hi I have a j2ee application using Spring webflow and Spring Security. I want to implement an account lockout such that after three times of password failure the account wil be locked. How do I implement this.
+1
A:
Can you use an AuthenticationFailureHandler? This approach was suggested in the Acegi FAQ (see Common Problem #3).
John
2010-01-26 07:07:02
I registered a bean implementing the application handler and checking for an instance of AuthenticationFailureHandler
cedric
2010-01-27 06:10:15
+1
A:
That behavior belongs to the underline authentication provider. If you are using LDAP there is a Password Policy, the LdapAuthenticationProvider will throw an exception if the account is blocked.
If your current AuthenticationProvider doesn't have this functionality then subclass it.
rodrigoap
2010-01-26 15:30:56
+1
A:
Did you figure this out? If not, please refer to my article at: http://www.harinair.com/2010/02/spring-acegi-security-account-lockout/
Hari Gangadharan
2010-02-28 07:33:11