Need some help or advice.. For Security reasons, We need to do logging for IP,username, etc(AUDIT). We need to log success and failed attempts. We don't want to modify the internal classes(unless it's impossible).
We are using the FORM auth-method, we POST to j_security_check. We have our own custom realm that extends RealmBase. All that works fine. Until we try and report back to the browser why the authentication failed, to many attempts, account expired etc.. So my question is. Since the authentication occurs in the Realm/FormAuthenticator, Has anyone been able to successfully extend this class ( FormAuthenticator ), and implement this kind of concept? I have found some examples online, but I have not been able to make them work. thanks...
