You can write and register a custom ApplicationListener, then check for theauthentication failure event... you can do something to update the failed logon attempts, then on subsequent logon attempts you will probably have to check the logon attempts count something like that.
Acegi does not provide something out of the box, mainly because you will need to do something on failed logons... you need to update that user account details... so most of the time you will have a (transactional) service layer for user mgmt.
I did the above ... wrote a listener, and injected my user mgmt service into the listener so I could update the users failed logon attempts... then in the logon process if it goes over the desired threshold I make sure the account disabled flag is set.
Cheers,
Mark
On 1/19/06, [EMAIL PROTECTED] [EMAIL PROTECTED]
wrote:
Iit seems to me or there is no way to set up acegi with an account blocker that is called after a specified number of consecutive failed authentication (not authorization) attemps for the same username?
