File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes JSP and the fly likes How to create n-second delay in .jsp ? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "How to create n-second delay in .jsp ? " Watch "How to create n-second delay in .jsp ? " New topic

How to create n-second delay in .jsp ?

John Sisco

Joined: Nov 22, 2004
Posts: 8
Hello all,

I have a .jsp login page for my application and want to create n-second delay if the entered username/password is incorrect in order to make bruteforcing/hammering more difficult. How can this be done ?

And generally speaking about web application security; is it the right approarch to handle user authentications via sessions or is there any security issues there ? Meaning that, when user logs in, a session is created and this session is checked in every .jsp page. And if it's not valid, user is forwarded back to login-page.

Thanks for help.

- John
Bear Bibeault
Author and ninkuma

Joined: Jan 10, 2002
Posts: 63837

Creating a delay in the request/response cycle is a poor idea. Rather, handle this on the server end by keeping track of failed logins and ignoring repeated requests for the same login name.

Using sessions is a good way to keep track of authenticated logins. But checking on each JSP page is not. I'd either check it in the servlet controller for the page (you are using a Model 2 architecture, right?) or better yet, institute a servlet filter that does this checking for you.

[Asking smart questions] [About Bear] [Books by Bear]
I agree. Here's the link:
subject: How to create n-second delay in .jsp ?
It's not a secret anymore!