.com> wrote: > >> Cool beans. I can do a PR if there's interest. >> >> On Sat, Aug 18, 2018 at 7:59 AM, Christopher Schultz < >> ch...@christopherschultz.net> wrote: >> >>> Mark and Alex, >>> >>> > On Aug 18, 2018, at 05:46, Mark Thomas <ma...@apache.org> wrote: >>> > >>> >> On 18/08/18 10:36, Olaf Kock wrote: >>> >> >>> >>> On 18.08.2018 03:58, Alex O'Ree wrote: >>> >>> Is it possible to configure the user lockout realm to log what ip >>> address >>> >>> the failed login attempt came from? I know the information needed >>> will >>> >>> also >>> >>> be in the access log but added it to the "attempt to login from a >>> locked >>> >>> account" message would be super helpful. Would it be more advisable >>> to >>> >>> extend the existing lockout realm and modify the log statements >>> myself? >>> >> Looking at the source here: >>> >> https://github.com/apache/tomcat/blob/trunk/java/org/apache/ >>> catalina/realm/LockOutRealm.java#L216 >>> >> and here: >>> >> https://github.com/apache/tomcat/blob/trunk/java/org/apache/ >>> catalina/realm/LocalStrings.properties#L91, >>> >> you can't configure it. But the realm is simple and you can roll your >>> own. >>> >> >>> >> Is it advisable? If you want that information in this log message: It >>> >> might be your only option. You'll have to decide how intensely you'd >>> >> like to have it. >>> > >>> > You need this too: >>> > https://bz.apache.org/bugzilla/show_bug.cgi?id=59750 >>> >>> I still fully intend to flesh this out. >>> >>> Gotta finish a big project at $work first though. >>> >>> -chris >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >>> >> >
