Hey all,
I have been scouring the web and haven't found a satisfactory solution to this problem. I am using form-based security with a
JDBC Realm in
Tomcat, and I want to detect failed login attempts so that I can lock accounts after X failed logins.
The usual suggestion is to create a custom Realm to do this...but I am having trouble finding the JDBCRealm class...what jar file is this located in?
My application uses
Struts, and a failed login attempt redirects to an Action class where I want to do the failed attempt logging. I was considering using some javascript to set a second variable in the request with the same value as the j_username when the user clicks submit. Would this work? Could I then access this variable in the Action class?
I find it very irritating that there is not a simple way to find out who tried to log in, as I feel like this is a behavior that a lot of applications would want.
Any help or suggestions would be much appreciated!
- Chris