|
Sort Order:
We need to inject an ApplicationEventPublisher into ProviderManager that will process the AuthenticationFailurePasswordEvent as said before. Actually seems that it's not AuthenticationFailurePasswordEvent but AuthenticationFailureBadCredentialsEvent. There's a long list of possible events that inherit from AbstractAuthenticationFailureEvent, http://acegisecurity.org/multiproject/acegi-security/apidocs/org/acegisecurity/event/authentication/AbstractAuthenticationFailureEvent.html Work has been completed on this. Applied patch from Joakim |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Sub-task
Closed
Major
From http://acegisecurity.org/faq.html
Common Problem #3: How do I disable a user after a number of failed logins?
A common user requirement is to disable / lock an account after a number of failed login attempts. Acegi itself does not provide anything "out of the box", however in your application you can implement and register an org.springframework.context.ApplicationListener. Inside your application event listener you can then check for an instanceof the particular AuthenticationFailureEvent and then call your application user management interface to update the user details.
For example:
public void onApplicationEvent(ApplicationEvent event) {
// check failed event
if(event instanceof AuthenticationFailurePasswordEvent){ // call user management interface to increment failed login attempts, etc. . . . }
}