I have a JDBCRealm setup in glasfish 3.1 with oracle11. My web app authentication works fine, but now I'd like to be able to react if someone fails to login 3 times in a row. Looking at my server log I can see that every time the login fails an exception is logged :
WARNING: WEB9102: Web Login Failed:
com.sun.enterprise.security.auth.login.common.LoginException:
Login failed: Security Exception
Do you guys know any way of catching it programmatically in my java code? I tried googling it, but to no avail.
Or maybe you know a better solution altogether? Please share.
Thanks, Damo
UPDATE: I need to re-phrase the question (or explain the situation properly). Every time authentication fails I want to log it in my database. To do that I need the username, timestamp, etc. Every time authentication fails the system will check failures count and if it's more than 3 it will lock the user's account. So, I could do it in my loginerror.jsp, but I need the username. Can't find it anywhere :). So far I experimented with a filter, but it appears that you can't filter on j_security_check url-patter (at least not in glassfish 3.1). So really, the main issue here is getting the username of the person that failed the login passed to loginerror.jsp (in any form: attribute, parameter, whatever). Will go and experiment with some java script and form submission.. hehe. Thanks.
You can only catch it if you take the login in your hands. Instead of submitting the form to j_security_check, you need to submit to a servlet which uses HttpServletRequest#login().
try {
request.login(username, password);
} catch (ServletException e) {
// Handle.
}