Store the count in the session using appropriate name .... Once that is above the limit then write the code to lock it ... .
One suggestion though ..... All business logic code in single action.... That is not a good design ... Cant you make your business objects more layered ? Regards Guru -----Original Message----- From: Srinivasula Reddy A , Bangalore [mailto:[EMAIL PROTECTED] Sent: 05 June 2007 10:17 To: Struts Users Mailing List Subject: How To Lock User Account If he Failed to give Correct Password in three attempts Hi Struts User Community, Here I am sending my login action code (part only) and My DAO Code. Now I have to lock the user if he failed to enter correct user name and password in three attempts. How can I implement this in struts? Please help me with some sample code or rough idea? String username = ((LoginForm) form).getUsername(); String password = ((LoginForm) form).getPassword(); String newPassword = com.dfs.common.helper.PasswordService.getInstance().encrypt(password); AccessControlDAO accessDAO = new AccessControlDAO(); UserTo userDTO = accessDAO.getUser(username, newPassword); if(userDTO==null){ throw new LoginFailedException("LoginFailedException"); } public UserTo getUser(String username, String password)throws BaseAppException{ DBConnection ora = DBConnection.getInstance(); Connection conn = ora.createConnection(); PreparedStatement stmt = null; ResultSet rs = null; UserTo userDTO = null; Query = "select * from SYSTEM_USER where SERVICE_NO=? and PASSWORD=?"; if (conn != null) { try{ stmt = conn.prepareStatement(Query); stmt.setString(1, username); stmt.setString(2, password); rs = stmt.executeQuery(); while(rs.next()){ userDTO = new UserTo(); userDTO.setServiceNo(rs.getString("SERVICE_NO")); userDTO.setEmpName(rs.getString("EMP_NAME")); } } catch (SQLException sqle) { throw new BaseDBException("BaseDBException"); } finally { try{ ora.closeConnection(conn); stmt.close(); rs.close(); }catch(SQLException e){ throw new BaseDBException("BaseDBException"); } } }else{ throw new BaseDBException("BaseDBException"); } return userDTO; } Regards, Sreenivasula Reddy A. DISCLAIMER: ------------------------------------------------------------------------ ----------------------------------------------- The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. It shall not attach any liability on the originator or HCL or its affiliates. Any views or opinions presented in this email are solely those of the author and may not necessarily reflect the opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of the author of this e-mail is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any mail and attachments please check them for viruses and defect. ------------------------------------------------------------------------ ----------------------------------------------- --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]