[cas-dev] Limit the number of times a user can try to login?
Scott Battaglia
scott.battaglia at gmail.com
Fri May 18 14:30:32 EDT 2007
Oscar,
We haven't implemented anything by user, but we have example code by IP
address:
http://developer.ja-sig.org/source/browse/jasigsvn/cas3/trunk/cas-server-core/src/main/java/org/jasig/cas/web/support/ThrottledSubmissionByIpAddressHandlerInterceptorAdapter.java?r=39690
This hasn't been thoroughly tested in production but should work as a good
example of what you may need to do this for username.
-Scott
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
On 5/17/07, Oscar Shen <senseyoung at gmail.com> wrote:
>
> Does CAS provide any mechanism to avoid user using brutal force method to
> login? Like if a user enter 5 wrong password within 10 minutes, he is
> suspended to access for 30 min ?
>
> Oscar Shen
> BCIT
>
> _______________________________________________
> cas-dev mailing list
> cas-dev at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20070518/db2a1c34/attachment.html
More information about the cas-dev
mailing list