I found this tonight. It looks promising. http://sourceforge.net/projects/lockout-realm It appears he has the HttpServletRequest object available and that means you can do a getRemoteAddr(). So, I haven't played with it, but... Scott
________________________________ From: Kevin Jackson [mailto:[EMAIL PROTECTED] Sent: Mon 10/29/2007 10:03 PM To: Tomcat Users List Subject: Re: Tracking Authentication rejects in Tomcat 5.5 Hi, > Does anyone have a suggestion? Does the general approach seem > reasonable? We have similar requirements, but at the moment we are using a subclass of JDBCRealm, here is our authenticate method: @Override public Principal authenticate(Connection connection, String userName, String credentials) { LoginInfo loginInfoData = new LoginInfo( userName, credentials ); loginInfo.set( loginInfoData ); try{ if( getCaseInsensitiveLogin() ) userName = userName.toUpperCase(); Principal principal = super.authenticate( connection, userName, credentials ); // if login failed if( principal == null ) recordFailureLogon( connection, userName, credentials ); else recordSuccessfulLogon( connection, userName ); return principal; }catch(SQLException e){ e.printStackTrace(); return null; } } where recordFailureLogin has the following signature: protected void recordFailureLogon(Connection connection, String userName, String credentials) throws SQLException If you find a way of recording the remote IP address I'd love to hear how you did it Thanks, Kev --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
