> Why doesn't check GET request?
It's probably more of an optimization than anything else.
> Its allows force brute attacks using URLs
> like this:
>
> http://www.casserver.com/cas/login?username=MYUSER&password=MYPASSWORD<=LT-8-ccvtXiggP3G3NifIJcZDaXec2kNCQq&execution=e3s1&_eventId=submit&submit
Hi,
I'm using successfully throttling login attempts with
"InspektrThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter"
in CAS 3.5.
I have seen its only checks GET requests:
public abstract class AbstractThrottledSubmissionHandlerInterceptorAdapter
...{
...
public final bo