This week's book giveaway is in the OCPJP forum. We're giving away four copies of OCA/OCP Java SE 7 Programmer I & II Study Guide and have Kathy Sierra & Bert Bates on-line! See this thread for details.
In a 10.3 environment I have a custom authenticator that is using NameCallback and PasswordCallback to validate against the data stored in a DB. We are now required to record the IP address of the authentication requestor for failed logins but I've not had any luck reliably determining this information.
Our authenticator is implementing javax.security.auth.spi.LoginModule so we can't modify the call to the authenticator.