Good Afternoon, I am up and running with Shiro (Spring Web App using the Vaadin framework), so all is good. Thank you all for the effort.
So on to my question! Basically I want to lock a User in my Application if they have tried to sign on a number of times and keep getting the password wrong. I notice there is a ExcessiveAttemptsException class and the javadoc says: Thrown when a system is configured to only allow a certain number of authentication attempts over a period of time and the current session has failed to authenticate successfully within that number. So that sounds like what I want to catch and handle (in my case the handling would update a field on a User database row to indicate the Users login was now disabled). But where is this Excessive Attempts configured - or is this an exception I would have to build and throw? If so how would I know how many times the Subject\User tried to logon? Anyway - hopefully this question isn't too stupid! Cheers Mat -- View this message in context: http://n2.nabble.com/ExcessiveAttemptsException-How-to-configure-tp4534742p4534742.html Sent from the Shiro User mailing list archive at Nabble.com.
