Hello, I didn't get a response to this question on tomcat-user so I'll give it a try here. Sorry, I write you as a last resort. Apparently, nobody know about this.
How I can guess login and password strings of an user, from error page (JSP) using "Form Based Authentication of Tomcat"? I need know it to lock the count each 3 error tries (if login is ok but password is bad, insteed). Methods 'getRemoteUser', 'isUserInRole' and 'getUserPrincipal' of HttpServletRequest interface have this result: If no user has been authenticated, returns null, false and null respectly. For this reason, they aren't utils for me. If I donīt know login what user writed, I can't lock his/her count. Exist solution for this? Thanks -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
